乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-02: 细节已通知厂商并且等待厂商处理中 2016-01-04: 厂商已经确认,细节仅向厂商公开 2016-01-14: 细节向核心白帽子及相关领域专家公开 2016-01-24: 细节向普通白帽子公开 2016-02-03: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
RT
羅東廣播電台站点地址:
http://**.**.**.**
多处SQL漏洞一、
http://**.**.**.**/news.php?id=44&mode=news_view参数:id
二、
http://**.**.**.**/schedule.php?mode=schedule_list&type=1参数:type
三、
http://**.**.**.**/order.php?id=20&mode=order_post参数id
四、
http://**.**.**.**/search.php?mode=search_list&keyword=2015&type=1&submit.x=10&submit.y=21参数:keyword
五、
http://**.**.**.**/event.php?id=&mode=event_view参数:id
六、
http://**.**.**.**/program.php?mode=program_list&type=5参数:typehttp://**.**.**.**/program.php?id=373&mode=program_view参数:id
七、
http://**.**.**.**/blog/hans58351238/blog.php?id=23&mode=blog_view参数:id
=======================================================数据库信息证明
当前库、用户、DBA和数据库:
web server operating system: Windowsweb application technology: Apache 2.2.11, PHP 5.3.0back-end DBMS: MySQL 5.0current user: 'root@localhost'current database: 'lotung'current user is DBA: Trueavailable databases [5]:[*] information_schema[*] lotung[*] mysql[*] tarman[*] test
28张表:
Database: lotung[28 tables]+-----------------+| about || admins || admins_log || banner || banner_type || blog || blog_news_post || blog_news_type || blog_post || blog_reply || blog_type || contact || counter_log || event || event_type || host || host_type || jukebox || marquee || marquee_type || member || news || news_type || program || program_type || schedule || schedule_type || website_counter |+-----------------+
表admins字段
Database: lotungTable: admins[14 columns]+----------------+--------------+| Column | Type |+----------------+--------------+| admin_account | varchar(120) || admin_blog_id | int(10) || admin_connect | int(10) || admin_email | varchar(120) || admin_id | int(10) || admin_level | varchar(25) || admin_nickname | varchar(250) || admin_password | varchar(120) || admin_photo | varchar(250) || admin_reg_date | datetime || admin_status | int(1) || admin_title | varchar(250) || admin_type | int(5) || admin_update | datetime |+----------------+--------------+
部分数据证明,明文密码
整理一下
可跨库。。。未深入
已证明
过滤
危害等级:高
漏洞Rank:17
确认时间:2016-01-04 13:18
感謝通報
暂无