当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0112118

漏洞标题:婚礼纪配置不当造成全站数据泄露

相关厂商:hunliji.com

漏洞作者: 紫霞仙子

提交时间:2015-05-05 10:09

修复时间:2015-06-19 11:30

公开时间:2015-06-19 11:30

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-05: 细节已通知厂商并且等待厂商处理中
2015-05-05: 厂商已经确认,细节仅向厂商公开
2015-05-15: 细节向核心白帽子及相关领域专家公开
2015-05-25: 细节向普通白帽子公开
2015-06-04: 细节向实习白帽子公开
2015-06-19: 细节向公众公开

简要描述:

涉及到用户数据,就是大问题了。

详细说明:

rsync 服务
42.121.57.176

漏洞证明:

0150505095657.png


导出了2个小时,是不是我机子太慢了,才30%。
导出日志的一部分

-- Server version	5.5.29-0ubuntu0.12.04.1
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Current Database: `test`
--
CREATE DATABASE /*!32312 IF NOT EXISTS*/ `test` /*!40100 DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
USE `test`;
--
-- Table structure for table `t1`
--
DROP TABLE IF EXISTS `t1`;
/*!40101 SET @saved_cs_client     = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `t1` (
  `id` int(11) NOT NULL,
  `name` char(20) COLLATE utf8mb4_bin DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `t1`
--
LOCK TABLES `t1` WRITE;
/*!40000 ALTER TABLE `t1` DISABLE KEYS */;
INSERT INTO `t1` VALUES (1,'xF0x9Fx93x9A');
/*!40000 ALTER TABLE `t1` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Current Database: `wedding`
--
CREATE DATABASE /*!32312 IF NOT EXISTS*/ `wedding` /*!40100 DEFAULT CHARACTER SET utf8 */;
USE `wedding`;
--
-- Table structure for table `bangs`
--
DROP TABLE IF EXISTS `bangs`;
/*!40101 SET @saved_cs_client     = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `bangs` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `ip` varchar(255) DEFAULT NULL,
  `path` varchar(255) DEFAULT NULL,
  `detail` text,
  `created_at` datetime NOT NULL,
  `updated_at` datetime NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=343 DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `bangs`
--
LOCK TABLES `bangs` WRITE;
/*!40000 ALTER TABLE `bangs` DISABLE KEYS */;
INSERT INTO `bangs` VALUES (1,'117.136.30.163','/favorites.json','','2013-12-03 06:12:45','2013-12-03 06:12:45'),(2,'117.136.30.163','/favorites.json','','2013-12-03 06:12:45','2013-12-03 06:12:45'),(3,'117.136.30.163','/products.json','','2013-12-03 06:12:46','2013-12-03 06:12:46'),(4,'221.213.87.107','/opusNext.json','','2013-12-03 06:12:47','2013-12-03 06:12:47'),(5,'60.14.51.3','/dfiles.json','','2013-12-03 06:12:49','2013-12-03 06:12:49'),(6,'221.213.87.107','/opus.json','','2013-12-03 06:12:52','2013-12-03 06:12:52'),(7,'221.213.87.107','/opus.json','','2013-12-03 06:12:52','2013-12-03 06:12:52'),(8,'60.14.51.3','/properties.json','','2013-12-03 06:12:54','2013-12-03 06:12:54'),(9,'60.14.51.3','/dfiles.json','','2013-12-03 06:12:54','2013-12-03 06:12:54'),(10,'221.213.87.107','/opus/631.json','','2013-12-03 06:12:54','2013-12-03 06:12:54'),(11,'221.213.87.107','/opus/631.json','','2013-12-03 06:12:54','2013-12-03 06:12:54'),(12,'60.14.51.3','/productCatefories.json','','2013-12-03 06:12:56','2013-12-03 06:12:56'),(13,'60.14.51.3','/properties.json','','2013-12-03 06:12:57','2013-12-03 06:12:57'),(14,'180.153.201.35','/entrepots/1','','2013-12-03 06:12:57','2013-12-03 06:12:57'),(15,'60.14.51.3','/dfiles.json','','2013-12-03 06:12:57','2013-12-03 06:12:57'),(16,'60.14.51.3','/dfiles.json','','2013-12-03 06:12:57','2013-12-03 06:12:57'),(17,'60.14.51.3','/dfiles.json','','2013-12-03 06:12:57','2013-12-03 06:12:57'),(18,'60.14.51.3','/productCatefories.json','','2013-12-03 06:12:58','2013-12-03 06:12:58'),(19,'111.174.85.225','/wedding','','2013-12-03 06:12:58','2013-12-03 06:12:58'),(20,'111.174.85.225','/wedding','','2013-12-03 06:12:58','2013-12-03 06:12:58'),(21,'222.128.179.86','/wedding','','
