乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-03: 细节已通知厂商并且等待厂商处理中 2015-02-06: 厂商已经确认,细节仅向厂商公开 2015-02-16: 细节向核心白帽子及相关领域专家公开 2015-02-26: 细节向普通白帽子公开 2015-03-08: 细节向实习白帽子公开 2015-03-20: 细节向公众公开
这个算政府站么
山东省关心下一代工作委员会http://www.sdggww.com/show_news.php?id=158
看数据吧
available databases [19]:[*] blyj[*] ggw[*] hcyy[*] hyfs[*] hyfs_bak[*] information_schema[*] jmwy[*] klyjzyz[*] ldgc[*] mays[*] mysql[*] performance_schema[*] qhdata[*] qiaohu_data[*] qlbz[*] test[*] tr_d[*] ysmg_d[*] yssl
Database: hyfs_bak[97 tables]+----------------------------------------------+| dede_addon17 || dede_addonarticle || dede_addonimages || dede_addoninfos || dede_addonshop || dede_addonsoft || dede_addonspec || dede_addonvideo || dede_admin || dede_admintype || dede_advancedsearch || dede_arcatt || dede_arccache || dede_archives || dede_arcmulti || dede_arcrank || dede_arctiny || dede_arctype || dede_area || dede_channeltype || dede_co_htmls || dede_co_mediaurls || dede_co_note || dede_co_onepage || dede_co_urls || dede_diyforms || dede_dl_log || dede_downloads || dede_erradd || dede_feedback || dede_flink || dede_flinktype || dede_freelist || dede_guestbook || dede_homepageset || dede_keywords || dede_log || dede_member || dede_member_company || dede_member_feed || dede_member_flink || dede_member_friends || dede_member_group || dede_member_guestbook || dede_member_model || dede_member_msg || dede_member_operation || dede_member_person || dede_member_pms || dede_member_snsmsg || dede_member_space || dede_member_stow || dede_member_stowtype || dede_member_tj || dede_member_type || dede_member_vhistory || dede_moneycard_record || dede_moneycard_type || dede_mtypes || dede_multiserv_config || dede_myad || dede_myadtype || dede_mynews || dede_mytag || dede_payment || dede_plugins_config || dede_plus || dede_plus_baidusitemap_list || dede_plus_baidusitemap_setting || dede_plus_changyan_importids || dede_plus_changyan_insertids || dede_plus_changyan_setting || dede_purview || dede_pwd_tmp || dede_ratings || dede_scores || dede_search_cache || dede_search_keywords || dede_sgpage || dede_shops_delivery || dede_shops_orders || dede_shops_products || dede_shops_userinfo || dede_softconfig || dede_sphinx || dede_stepselect || dede_sys_enum || dede_sys_module || dede_sys_set || dede_sys_task || dede_sysconfig || dede_tagindex || dede_taglist || dede_uploads || dede_verifies || dede_vote || dede_vote_member |+----------------------------------------------+Database: ggw[29 tables]+----------------------------------------------+| user || ad || ad_type || apply || base || bm_info || bs || bs_btype || bs_type || company || dl_type || download || f_type || flink || log || message || new || new_btype || new_type || news || o_user || page_type || sd_members || spage || syimg || sys || tb_down || tb_type || wsbb |+----------------------------------------------+Database: qlbz[30 tables]+----------------------------------------------+| user || ad || ad_type || apply || base || bm_info || bs || bs_btype || bs_type || company || dl_type || download || dy_page || f_type || flink || log || message || new || new_btype || new_type || news || o_user || page_type || sd_members || spage || syimg || sys || tb_down || tb_type || wsbb |+----------------------------------------------+Database: hcyy[30 tables]+----------------------------------------------+| user || ad || ad_type || apply || base || bm_info || bs || bs_btype || bs_type || company || dl_type || download || f_type || flink || lb_pic || log || message || new || new_btype || new_type || news || o_user || page_type || sd_members || spage || syimg || sys || tb_down || tb_type || wsbb |+----------------------------------------------+Database: performance_schema[17 tables]+----------------------------------------------+| cond_instances || events_waits_current || events_waits_history || events_waits_history_long || events_waits_summary_by_instance || events_waits_summary_by_thread_by_event_name || events_waits_summary_global_by_event_name || file_instances || file_summary_by_event_name || file_summary_by_instance || mutex_instances || performance_timers || rwlock_instances || setup_consumers || setup_instruments || setup_timers || threads |+----------------------------------------------+Database: klyjzyz[29 tables]+----------------------------------------------+| user || ad || ad_type || apply || base || bm_info || bs || bs_btype || bs_type || company || dl_type || download || f_type || flink || log || new || new_btype || new_type || news || o_user || page_type || review || sd_members || spage || syimg || sys || tb_down || tb_type || wsbb |+----------------------------------------------+Database: qiaohu_data[45 tables]+----------------------------------------------+| user || act_type || active || active_bm || ad || ad_type || apply || base || bm_info || bs || bs_btype || bs_type || city_type || company || ddmessage || del || dl_type || download || f_type || flink || hd || hd_type || hy_register || job || job_type || log || ly || mem_yuyue || message || new || new_btype || new_type || news || o_user || page_type || pros || sd_members || spage || syimg || sys || tb_down || tb_type || wsbb || xh_info || yjmessage |+----------------------------------------------+Database: mysql[24 tables]+----------------------------------------------+| user || columns_priv || db || event || func || general_log || help_category || help_keyword || help_relation || help_topic || host || ndb_binlog_index || plugin || proc || procs_priv || proxies_priv || servers || slow_log || tables_priv || time_zone || time_zone_leap_second || time_zone_name || time_zone_transition || time_zone_transition_type |+----------------------------------------------+Database: qhdata[45 tables]+----------------------------------------------+| user || ad || ad_type || base || bs || bs_btype || bs_type || bwg || bwg_btype || bwg_type || bwginfo || company || ddmessage || dl_type || download || f_type || flink || jfjl || job || job_type || job_yp || log || new_btype || new_stype || new_type || newmessage || news || o_user || page_type || pinglun || qymessage || sd_members || spage || sqmessage || srmessage || syimg || sys || tb_down || tb_type || tsmessage || wsbb || xdmessage || yjmessage || zlzs || zlzs_type |+----------------------------------------------+Database: jmwy[29 tables]+----------------------------------------------+| user || ad || ad_type || apply || base || bm_info || bs || bs_btype || bs_type || company || dl_type || download || f_type || flink || log || message || new || new_btype || new_type || news || o_user || page_type || sd_members || spage || syimg || sys || tb_down || tb_type || wsbb |+----------------------------------------------+Database: ldgc[35 tables]+----------------------------------------------+| user || ad || ad_type || apply || base || bm_info || bs || bs_btype || bs_type || company || del || dl_type || download || f_type || flink || job || job_type || log || mem_yuyue || message || new || new_btype || new_type || news || o_user || page_type || pros || sd_members || sjlm_sq || spage || syimg || sys || tb_down || tb_type || wsbb |+----------------------------------------------+Database: mays[31 tables]+----------------------------------------------+| user || ad || ad_type || apply || base || bm_info || bs || bs_btype || bs_type || company || dl_type || download || dy_page || f_type || flink || log || message || new || new_btype || new_type || news || o_user || page_type || product || sd_members || spage || syimg || sys || tb_down || tb_type || wsbb |+----------------------------------------------+Database: