乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-06: 细节已通知厂商并且等待厂商处理中 2016-04-11: 厂商已经主动忽略漏洞,细节向公众公开
最近喜欢上了打篮球,想买一双篮球鞋的。然后顺带测试下
http://info.peaksport.com/UpdateLog/UpdateList.aspx?UpdateYearMonth=201307
http://info.peaksport.com/UpdateLog/UpdateList.aspx?ModuleID=1<code>http://info.peaksport.com/UpdateLog/UpdateList.aspx?LogID=174
都存在注入
</code>
影响数据。
Database: Peak+----------------------------------------+---------+| Table | Entries |+----------------------------------------+---------+| dbo.Peak_Saleroom_tmp | 3088501 || dbo.Peak_Saleroom_tmp | 3088501 || dbo.Peak_SMS_History | 1165101 || dbo.dnt_posts1 | 309261 || dbo.Peak_ShopRelations | 261382 || dbo.BI_Shop | 103959 || dbo.temp | 31037 || dbo.VW_Shop | 29157 || dbo.Peak_BI_LiJin | 20772 || dbo.dnt_myposts | 20142 || dbo.dnt_posts2 | 18466 || dbo.Peak_Picture | 17651 || dbo.Peak_Product_Picture | 17651 || dbo.VW_QD_Shop | 16974 || dbo.vw_EAS_LJ_SHOP | 16291 || dbo.TMP150 | 15303 || dbo.Peak_BI_QuDao | 14930 || dbo.TMP159 | 14758 || dbo.dnt_topics | 12519 || dbo.TMP158 | 12401 || dbo.TMP135 | 11780 || dbo.dnt_attachments | 9370 || dbo.TMP187 | 9179 || dbo.TMP151 | 8482 || dbo.VW_ShopRelations | 8468 || dbo.Peak_BI_EAS | 8385 || dbo.TMP136 | 7340 || dbo.Peak_Discount | 6708 || dbo.TMP139 | 6355 || dbo.dnt_scheduledevents | 6298 || dbo.Peak_UserRole | 5776 || dbo.TMP137 | 5481 || dbo.dnt_userfields | 5120 || dbo.dnt_users | 5120 || dbo.dnt_pms | 4826 || dbo.TMP188 | 4807 || dbo.TMP182 | 4373 || dbo.Peak_CorrivalShop | 4173 || dbo.TMP138 | 3277 || dbo.Peak_User | 2692 || dbo.Peak_City | 2556 || dbo.dnt_statvars | 1521 || dbo.dnt_mytopics | 1253 || dbo.dnt_myattachments | 1009 || dbo.dnt_words | 690 || dbo.dnt_trendstat | 669 || dbo.dnt_onlinetime | 506 || dbo.Peak_SaleQuotiety | 498 || dbo.Peak_RolePermission | 496 || dbo.Peak_RolePermission | 496 || dbo.Peak_Customers | 365 || dbo.T_lijintemp | 324 || dbo.dnt_creditslog | 224 || dbo.sys_RolePermission | 220 || dbo.dnt_adminvisitlog | 210 || dbo.Peak_UpdateLog_ModuleList | 197 || dbo.Peak_UpdateLog_ModuleList | 197 || dbo.Peak_UpdateLog_ModuleList | 197 || dbo.Peak_ReceiptMessage | 187 || dbo.dnt_moderatormanagelog | 118 || dbo.Peak_EasAgent_temp | 112 || dbo.dnt_stats | 103 || dbo.dnt_medalslog | 102 || dbo.dnt_medalslog | 102 || dbo.Peak_SendMessage | 100 || dbo.Peak_EasAgent_his | 90 || dbo.Peak_EasAgent_his | 90 || dbo.dnt_smilies | 88 || dbo.Peak_Agent | 87 || dbo.VW_WareHouseAgent | 85 || dbo.Peak_PositionOrOrgExplainsHis | 81 || dbo.Peak_Shop | 70 || dbo.Peak_Menu | 64 || dbo.dnt_topictags | 58 || dbo.dnt_tags | 52 || dbo.Peak_Module | 52 || dbo.Peak_Bidding_Material_Detail | 48 || dbo.Peak_Bidding_Material_Detail | 48 || dbo.Peak_PositionOrOrgExplainsEntryHis | 44 || dbo.Peak_PositionOrOrgExplainsEntryHis | 44 || dbo.Peak_PositionOrOrgExplainsEntryHis | 44 || dbo.dnt_polloptions | 32 || dbo.dnt_favorites | 30 || dbo.dnt_help | 29 || dbo.dnt_paymentlog | 28 || dbo.Peak_Map | 27 || dbo.dnt_forumfields | 26 || dbo.dnt_forums | 26 || dbo.dnt_moderators | 26 || dbo.dnt_topictagcaches | 26 || dbo.WCRTEMP00006 | 24 || dbo.dnt_debatediggs | 23 || dbo.S3_Tmp | 22 || dbo.dnt_postdebatefields | 21 || dbo.Peak_AllowAccessPerson | 18 || dbo.dnt_topicidentify | 17 || dbo.dnt_onlinelist | 16 || dbo.dnt_onlinelist | 16 || dbo.Peak_Bidding_Discuss | 16 || dbo.dnt_usergroups | 15 || dbo.Peak_PayStubNotDisplayItem | 15 || dbo.dnt_spacemoduledefs | 12 || dbo.dnt_spacethemes | 12 || dbo.Peak_Base | 12 || dbo.dnt_photos | 11 || dbo.dnt_polls | 10 || dbo.Peak_LiJinServerDatabase | 10 || dbo.Peak_LiJinServerDatabase | 10 || dbo.Peak_ReceiveMessage | 10 || dbo.dnt_albumcategories | 9 || dbo.Peak_Bidding_Batch | 9 || dbo.dnt_attachtypes | 8 || dbo.Peak_Auction | 7 || dbo.dnt_navs | 6 || dbo.dnt_spacemodules | 6 || dbo.dnt_templates | 6 || dbo.Peak_SendLeadMobile | 6 || dbo.dnt_spacetabs | 5 || dbo.dnt_admingroups | 3 || dbo.dnt_albums | 3 || dbo.dnt_phototags | 3 || dbo.dnt_searchcaches | 3 || dbo.Peak_Leader | 3 || dbo.Peak_Scheduling | 3 || dbo.dnt_bbcodes | 2 || dbo.dnt_spaceconfigs | 2 || dbo.dnt_spaceposts | 2 || dbo.dnt_tablelist | 2 || dbo.D99_Tmp | 1 || dbo.dnt_announcements | 1 || dbo.dnt_attachpaymentlog | 1 || dbo.dnt_debates | 1 || dbo.dnt_forumlinks | 1 || dbo.dnt_postid | 1 || dbo.dnt_statistics | 1 || dbo.Peak_SMS_SendQueue | 1 |+----------------------------------------+---------+
危害等级:无影响厂商忽略
忽略时间:2016-04-11 21:10
漏洞Rank:15 (WooYun评价)
暂无