[Err] 1046 - No database selected
[Err] INSERT INTO `brand_statists` VALUES (1,1,60,'2013-08-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(2,2,321,'2013-08-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(3,3,237,'2013-08-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(4,4,163,'2013-08-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(5,5,111,'2013-08-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(6,6,38,'2013-08-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(7,7,165,'2013-08-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(8,4,202,'2013-09-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(9,3,206,'2013-09-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(10,2,343,'2013-09-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(11,5,126,'2013-09-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(12,7,228,'2013-09-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(13,2,528,'2013-10-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(14,7,404,'2013-10-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(15,3,304,'2013-10-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(16,4,391,'2013-10-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(17,5,222,'2013-10-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(18,8,118,'2013-10-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(19,7,113,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(20,3,90,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(21,8,130,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(22,2,131,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(23,4,104,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(24,5,50,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(25,9,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(26,10,8,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(27,11,6,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(28,12,23,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(29,13,5,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(30,14,2,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(31,15,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(32,16,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(33,17,4,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(34,18,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(35,19,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(36,20,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(37,21,2,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(38,22,3,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(39,23,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(40,24,5,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(41,25,3,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(42,26,4,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(43,27,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(44,28,3,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(45,29,3,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(46,30,2,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(47,31,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(48,32,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(49,33,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(50,34,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(51,35,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(52,36,3,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(53,37,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(54,38,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(55,39,2,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(56,40,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(57,41,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(58,42,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(59,43,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(60,44,1,'2013-11-01','2013-12-12 12:21:20','2013-12-12 12:21:20'),(61,45,1,'2013-11-01','
[Err] 1046 - No database selected
[Err] /*!40000 ALTER TABLE `brand_statists` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `brand_watches`
--
DROP TABLE IF EXISTS `brand_watches`;
/*!40101 SET @saved_cs_client     = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `brand_watches` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `bid` int(11) DEFAULT NULL,
  `month` varchar(255) DEFAULT NULL,
  `count` int(11) DEFAULT '0',
  `created_at` datetime NOT NULL,
  `updated_at` datetime NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=78 DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `brand_watches`
--
LOCK TABLES `brand_watches` WRITE;
/*!40000 ALTER TABLE `brand_watches` DISABLE KEYS */;
INSERT INTO `brand_watches` VALUES (1,1,'2013_08',60,'2013-08-09 13:39:37','2013-08-14 03:03:46'),(2,2,'2013_08',321,'2013-08-10 02:29:43','2013-08-31 14:12:57'),(3,3,'2013_08',237,'2013-08-10 13:41:58','2013-08-31 15:09:21'),(4,4,'2013_08',163,'2013-08-14 09:32:58','2013-08-31 14:13:43'),(5,5,'2013_08',111,'2013-08-15 09:37:01','2013-08-31 02:41:43'),(6,6,'2013_08',38,'2013-08-15 09:39:19','2013-08-17 08:41:32'),(7,7,'2013_08',165,'2013-08-15 13:50:47','2013-08-31 14:14:07'),(8,4,'2013_09',202,'2013-08-31 16:15:40','2013-09-30 13:24:39'),(9,3,'2013_09',206,'2013-08-31 16:16:11','2013-09-30 14:04:42'),(10,2,'2013_09',343,'2013-08-31 16:16:28','2013-09-30 14:05:10'),(11,5,'2013_09',126,'2013-08-31 16:16:56','2013-09-30 02:38:47'),(12,7,'2013_09',228,'2013-08-31 16:17:02','2013-09-30 13:24:46'),(13,2,'2013_10',528,'2013-09-30 17:26:29','2013-10-31 14:23:43'),(14,7,'2013_10',404,'2013-09-30 17:26:50','2013-10-31 14:24:26'),(15,3,'2013_10',304,'2013-09-30 18:53:03','2013-10-31 12:27:36'),(16,4,'2013_10',391,'2013-09-30 19:06:53','2013-10-31 14:24:02'),(17,5,'2013_10',222,'2013-09-30 20:39:01','2013-10-31 12:26:37'),(18,8,'2013_10',118,'2013-10-21 09:07:02','2013-10-31 14:24:34'),(19,7,'2013_11',113,'2013-10-31 19:22:09','2013-11-30 08:17:30'),(20,3,'2013_11',90,'2013-11-01 08:36:00','2013-11-30 08:17:13'),(21,8,'2013_11',130,'2013-11-01 13:09:26','2013-11-30 08:17:33'),(22,2,'2013_11',131,'2013-11-01 17:53:00','2013-11-30 13:16:52'),(23,4,'2013_11',104,'2013-11-01 17:53:24','2013-11-30 08:17:20'),(24,5,'2013_11',50,'2013-11-01 17:53:57','2013-11-21 15:43:27'),(25,9,'2013_11',1,'2013-11-16 04:21:36','2013-11-16 