ysmg_d[30 tables]+----------------------------------------------+| user || ad || ad_type || base || bm_info || bs || bs_btype || bs_type || company || dl_type || download || dy_page || f_type || flink || log || message || new || new_btype || new_type || news || o_user || page_type || pros || sd_members || spage || syimg || sys || tb_down || tb_type || wsbb |+----------------------------------------------+Database: hyfs[88 tables]+----------------------------------------------+| dede_addonarticle || dede_addonimages || dede_addoninfos || dede_addonshop || dede_addonsoft || dede_addonspec || dede_admin || dede_admintype || dede_advancedsearch || dede_arcatt || dede_arccache || dede_archives || dede_arcmulti || dede_arcrank || dede_arctiny || dede_arctype || dede_area || dede_channeltype || dede_co_htmls || dede_co_mediaurls || dede_co_note || dede_co_onepage || dede_co_urls || dede_diyforms || dede_dl_log || dede_downloads || dede_erradd || dede_feedback || dede_flink || dede_flinktype || dede_freelist || dede_homepageset || dede_keywords || dede_log || dede_member || dede_member_company || dede_member_feed || dede_member_flink || dede_member_friends || dede_member_group || dede_member_guestbook || dede_member_model || dede_member_msg || dede_member_operation || dede_member_person || dede_member_pms || dede_member_snsmsg || dede_member_space || dede_member_stow || dede_member_stowtype || dede_member_tj || dede_member_type || dede_member_vhistory || dede_moneycard_record || dede_moneycard_type || dede_mtypes || dede_multiserv_config || dede_myad || dede_myadtype || dede_mytag || dede_payment || dede_plus || dede_plus_changyan_setting || dede_purview || dede_pwd_tmp || dede_ratings || dede_scores || dede_search_cache || dede_search_keywords || dede_sgpage || dede_shops_delivery || dede_shops_orders || dede_shops_products || dede_shops_userinfo || dede_softconfig || dede_sphinx || dede_stepselect || dede_sys_enum || dede_sys_module || dede_sys_set || dede_sys_task || dede_sysconfig || dede_tagindex || dede_taglist || dede_uploads || dede_verifies || dede_vote || dede_vote_member |+----------------------------------------------+Database: yssl[30 tables]+----------------------------------------------+| user || ad || ad_type || apply || base || bm_info || bs || bs_btype || bs_type || company || dl_type || download || dy_page || f_type || flink || log || message || new || new_btype || new_type || news || o_user || page_type || sd_members || spage || syimg || sys || tb_down || tb_type || wsbb |+----------------------------------------------+Database: blyj[28 tables]+----------------------------------------------+| user || ad || ad_type || apply || base || bm_info || bs || bs_btype || bs_type || company || dl_type || download || f_type || flink || log || new || new_btype || new_type || news || o_user || page_type || sd_members || spage || syimg || sys || tb_down || tb_type || wsbb |+----------------------------------------------+Database: information_schema[37 tables]+----------------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || INNODB_CMP || INNODB_CMPMEM || INNODB_CMPMEM_RESET || INNODB_CMP_RESET || INNODB_LOCKS || INNODB_LOCK_WAITS || INNODB_TRX || KEY_COLUMN_USAGE || PARAMETERS || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLESPACES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+----------------------------------------------+Database: tr_d[29 tables]+----------------------------------------------+| user || ad || ad_type || base || bm_info || bs || bs_btype || bs_type || company || dl_type || download || dy_page || f_type || flink || log || message || new || new_btype || new_type || news || o_user || page_type || sd_members || spage || syimg || sys || tb_down || tb_type || wsbb |+----------------------------------------------+Database: