乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2012-06-22: 细节已通知厂商并且等待厂商处理中 2012-06-22: 厂商已经确认,细节仅向厂商公开 2012-07-02: 细节向核心白帽子及相关领域专家公开 2012-07-12: 细节向普通白帽子公开 2012-07-22: 细节向实习白帽子公开 2012-08-06: 细节向公众公开
07073游戏网SQL注射漏洞,刚才看到有人发了2个。顺便看看。打开2个页面都是注入。囧。希望不要撞洞了。
http://fahao.07073.com/?action=subscribeinfo&id=46'
Time: 2012-6-21 4:29pm Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' limit 0,1' at line 1 Errno: 1064 Script: /index.php Sql: select * from `bbs073`.`uchome_gift_advance` where id=46\' limit 0,1 [0129] Code:Object(Db_MysqlClass)->Function(errorlog); file:/www/wwwroot/fahao2.07073.com/lib/db/mysqlclass.php[0141] Code:Object(Db_MysqlClass)->Function(query); file:/www/wwwroot/fahao2.07073.com/lib/db/mysqlclass.php[1788] Code:Object(Db_MysqlClass)->Function(get_one); file:/www/wwwroot/fahao2.07073.com/app/controller/index.php[0090] Code:Object(Controller_Index)->Function(actionsubscribeinfo); file:/www/wwwroot/fahao2.07073.com/lib/dispatcher.php[0057] Code:Object(dispatcher)->Function(call); file:/www/wwwroot/fahao2.07073.com/lib/dispatcher.php[0024] Code:Object(dispatcher)->Function(run); file:/www/wwwroot/fahao2.07073.com/www/index.phpMySQL Query Sql Error
http://sj.07073.com/?m=news&id=264'
Time: 2012-6-21 4:32pm Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' limit 0,1' at line 1 Errno: 1064 Script: /index.php MySQL Query Sql Error
你们更专业
危害等级:中
漏洞Rank:8
确认时间:2012-06-22 01:26
感谢,牛人找到这个漏洞,我们正在修复。谢谢! 给你8Rank
暂无