04:21:36'),(26,10,'2013_11',8,'2013-11-16 04:25:19','2013-11-20 12:34:18'),(27,11,'2013_11',6,'2013-11-16 04:34:47','2013-11-30 02:39:43'),(28,12,'2013_11',23,'2013-11-16 04:36:38','2013-11-26 03:54:36'),(29,13,'2013_11',5,'2013-11-16 04:41:58','2013-11-25 04:07:10'),(30,14,'2013_11',2,'2013-11-16 04:45:24','2013-11-16 05:15:16'),(31,15,'2013_11',1,'2013-11-16 04:48:45','2013-11-16 04:48:45'),(32,16,'2013_11',1,'2013-11-16 04:56:45','2013-11-16 04:56:45'),(33,17,'2013_11',4,'2013-11-16 05:09:24','2013-11-20 12:38:10'),(34,18,'2013_11',1,'2013-11-16 05:11:50','2013-11-16 05:11:50'),(35,19,'2013_11',1,'2013-11-16 05:20:19','2013-11-16 05:20:19'),(36,20,'2013_11',1,'2013-11-16 05:21:34','2013-11-16 05:21:34'),(37,21,'2013_11',2,'2013-11-16 05:29:41','2013-11-27 05:43:14'),(38,22,'2013_11',3,'2013-11-16 05:41:36','2013-11-20 13:55:59'),(39,23,'2013_11',1,'2013-11-16 05:44:43','2013-11-16 05:44:43'),(40,24,'2013_11',5,'2013-11-16 05:52:12','2013-11-20 14:15:44'),(41,25,'2013_11',3,'2013-11-16 05:54:28','2013-11-20 14:15:49'),(42,26,'2013_11',4,'2013-11-16 05:55:35','2013-11-24 01:09:52'),(43,27,'2013_11',1,'2013-11-16 05:57:00','2013-11-16 05:57:00'),(44,28,'2013_11',3,'2013-11-16 05:58:10','2013-11-20 14:15:56'),(45,29,'2013_11',3,'2013-11-16 05:59:33','2013-11-20 14:16:10'),(46,30,'2013_11',2,'2013-11-16 06:01:12','2013-11-17 08:10:19'),(47,31,'2013_11',1,'2013-11-16 06:03:46','2013-11-16 06:03:46'),(48,32,'2013_11',1,'2013-11-16 06:06:13','2013-11-16 06:06:13'),(49,33,'2013_11',1,'2013-11-16 06:07:33','2013-11-16 06:07:33'),(50,34,'2013_11',1,'2013-11-16 06:17:29','2013-11-16 06:17:29'),(51,35,'2013_11',1,'2013-11-16 06:18:37','2013-11-16 06:18:37'),(5
[Err] 1046 - No database selected
[Err] INSERT INTO `card_audios` VALUES (3,'http://marry.qiniudn.com/FkLvXPqzam4_OD0IQ2AWQyqOqi3c',2256,'2013-11-13 11:11:29','2013-11-13 11:11:29'),(5,'http://marry.qiniudn.com/FnI5SldKddKZtPJbKVFlBKijML1t',2267,'2013-11-14 08:50:40','2013-11-14 08:50:40'),(14,'http://marry.qiniudn.com/Fg2TlBjpeQGQI7vR4Xi0IAC8OspM',90,'2013-11-18 04:16:41','2013-11-18 04:16:41'),(15,'http://marry.qiniudn.com/Fn3rzwNzhfleYzF-MR8fktOIz74L',1218,'2013-11-18 09:40:17','2013-11-18 09:40:17'),(16,'http://marry.qiniudn.com/Fmcz9bnq2xHQBloSsdHlUZ_16A_C',1817,'2013-11-18 12:34:55','2013-11-18 12:34:55'),(20,'http://marry.qiniudn.com/FsNzzFlvIyrNw5XSkIv6bC7n5LyO',2375,'2013-11-18 14:28:53','2013-11-18 14:28:53'),(23,'http://marry.qiniudn.com/FvRMdcDQo2Zh_pxTi62d9-KjXO8B',2426,'2013-11-18 18:01:25','2013-11-18 18:01:25'),(24,'http://marry.qiniudn.com/FtZOtl-kvu2dL7wjcBVugyisBmQ2',2430,'2013-11-18 20:25:52','2013-11-18 20:25:52'),(25,'http://marry.qiniudn.com/FuZiPlmRlTL341OGjLXTEYTZ_njz',2436,'2013-11-18 23:34:28','2013-11-18 23:34:28'),(26,'http://marry.qiniudn.com/FojFVzOYFPZBCpeP1Wa6xfW92T0_',2445,'2013-11-19 02:02:22','2013-11-19 02:02:22'),(28,'http://marry.qiniudn.com/FhHBOB7TU2pzbwIvDNjiBMbTptlY',2471,'2013-11-19 04:30:26','2013-11-19 04:30:26'),(30,'http://marry.qiniudn.com/FnhrDXD4p1M68b5KD1o7zb8_B2JW',2484,'2013-11-19 07:27:23','2013-11-19 07:27:23'),(31,'http://marry.qiniudn.com/Fnqx2CzK81THekUU2c3HjuCnMe8x',2483,'2013-11-19 08:11:21','2013-11-19 08:11:21'),(32,'http://marry.qiniudn.com/FqcehvvyKAvOlaePuF4tcMeBlgJT',2504,'2013-11-19 09:49:01','2013-11-19 09:49:01'),(35,'http://marry.qiniudn.com/Fvd5KA-QwuU-NTapTpuqpVJoUz_-',2509,'2013-11-19 