乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-26: 细节已通知厂商并且等待厂商处理中 2015-10-26: 厂商已经确认,细节仅向厂商公开 2015-11-05: 细节向核心白帽子及相关领域专家公开 2015-11-15: 细节向普通白帽子公开 2015-11-25: 细节向实习白帽子公开 2015-12-10: 细节向公众公开
中石化APP之SQL注入
哎,由于编辑时Session失效,第一个注入漏洞变成雷锋了,还是继续检测吧……目标:中石化车e族APP检测发现以下地方存在注入:(POST中的date,布尔盲注)
POST /api/car/AddRecord HTTP/1.1Content-Length: 297Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://e.o2obest.cn/api/car/AddRecordCookie: ff911a88cc5c46ac9185aa1e2d241864%3D82f2ba74b46e3ae60ec55fac85f4d775d00f6e07a%3A4%3A%7Bi%3A0%3Bs%3A11%3A%2218000000000%22%3Bi%3A1%3Bs%3A11%3A%2218000000000%22%3Bi%3A2%3Bi%3A2592000%3Bi%3A3%3Ba%3A3%3A%7Bs%3A2%3A%22id%22%3Bs%3A6%3A%22689472%22%3Bs%3A4%3A%22name%22%3Bs%3A19%3A%22cy_1445582464_20034%22%3Bs%3A4%3A%22user%22%3Ba%3A17%3A%7Bs%3A6%3A%22userId%22%3Bs%3A6%3A%22689472%22%3Bs%3A4%3A%22name%22%3Bs%3A19%3A%22cy_1445582464_20034%22%3Bs%3A3%3A%22pwd%22%3Bs%3A32%3A%226267df2c218b8439a7b72d038833fd65%22%3Bs%3A3%3A%22mob%22%3Bs%3A11%3A%2218002512025%22%3Bs%3A5%3A%22alias%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22imgKey%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22status%22%3Bs%3A1%3A%220%22%3Bs%3A7%3A%22addTime%22%3Bs%3A19%3A%222015-10-23%2B14%3A41%3A04%22%3Bs%3A7%3A%22modTime%22%3Bs%3A19%3A%222015-10-23%2B14%3A41%3A04%22%3Bs%3A5%3A%22email%22%3Bs%3A29%3A%22cy_1445582464_20034%40huaat.net%22%3Bs%3A9%3A%22loginTime%22%3Bs%3A19%3A%222015-10-23%2B14%3A41%3A05%22%3Bs%3A4%3A%22type%22%3Bs%3A1%3A%220%22%3Bs%3A9%3A%22companyId%22%3Bs%3A1%3A%220%22%3Bs%3A6%3A%22client%22%3Bs%3A1%3A%220%22%3Bs%3A11%3A%22deviceToken%22%3Bs%3A0%3A%22%22%3Bs%3A10%3A%22modPwdTime%22%3Bs%3A19%3A%220000-00-00%2B00%3A00%3A00%22%3Bs%3A4%3A%22role%22%3Bs%3A1%3A%220%22%3B%7D%7D%7D%3B%20USERSESSID%3D1c77bb9dddde1a94319042e526b25b27Host: e.o2obest.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*ajax=1&companyKey=874d8c821358a5e26f2524b10f43a292&date=2015-10-23&fee=232322&https=0&LastRecord=1&oiltankEmptyStastus=1&oiltankFullStatus=1&price=2&road=23&volume=116161.00
这是布尔型,比第一个时间盲注快多了~~放SQLMap中:1、证明截图
2、当前用户:
3、遍历了下,共9个库
4、我们不妨来看下server_shuchuang这个库吧,共395个表,就不一一跑了,只跑前几个
请多指教~
危害等级:高
漏洞Rank:13
确认时间:2015-10-26 17:48
谢谢!我们将尽快修改。
暂无