漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2011-02138
漏洞标题:腾讯CAIPIAO频道菠菜娃娃注射点
相关厂商:菠菜娃娃
漏洞作者: 北洋贱队
提交时间:2011-05-18 17:21
修复时间:2011-05-18 19:18
公开时间:2011-05-18 19:18
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:10
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2011-05-18: 积极联系厂商并且等待厂商认领中,细节不对外公开
2011-05-18: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
就一注射,看大牛们能不能拿到权限
详细说明:
uid|username|password
1|菠菜娃娃|a66f65a070dc6524214e29f5370504b2
2|多来米|676bf872f220343debe927a39ab17387
3|老猫猫|d0559db6c5bd26a41927d1c81c6ee289
4|雷神之锤|e10adc3949ba59abbe56e057f20f883e
5|足球投资者|17cdb835545be96b83db88a4110969fe
6|足彩徐|e67ae3740523bdb2a3b69ce14a336db5
7|天网|17cdb835545be96b83db88a4110969fe
8|足彩徐2009|aaa42296669b958c3cee6c0475c8093e
9|怀特|d92513588384e6f9a6df54e8faa48722
10|hunter|e91b3891b28347cfbb26d9cea03844c5
777|张潇予|2a873609fb82a38e5ba86e76a151d227
950|19194913|c15e056ecee3a4549113a629273af735
11|meizibai|eb6689371bc165a75a44e0dd1743cfb0
13|非非888|db083c13dfdbce7fbb87b87b8088cf86
14|TurboS|d8339c357c0655941695f68f9fc81352
12|小竹猪|de3f0b18073e23bc3d41e420f5a5e2b9
100|敬谢八方|b935acac5d84cd3395b14777ce2db3a6
16|lena|06373bc37033a65ad7a2b2a7a55afe95
429|人未鱼|a43d41a27f88e9fffeb277208e633c10
17|舍得|d0559db6c5bd26a41927d1c81c6ee289
15|多多洛|077b8c3f8769006aa0071960e3c8e7fb
18|welsun|7bae02ded68d719f99ae7200c1d6d4f7
275|河米|f996b973530e1288c95a85890f5b6145
19|安琪儿|43974b0a6277f87b168a4e45063f9e33
458|温故而知新|7fab2ece293a0584381347bd708abe5c
20|天天好心情|e67ae3740523bdb2a3b69ce14a336db5
23|清平小乐|3d24b838770ee90773804e8599e549ff
21|candy39|141820d80e12bc0740a789479c4abac9
22|老猫猫足彩徐|5b9985e51a2aba9a8ebb673013d71471
940|ddf|980ac217c6b51e7dc41040bec1edfec8
26|2009y|141820d80e12bc0740a789479c4abac9
976|911211411|132afd1416b13fe362dd4a5832145758
25|风波恶|141820d80e12bc0740a789479c4abac9
24|足彩猎人|24e2801a8d27abd010303a15e6439282
27|巴萨球迷|141820d80e12bc0740a789479c4abac9
970|xiaojing|22f73529003e8575fa5c1542ce00a152
28|红旗手|596b97011876d349890670ac69f1743e
29|andyls|141820d80e12bc0740a789479c4abac9
31|1340725|141820d80e12bc0740a789479c4abac9
32|大青牛|141820d80e12bc0740a789479c4abac9
33|零下一度|141820d80e12bc0740a789479c4abac9
34|枣核|14a7a4ae245396956e77eb8feb812295
30|铁拐李|141820d80e12bc0740a789479c4abac9
36|皇后大道东|141820d80e12bc0740a789479c4abac9
35|火锅不要|141820d80e12bc0740a789479c4abac9
38|尼米兹|0f14f1cd9fb89c1fe4d1ee9dff5afee5
44|凡柔|e67ae3740523bdb2a3b69ce14a336db5
40|胡佛|62545caa793bfc22449c5a95d8cf62a5
459|贾君鹏|b935acac5d84cd3395b14777ce2db3a6
41|财神到|e67ae3740523bdb2a3b69ce14a336db5
39|精确制导|83a944f38dbd6b5d2aaea3fd1b1a6d34
37|煤炭工人|02c66e4fab520961e864328efbd0941d
46|金山银山|e67ae3740523bdb2a3b69ce14a336db5
45|火林金树|e67ae3740523bdb2a3b69ce14a336db5
42|娃哈哈|e67ae3740523bdb2a3b69ce14a336db5
43|美猴王|e67ae3740523bdb2a3b69ce14a336db5
952|xoy33|14f1e59bf3153221e73ad5c6c5f808ab
47|借东风|e67ae3740523bdb2a3b69ce14a336db5
48|一夜暴富|e67ae3740523bdb2a3b69ce14a336db5
50|ling|db742ec4ed07872be00e697ff349aabb
52|小熊|93279e3308bdbbeed946fc965017f67a
49|168168|e67ae3740523bdb2a3b69ce14a336db5
51|小曾|93279e3308bdbbeed946fc965017f67a
58|lot|93279e3308bdbbeed946fc965017f67a
94|冷的发抖|b935acac5d84cd3395b14777ce2db3a6
漏洞证明:
修复方案:
暂无修复意见
版权声明:转载请注明来源 北洋贱队@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:5 (WooYun评价)