乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-14: 细节已通知厂商并且等待厂商处理中 2015-12-18: 厂商已经确认,细节仅向厂商公开 2015-12-28: 细节向核心白帽子及相关领域专家公开 2016-01-07: 细节向普通白帽子公开 2016-01-17: 细节向实习白帽子公开 2016-01-28: 细节向公众公开
http://**.**.**.**/zhuanr_info.jsp?proid=a506ebff-a209-11e5-896b-40f2e925905a 存在get注入通过注入发现是mysql的库,涉及多个库
| web_process[132 tables]+----------------------------------+| collective_buildingland_cardinfo || dapengallrightsinfo || diyaauditinfo || diyapersoninfo || diyapersoninforeg || diyaregister || diyayewuinfo || diyayewuinforeg || farmdwellingcardinfo || farmdwellinglandinfo || gov_suggestbox || gov_workmatters || gov_workmatters_info || gov_workmatters_type || guquan_landdealinfo || guquan_landdealmapinfo || guquan_landinfo || guquan_pro_audit || guquan_project_in || guquan_project_out || guquan_transrecords || guquancardinfo || guquandistributioninfo || landmsg || linquan_landdealinfo || linquan_landdealmapinfo || linquan_landinfo || linquan_pro_audit || linquan_project_in || linquan_project_out || linquan_transrecords || makeupyewuinfo || memattachmentinfo || memberinfo || membersnoinfo || process_applicant || process_attachment || process_dealjz || process_landdealinfo || process_landdealmapinfo || process_landinfo || process_managementright || process_pro_audit || process_pro_land || process_project_in || process_project_out || process_transrecords || processconfig || processmanainfo || rewardinverse || share_assignmentcontract || share_audithistory || share_controls || share_friendlinks || share_gallery_info || share_gallery_picture || share_information || share_isneedcheck || share_mapinfo || share_messageboard || share_news || share_objects || share_organizecolumn || share_picture || share_process || share_questionnaire || share_questionoption || share_questionresult || share_sensitivewords || share_servicecontract || share_systemconfig || system_area || system_attachment || system_bug || system_city || system_code || system_config || system_county || system_log || system_organization || system_parameter || system_permission || system_province || system_role || system_role_permission || system_sno || system_user_role || system_users || userprocess || waters_landdealinfo || waters_landdealmapinfo || waters_landinfo || waters_pro_audit || waters_project_in || waters_project_out || waters_transrecords || wateryzbginfo || wateryzcardinfo || wateryznewtimeinfo || web_guquanapply_in || web_guquanapply_out || web_linquanapply_in || web_linquanapply_out || web_processapply_in || web_processapply_out || web_watersapply_in || web_watersapply_out || web_zongheapply || web_zscqapply_in || web_zscqapply_out || zd || zd_cbf || zd_cbfs || zd_dldj || zd_dygxb || zd_fbf || zd_gyr || zd_gyrbzdm || zd_htxxb || zd_jtcygx || zd_qsxz || zd_tdlx || zd_tdyt || zd_xbdm || zd_zjlx || zscq_landdealinfo || zscq_landdealmapinfo || zscq_landinfo || zscq_pro_audit || zscq_project_in || zscq_project_out || zscq_transrecords |+----------------------------------+apply_in || web_processapply_out || web_watersapply_in || web_watersapply_out || web_zongheapply || web_zscqapply_in || web_zscqapply_out || zd || zd_cbf || zd_cbfs || zd_dldj || zd_dygxb || zd_fbf || zd_gyr || zd_gyrbzdm || zd_htxxb || zd_jtcygx || zd_qsxz || zd_tdlx || zd_tdyt || zd_xbdm || zd_zjlx || zscq_landdealinfo || zscq_landdealmapinfo || zscq_landinfo || zscq_pro_audit || zscq_project_in || zscq_project_out || zscq_transrecords |+----------------------------------+
当前库表
[29 columns]+----------------+---------------+| Column | Type |+----------------+---------------+| ACCOUNT | varchar(50) || ANSWER | varchar(100) || CREATED | datetime || CREATER | int(10) || DESCRIPTION | varchar(2000) || DUTY_ID | int(11) || EMAIL | varchar(200) || FIRST_VISIT | datetime || IP | varchar(20) || ISONLINE | int(1) || issuper | char(1) || LANG | varchar(20) || LAST_VISITS | datetime || LASTMOD | datetime || LOGIN_COUNT | int(10) || MODIFYER | int(10) || MYID | varchar(50) || NAME | varchar(50) || ORGANIZE_ID | int(11) || ORGANIZE_NAME | varchar(255) || PASSWORD | varchar(128) || PREVIOUS_VISIT | datetime || QUESTION_ID | int(10) || SESSIONID | varchar(2000) || STATUS | char(1) || TEL | varchar(30) || THEME | varchar(20) || TITLE_ID | int(11) || USER_ID | int(11) |+----------------+---------------+
system信息
[52 columns]+------------------+---------------+| Column | Type |+------------------+---------------+| mem_account | varchar(50) || mem_accountname | varchar(50) || mem_bankaccount | varchar(50) || mem_bankname | varchar(50) || mem_bond | varchar(50) || mem_busimail1 | varchar(50) || mem_busimail2 | varchar(50) || mem_businame1 | varchar(30) || mem_businame2 | varchar(30) || mem_busiphone1 | varchar(50) || mem_busiphone2 | varchar(50) || mem_card | varchar(50) || mem_city | varchar(11) || mem_comaddr | varchar(50) || mem_comdate | varchar(30) || mem_comfax | varchar(30) || mem_comname | varchar(50) || mem_comorgtype | varchar(50) || mem_comscope | varchar(350) || mem_comtype | varchar(50) || mem_comzizhi | varchar(350) || mem_county | varchar(11) || mem_createdby | varchar(20) || mem_date | datetime || mem_detail | varchar(3000) || mem_email | varchar(50) || mem_everjob | varchar(50) || mem_flag | int(2) || mem_id | varchar(40) || mem_ifever | int(2) || mem_jjtype | int(2) || mem_jobunit | varchar(50) || mem_jobunitaddr | varchar(50) || mem_jobunitphone | varchar(40) || mem_legal | varchar(50) || mem_name | varchar(50) || mem_orgcode | varchar(50) || mem_password | varchar(50) || mem_phone | varchar(50) || mem_postcode | varchar(20) || mem_province | varchar(11) || mem_reason | varchar(4000) || mem_relname | varchar(50) || mem_relpost | varchar(50) || mem_sex | int(2) || mem_shdate | datetime || mem_shr | varchar(30) || mem_shstatus | int(2) || mem_sno | varchar(40) || mem_status | int(2) || mem_type | int(2) || mem_zhizhao | varchar(50) |+------------------+---------------+
merber信息
危害等级:高
漏洞Rank:10
确认时间:2015-12-18 15:39
CNVD确认并复现所述情况,已经转由CNCERT下发给山东分中心,由其后续协调网站管理单位处置。
暂无