乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-05-12: 细节已通知厂商并且等待厂商处理中 2014-05-14: 厂商已经主动忽略漏洞,细节向公众公开
RT
SQL注入:
http://ccidstudy.ccidnet.com/?mod=Bookshow&id=72
ID参数过滤不严带入查询。
+-----------------------+| dede_addonarticle || dede_addonimages || dede_addoninfos || dede_addonshop || dede_addonsoft || dede_addonspec || dede_admin || dede_admintype || dede_advancedsearch || dede_arcatt || dede_arccache || dede_archives || dede_arcmulti || dede_arcrank || dede_arctiny || dede_arctype || dede_area || dede_channeltype || dede_co_htmls || dede_co_mediaurls || dede_co_note || dede_co_onepage || dede_co_urls || dede_diyforms || dede_dl_log || dede_downloads || dede_feedback || dede_flink || dede_freelist || dede_homepageset || dede_keywords || dede_log || dede_member || dede_member_company || dede_member_feed || dede_member_flink || dede_member_friends || dede_member_group || dede_member_guestbook || dede_member_model || dede_member_msg || dede_member_operation || dede_member_person || dede_member_pms || dede_member_snsmsg || dede_member_space || dede_member_stow || dede_member_stowtype || dede_member_tj || dede_member_type || dede_member_vhistory || dede_moneycard_record || dede_moneycard_type || dede_mtypes || dede_multiserv_config || dede_myad || dede_mytag || dede_payment || dede_plus || dede_purview || dede_pwd_tmp || dede_ratings || dede_scores || dede_search_cache || dede_search_keywords || dede_sgpage || dede_shops_delivery || dede_shops_orders || dede_shops_products || dede_shops_userinfo || dede_softconfig || dede_sphinx || dede_stepselect || dede_sys_enum || dede_sys_module || dede_sys_set || dede_sys_task || dede_sysconfig || dede_tagindex || dede_taglist || dede_uploads || dede_verifies || dede_vote || dede_vote_member || el_admins || el_alipay || el_application || el_article || el_book_video || el_bookcategory || el_bookinfo || el_bookshop || el_card || el_cart || el_cart_temp || el_company || el_discuss || el_feedback || el_friends || el_join || el_lecturer || el_mylearning || el_mystore || el_order || el_order_content || el_pms || el_remark || el_remark_reply || el_studycard || el_studycard_log || el_studycard_order || el_type || el_user || el_visitors || el_work || el_work1 || el_work_content || el_work_content1 || el_work_statistics || el_work_type || el_work_type1 || el_work_type_bak0608 || tmp_user |+-----------------------+
过滤
危害等级:无影响厂商忽略
忽略时间:2014-05-14 19:16
感谢您的发现,该系统已经关闭并停止服务。
暂无