乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-02-20: 细节已通知厂商并且等待厂商处理中 2013-02-20: 厂商已经确认,细节仅向厂商公开 2013-03-02: 细节向核心白帽子及相关领域专家公开 2013-03-12: 细节向普通白帽子公开 2013-03-22: 细节向实习白帽子公开 2013-04-06: 细节向公众公开
我们都是神枪手,每一个礼物消灭一个漏洞!
怕重复,还专门问了剑心才发的,欢迎新厂商,希望你们重视信息安全!问题一:配置文件错误导致SQL数据库账户密码泄漏,可惜是内网。http://plus.aili.com/1/1/gif.php
问题2:SQL注射,数据好多啊,读数据读了半天啊!注入点:http://plus.aili.com/pk.php?a=list&id=28
不一一列举了,详细信息如下。
Database: newcms[168 tables]+---------------------------+| 7120_eastdata_sp || 7120_eastdata_ty || 7120_eastmedicine_sort || 7120_illnessbase || 7120_illtype || 7120_part || 7120_westdata_sp || 7120_westdata_ty || 7120_westmedicine_sort || Jewelry_arc_image || Jewelry_archives || Jewelry_category || Jewelry_vote_config || admin || admin_arc_upid || admin_count || admin_panel || admin_role || admin_role_cat || admin_role_priv || aili_adsell_brand || aili_adsell_type || aili_member || aili_member_field || aili_member_visit || aili_store || ailimap || album_contents || albums || app_arc_topic || app_archives || app_channel || app_feedback || app_images || app_topic || app_version || arc_channel || arc_column || arc_flag || arc_flag_img || arc_index || arc_recom || arc_topic || archive_count || archive_total || archives || archives_gq || archives_jk || articles || articles_img || articles_play_bak || authors || block || block_art || category_priv || channel_count || channel_total || channels || collection_content || collection_history || collection_node || collection_program || column_count || column_order_relation || column_total || columns || comment_bq || comment_total || comments || comments_topic || crontab || domainip || enterprise || enterprise_case || enterprise_evaluate || enterprise_evaluate_score || enterprise_info || enterprise_level || enterprise_type || exam_form || exam_form_element || exam_student || exam_student_title || exam_title || favorites || flag || friend_link || friend_link_class || haina_test || help || help_type || history_log || homepage || hot_tags || hot_tags_class || images || imgs || index_count || keylist || keywords || log_albums || log_arccreate || log_articles || log_channels || log_columns || log_create || log_images || log_login || log_sys || log_templet_category || log_templets || log_topics || log_votes || mango_field || mango_member || mango_vote_config || menu || message || msnad || navigation || new_vote_main || new_vote_option || new_vote_problem || pctag || pk_cdata || pk_cdata_log || pk_comment || pk_comment_log || pk_tdata || pk_tdata_log || pk_themes || rtss || source || suggest || sys_config || sys_config_group || tags || tags_arc || tags_category || tags_log || tags_relation || tags_upid || tagscate_channel || task || task_log || templet_canedit || templet_category || templets || topic_block || topic_block_style || topic_count || topic_diy_data || topic_diy_tpl || topic_hallowmas_ip || topic_hallowmas_user || topic_history || topic_lab_user || topic_pic || topic_total || topics || tpl_history || tpl_type || vote || vote_comments || vote_count || vote_option || webnav || webnav_class |+---------------------------+
见详细说明。
过滤啊亲,一个礼物消灭一个漏洞?求礼物,求20rank!
危害等级:高
漏洞Rank:20
确认时间:2013-02-20 10:22
感谢小胖子朋友。信息安全对我们来说很重要。
暂无