当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0125945

漏洞标题:求图网伪静态注入50多个数据库泄露

相关厂商:QT网

漏洞作者: 开心一下1313

提交时间:2015-07-12 20:26

修复时间:2015-08-26 20:28

公开时间:2015-08-26 20:28

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-12: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-08-26: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

rt

详细说明:

求图网伪静态注入:http://www.qt263.cn/index.php/Article/show/id/3485.html

1.png


57个数据库......
available databases [57]:
[*] `110110`
[*] `126shopping`
[*] `20120405sql`
[*] `209120329sql`
[*] `316`
[*] `4321w`
[*] `4321wcom`
[*] `4399wy`
[*] `576rc`
[*] `800`
[*] bianmu
[*] btc
[*] ceshi
[*] cf
[*] deyi163
[*] fc
[*] fzl
[*] fzlpic
[*] fzlpic1
[*] fzppic
[*] information_schema
[*] jf_qt263
[*] jianfei8
[*] keai_sql
[*] meinv
[*] minzhubbs
[*] mm4321w
[*] mysql
[*] performance_schema
[*] ps
[*] ps2
[*] ps3
[*] pssql
[*] qianqian6
[*] qiutu
[*] qq1
[*] qq2
[*] qq3
[*] qqcar
[*] qqcar1
[*] qqcar3
[*] qqcar4
[*] qqcar5
[*] qqmcqt263
[*] qqmokuai
[*] qt128cn
[*] qt128comcn
[*] qt263bbs
[*] qt363
[*] qtpfuns
[*] shareimg
[*] sq_test208
[*] test
[*] webqt263
[*] weimei
[*] wwwcf
[*] wy23701
很多网站都是将数据放在这上面,多个网站遭殃。

2.png


等等......

漏洞证明:

1.png


57个数据库......
available databases [57]:
[*] `110110`
[*] `126shopping`
[*] `20120405sql`
[*] `209120329sql`
[*] `316`
[*] `4321w`
[*] `4321wcom`
[*] `4399wy`
[*] `576rc`
[*] `800`
[*] bianmu
[*] btc
[*] ceshi
[*] cf
[*] deyi163
[*] fc
[*] fzl
[*] fzlpic
[*] fzlpic1
[*] fzppic
[*] information_schema
[*] jf_qt263
[*] jianfei8
[*] keai_sql
[*] meinv
[*] minzhubbs
[*] mm4321w
[*] mysql
[*] performance_schema
[*] ps
[*] ps2
[*] ps3
[*] pssql
[*] qianqian6
[*] qiutu
[*] qq1
[*] qq2
[*] qq3
[*] qqcar
[*] qqcar1
[*] qqcar3
[*] qqcar4
[*] qqcar5
[*] qqmcqt263
[*] qqmokuai
[*] qt128cn
[*] qt128comcn
[*] qt263bbs
[*] qt363
[*] qtpfuns
[*] shareimg
[*] sq_test208
[*] test
[*] webqt263
[*] weimei
[*] wwwcf
[*] wy23701

修复方案:

过滤

版权声明:转载请注明来源 开心一下1313@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论