乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-01-10: 细节已通知厂商并且等待厂商处理中 2014-01-13: 厂商已经确认,细节仅向厂商公开 2014-01-23: 细节向核心白帽子及相关领域专家公开 2014-02-02: 细节向普通白帽子公开 2014-02-12: 细节向实习白帽子公开 2014-02-24: 细节向公众公开
也不知道167个数据库算不算大量信息~
问题站点:易观国际的产品服务门户网站
http://www.enfodesk.com
测试SQL注射点如下,存在注入的参数user_name:
http://www.enfodesk.com/SMinisite/newinfo/muserlogin/nand_id/1act=login2&r_url=&user_name=a&user_pass=a
167个数据库:
available databases [157]:[*] analysys[*] analysys_survey[*] bbs_home[*] book[*] club[*] e[*] ecdc_admin[*] ecdc_data[*] ecdc_user[*] edm[*] egc_admin[*] egc_data[*] egc_function[*] egc_info[*] egc_log[*] egc_survey[*] egc_user[*] ek_admin[*] ek_chart_data[*] ek_data[*] ek_data_icafe[*] ek_data_nwbench[*] ek_forum[*] ek_function[*] ek_index[*] ek_info[*] ek_info_2007[*] ek_info_2008[*] ek_info_2009[*] ek_info_2010[*] ek_info_2011[*] ek_info_2012[*] ek_info_2013[*] ek_info_2014[*] ek_info_2015[*] ek_log[*] ek_minisite[*] ek_news_collection[*] ek_test[*] ek_user[*] ek_vendor[*] enfocapital[*] enfodesk[*] enfodesk_data[*] enfodesk_database[*] enfodesk_edm[*] enfodesk_info[*] enfodesk_members[*] enfodesk_minisite[*] enfodesk_product[*] enfodesk_user[*] enfogrowth[*] enfonet[*] gamesurvey2010[*] getinfo_vest[*] global_admin[*] global_business_map[*] global_config[*] global_data[*] global_info[*] global_information[*] global_list[*] global_search[*] global_vendor[*] information_schema[*] lime[*] member[*] minisite_product[*] mobile_market_info[*] mobile_market_info_v2[*] mobile_market_info_v2_2013_09[*] mobile_market_info_v2_2013_10[*] mobile_market_rank[*] mobile_market_rank_bak[*] mt_admin[*] mt_config[*] mt_function[*] mt_global[*] mt_info[*] mt_info_2007[*] mt_info_2008[*] mt_info_2009[*] mt_info_2010[*] mt_info_2011[*] mt_info_2012[*] mt_info_2013[*] mt_info_2014[*] mt_info_2015[*] mt_log[*] mt_member[*] mt_survey[*] mt_user[*] mt_vendor[*] mt_web_info[*] mysql[*] ntmodel[*] oa_analyst[*] partners_admin[*] pic[*] product[*] product_ek_info_2007[*] product_ek_info_2008[*] product_ek_info_2009[*] product_ek_info_2010[*] product_ek_info_2011[*] product_ek_info_2012[*] product_global_admin[*] product_global_information[*] product_global_list[*] product_mt_info_2007[*] product_mt_info_2008[*] product_mt_info_2009[*] product_mt_info_2010[*] product_mt_info_2011[*] product_mt_info_2012[*] questionnaire_info[*] search_tmp[*] shequ[*] spider_news[*] stock[*] taobao_data[*] taobao_data_model[*] taobao_data_model_bak[*] user[*] utf8_ek_admin[*] utf8_ek_chart_data[*] utf8_ek_data[*] utf8_ek_data_icafe[*] utf8_ek_edm[*] utf8_ek_forum[*] utf8_ek_function[*] utf8_ek_index[*] utf8_ek_info[*] utf8_ek_info_2007[*] utf8_ek_info_2008[*] utf8_ek_info_2009[*] utf8_ek_info_2010[*] utf8_ek_info_2011[*] utf8_ek_info_2012[*] utf8_ek_log[*] utf8_ek_minisite[*] utf8_ek_user[*] utf8_ek_vendor[*] utf8_gamesurvey2010[*] utf8_global_info[*] utf8_global_information[*] utf8_global_list[*] utf8_global_vendor[*] utf8_mobile_market_info[*] utf8_mobile_market_info_v2[*] utf8_mobile_market_rank[*] utf8_search_tmp[*] utf8_taobao_data[*] utf8_taobao_data_model[*] vote[*] wiki[*] wordpress
进入管理后台,超级管理员;
新建了一个账户,请自行删除~
后台同样存在SQL注射漏洞;
过滤
危害等级:高
漏洞Rank:20
确认时间:2014-01-13 08:54
我们会尽快修复感谢您对我们工作的支持
暂无