乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-12: 细节已通知厂商并且等待厂商处理中 2015-08-12: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-08-22: 细节向核心白帽子及相关领域专家公开 2015-09-01: 细节向普通白帽子公开 2015-09-11: 细节向实习白帽子公开 2015-09-26: 细节向公众公开
毕竟也是省级医院,还被挂了黑链,必须通过啊!
注入地址http://**.**.**.**/showsinglepage.php?catid=23
黑链地址http://**.**.**.**/images/
库
部分表
Database: hizyy2012[145 tables]+---------------------------------------+| dx_admin || dx_admin_panel || dx_admin_role || dx_admin_role_priv || dx_attachment || dx_attachment_index || dx_badword || dx_block || dx_block_history || dx_block_priv || dx_cache || dx_category || dx_category_priv || dx_collection_content || dx_collection_history || dx_collection_node || dx_collection_program || dx_comment || dx_comment_check || dx_comment_data_1 || dx_comment_setting || dx_comment_table || dx_content_check || dx_copyfrom || dx_datacall || dx_dbsource || dx_download || dx_download_data || dx_downservers || dx_extend_setting || dx_favorite || dx_hits || dx_ipbanned || dx_keylink || dx_keyword || dx_keyword_data || dx_link || dx_linkage || dx_log || dx_member || dx_member_detail || dx_member_group || dx_member_menu || dx_member_verify || dx_member_vip || dx_menu || dx_message || dx_message_data || dx_message_group || dx_model || dx_model_field || dx_module || dx_mood || dx_news || dx_news_data || dx_office || dx_page || dx_pay_account || dx_pay_payment || dx_pay_spend || dx_picture || dx_picture_data || dx_position || dx_position_data || dx_poster || dx_poster_200906 || dx_poster_201303 || dx_poster_201304 || dx_poster_201305 || dx_poster_201306 || dx_poster_201307 || dx_poster_201309 || dx_poster_201310 || dx_poster_201311 || dx_poster_201312 || dx_poster_201402 || dx_poster_201403 || dx_poster_201404 || dx_poster_201405 || dx_poster_201406 || dx_poster_201407 || dx_poster_201408 || dx_poster_201409 || dx_poster_201410 || dx_poster_201411 || dx_poster_201501 || dx_poster_201502 || dx_poster_201503 || dx_poster_201504 || dx_poster_201505 || dx_poster_201506 || dx_poster_201507 || dx_poster_201508 || dx_poster_space || dx_queue || dx_release_point || dx_search || dx_search_keyword || dx_session || dx_site || dx_special || dx_special_c_data || dx_special_content || dx_sphinx_counter || dx_sso_admin || dx_sso_applications || dx_sso_members || dx_sso_messagequeue || dx_sso_session || dx_sso_settings || dx_tag || dx_template_bak || dx_times || dx_type || dx_urlrule || dx_video || dx_video_content || dx_video_data || dx_video_store || dx_wap || dx_wap_type || dx_workflow || h_ad || h_admin || h_administer || h_adminloginlog || h_column || h_config || h_datatable || h_dictionary || h_download || h_experts || h_field || h_info_submit || h_ip || h_ipstates || h_ksnews || h_kssinglepage || h_links || h_news || h_online || h_picture || h_pictures || h_singlepage || h_video |+---------------------------------------+Database: information_schema[37 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || INNODB_CMP || INNODB_CMPMEM || INNODB_CMPMEM_RESET || INNODB_CMP_RESET || INNODB_LOCKS || INNODB_LOCK_WAITS || INNODB_TRX || KEY_COLUMN_USAGE || PARAMETERS || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLESPACES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+
注入爆出管理账户
无意间发现被挂了黑链http://**.**.**.**/images/
也就不尝试去登陆后台,有人来过,请管理员们尽点心哈~
你们懂得!
危害等级:中
漏洞Rank:8
确认时间:2015-08-12 17:32
CNVD确认所述情况,已经转由CNCERT下发给海南分中心,由其后续协调网站管理单位处置。
暂无