11:01:25','2013-11-19 11:01:25'),(36,'http://marry.qiniudn.com/FiMHlDhsESwKxCtR6Nb2sqoYkJKo',2520,'2013-11-19 12:48:49','2013-11-19 12:48:49'),(39,'http://marry.qiniudn.com/FvhuDtpsh8185bg7Qoaa04vL73z1',2546,'2013-11-19 14:50:21','2013-11-19 14:50:21'),(40,'http://marry.qiniudn.com/Fon3-odfqFKwle3CoypcixgSWPXD',2549,'2013-11-19 15:14:41','2013-11-19 15:14:41'),(41,'http://marry.qiniudn.com/Fslwnek8RLiVTZlb9qC3Ihg08XNn',2578,'2013-11-20 02:17:35','2013-11-20 02:17:35'),(42,'http://marry.qiniudn.com/FrKuEeDB43gxVy_JXMTg7NhA_Vcp',2618,'2013-11-20 07:50:56','2013-11-20 07:50:56'),(43,'http://marry.qiniudn.com/Fo3FtGVmg3O-40T7IZlsXpe59_-e',2465,'2013-11-20 09:31:14','2013-11-20 09:31:14'),(44,'http://marry.qiniudn.com/Fn2Gc7R812V-rYaVr4UbsKKGJ5SO',2631,'2013-11-20 13:07:51','2013-11-20 13:07:51'),(47,'http://marry.qiniudn.com/Fn6jbLOo00y_JJyR86TmSKuMofHj',2657,'2013-11-20 17:08:48','2013-11-20 17:08:48'),(49,'http://marry.qiniudn.com/FqRdtKM5QyRY8tM1fqp0OHyQlhHM',2712,'2013-11-21 13:15:06','2013-11-21 13:15:06'),(51,'http://marry.qiniudn.com/FoEelP9pdcK-pEHteJmdefq4H397',2751,'2013-11-22 07:03:35','2013-11-22 07:03:35'),(54,'http://marry.qiniudn.com/FoP0dIN94Miok-cKjLe-2T9PyIGS',2763,'2013-11-22 11:37:51','2013-11-22 11:37:51'),(56,'http://marry.qiniudn.com/Fv6_kOTHa3RHQem7Xq81qG5t_j_E',2771,'2013-11-22 14:29:25','2013-11-22 14:29:25'),(57,'http://marry.qiniudn.com/FtMBmQw7Wy8KI39eUVEeGqGMYVRC',2789,'2013-11-22 23:16:41','2013-11-22 23:16:41'),(58,'http://marry.qiniudn.com/FvSNZvOY0eB2wwicHQH9xMrIuYvS',2792,'2013-11-23 00:51:00','2013-11-23 00:51:00'),(59,'http://marry.qiniudn.com/Fnko-WBvZOdCMaLl4pqdTq6ObUGd',2610,'2013-11-23 09:55:47','2013-11-23 09:55:47'),(60,'http://marry.qiniudn.com/Fk3zYjxtu-fxOfjYyNstdmeNIruN',2812,'2013-11-23 12:15:49','2013-11-23 12:15:49'),(61,'http://marry.qiniudn.com/FqzV92IHvQaY73lrts1FVphmRwU5',1231,'2013-11-23 12:56:29','2013-11-23 12:56:29'),(62,'http://marry.qiniudn.com/FnXRd_8EWyP8Ygkz7YjbXI8rtshZ',2816,'2013-11-23 13:50:50','2013-11-23 13:50:50'),(64,'http://marry.qiniudn.com/Fp3RzCCwzRKLt042Bb3h57ZLQDUC',2825,'2013-11-23 15:19:46','2013-11-23 15:19:46'),(65,'http://marry.qiniudn.com/Ft--9pi3jfs1hb8NCRJnzW17mvO2',2837,'2013-11-24 00:59:21','2013-11-24 00:59:21'),(66,'http://marry.qiniudn.com/FjHFBo0AzqNZKF5hNQSgWP2vk6cw',2867,'2013-11-24 13:16:20','2013-11-24 13:16:20'),(67,'http://marry.qiniudn.com/FgNEUmoFo9Ci-t8uRWgfgCLhN7x8',2869,'2013-11-24 13:28:37','2013-11-24 13
[Err] 1046 - No database selected
[Err] /*!40000 ALTER TABLE `card_audios` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `card_gifts`
--
DROP TABLE IF EXISTS `card_gifts`;
/*!40101 SET @saved_cs_client     = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `card_gifts` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `user_id` int(11) DEFAULT NULL,
  `recv` int(11) DEFAULT '0',
  `created_at` datetime NOT NULL,
  `updated_at` datetime NOT NULL,
  `count` int(11) DEFAULT NULL,
  `phone` varchar(255) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=142 DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `card_gifts`
--


修复方案:

涉及到用户数据,就是大问题了。
测试的数据已删除!
求 20 rank

版权声明:转载请注明来源 紫霞仙子@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-05-05 11:28

厂商回复:

很久不用的功能,一直没有关闭。

最新状态:

2015-05-12:漏洞已经修复,非常感谢作者对我们信息安全的帮助