ggw+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| news | 696 || log | 372 || o_user | 34 || new_btype | 14 || new_type | 13 || flink | 10 || ad | 3 || `user` | 2 || ad_type | 2 || bm_info | 1 || company | 1 || f_type | 1 || message | 1 || page_type | 1 |+---------------------------------------+---------+Database: qlbz+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| log | 392 || news | 181 || new_type | 45 || o_user | 34 || dy_page | 21 || new_btype | 14 || flink | 8 || ad | 5 || f_type | 5 || `user` | 2 || ad_type | 2 || page_type | 2 || bm_info | 1 || company | 1 || message | 1 |+---------------------------------------+---------+Database: hcyy+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| log | 449 || news | 215 || new_type | 36 || o_user | 34 || new_btype | 14 || ad | 7 || flink | 6 || lb_pic | 5 || ad_type | 4 || bm_info | 3 || page_type | 3 || `user` | 1 || company | 1 || f_type | 1 || message | 1 |+---------------------------------------+---------+Database: performance_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| setup_consumers | 8 || performance_timers | 5 || setup_timers | 1 |+---------------------------------------+---------+Database: ysmg_d+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| log | 328 || o_user | 34 || dy_page | 22 || new_type | 17 || new_btype | 14 || news | 12 || pros | 12 || flink | 11 || ad | 2 || page_type | 2 || `user` | 1 || ad_type | 1 || bm_info | 1 || company | 1 || f_type | 1 |+---------------------------------------+---------+Database: klyjzyz+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| news | 431 || log | 320 || o_user | 145 || new_btype | 42 || new_type | 13 || flink | 7 || `user` | 6 || ad_type | 4 || ad | 3 || bm_info | 1 || company | 1 || f_type | 1 || page_type | 1 |+---------------------------------------+---------+Database: qiaohu_data+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| log | 340 || news | 22 || new_btype | 14 || flink | 10 || o_user | 10 || ad | 8 || mem_yuyue | 8 || new_type | 8 || ddmessage | 6 || ad_type | 5 || message | 5 || hd | 4 || job | 4 || pros | 4 || page_type | 3 || city_type | 2 || f_type | 2 || hd_type | 2 || job_type | 2 || `user` | 1 || bm_info | 1 || company | 1 || yjmessage | 1 |+---------------------------------------+---------+Database: jmwy+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| log | 368 || news | 262 || new_type | 81 || flink | 41 || o_user | 34 || new_btype | 14 || f_type | 7 || ad | 4 || ad_type | 4 || message | 3 || `user` | 1 || bm_info | 1 || company | 1 || page_type | 1 |+---------------------------------------+---------+Database: qhdata+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| bwginfo | 673 || log | 336 || news | 273 || jfjl | 203 || o_user | 196 || bwg | 91 || bwg_btype | 37 || sqmessage | 37 || page_type | 20 || new_btype | 17 || xdmessage | 15 || new_stype | 13 || zlzs | 10 || job | 8 || srmessage | 8 || ddmessage | 5 || bwg_type | 4 || new_type | 4 || `user` | 2 || ad | 2 || ad_type | 2 || f_type | 2 || job_type | 2 || zlzs_type | 2 || company | 1 |+---------------------------------------+---------+Database: blyj+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| log | 363 || news | 114 || o_user | 34 || new_type | 25 || new_btype | 14 || flink | 8 || ad | 4 || ad_type | 4 || `user` | 1 || bm_info | 1 || company | 1 || f_type | 1 || page_type | 1 |+---------------------------------------+---------+Database: ldgc+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| log | 360 || news | 63 || new_type | 58 || new_btype | 14 || o_user | 10 || mem_yuyue | 8 || flink | 7 || page_type | 5 || pros | 5 || ad | 4 || ad_type | 4 || job | 4 || sjlm_sq | 4 || job_type | 2 || `user` | 1 || bm_info | 1 || company | 1 || f_type | 1 || message | 1 |+---------------------------------------+---------+Database: mays+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| log | 378 || news | 37 || o_user | 34 || new_type | 24 || dy_page | 19 || new_btype | 14 || ad | 10 || product | 7 || ad_type | 3 || `user` | 2 || page_type | 2 || bm_info | 1 || company | 1 || f_type | 1 || flink | 1 || message | 1 |+---------------------------------------+---------+Database: mysql+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| help_relation | 1028 || help_topic | 508 || help_keyword | 465 || help_category | 38 || `user` | 2 || db | 1 || proxies_priv | 1 |+---------------------------------------+---------+Database: hyfs+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| dede_sys_enum | 3347 || dede_area | 482 || dede_sysconfig | 155 || dede_myad | 20 || dede_stepselect | 15 || dede_scores | 12 || dede_plus_changyan_setting | 9 || dede_arcatt | 8 || dede_arcrank | 8 || dede_flinktype | 8 || dede_sys_module | 7 || dede_channeltype | 6 || dede_plus | 6 || dede_payment | 4 || dede_shops_delivery | 4 || dede_admintype | 3 || dede_co_onepage | 3 || dede_flink | 3 || dede_moneycard_type | 3 || dede_freelist | 2 || dede_member_model | 2 || dede_member_stowtype | 2 || dede_sys_set | 2 || dede_admin | 1 || dede_homepageset | 1 || dede_member | 1 || dede_member_group | 1 || dede_member_person | 1 || dede_member_space | 1 || dede_member_tj | 1 || dede_member_type | 1 || dede_softconfig | 1 || dede_vote | 1 |+---------------------------------------+---------+Database: yssl+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| log | 340 || news | 49 || o_user | 34 || new_type | 17 || dy_page | 16 || new_btype | 14 || flink | 9 || message | 4 || `user` | 2 || ad | 2 || f_type | 2 || page_type | 2 || ad_type | 1 || bm_info | 1 || company | 1 |+---------------------------------------+---------+Database: hyfs_bak+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| dede_sys_enum | 3347 || dede_area | 482 || dede_sysconfig | 157 || dede_uploads | 76 || dede_archives | 56 || dede_arctiny | 56 || dede_addonarticle | 40 || dede_plugins_config | 32 || dede_arctype | 20 || dede_myad | 20 || dede_addonshop | 16 || dede_stepselect | 15 || dede_scores | 12 || dede_plus_changyan_setting | 9 || dede_arcatt | 8 || dede_arcrank | 8 || dede_flinktype | 8 || dede_sys_module | 8 || dede_plus | 7 || dede_plus_baidusitemap_setting | 7 || dede_channeltype | 6 || dede_payment | 4 || dede_shops_delivery | 4 || dede_admintype | 3 || dede_co_onepage | 3 || dede_flink | 3 || dede_moneycard_type | 3 || dede_erradd | 2 || dede_freelist | 2 || dede_member_model | 2 || dede_member_stowtype | 2 || dede_sys_set | 2 || dede_admin | 1 || dede_downloads | 1 || dede_homepageset | 1 || dede_member | 1 || dede_member_group | 1 || dede_member_person | 1 || dede_member_space | 1 || dede_member_tj | 1 || dede_member_type | 1 || dede_softconfig | 1 || dede_vote | 1 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 5746 || STATISTICS | 843 || TABLES | 683 || PARTITIONS | 665 || KEY_COLUMN_USAGE | 615 || TABLE_CONSTRAINTS | 589 || SESSION_VARIABLES | 268 || GLOBAL_STATUS | 265 || SESSION_STATUS | 265 || GLOBAL_VARIABLES | 257 || COLLATION_CHARACTER_SET_APPLICABILITY | 195 || COLLATIONS | 195 || CHARACTER_SETS | 39 || USER_PRIVILEGES | 29 || PLUGINS | 20 || SCHEMATA | 19 || ENGINES | 9 || SCHEMA_PRIVILEGES | 4 || PROCESSLIST | 1 |+---------------------------------------+---------+Database: tr_d+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| log | 303 || o_user | 34 || news | 15 || new_btype | 14 || dy_page | 13 || flink | 12 || new_type | 5 || message | 4 || ad | 3 || page_type | 2 || `user` | 1 || ad_type | 1 || bm_info | 1 || company | 1 || f_type | 1 |+---------------------------------------+---------+
root权限
如上
危害等级:中
漏洞Rank:10
确认时间:2015-02-06 14:36
CNVD确认并复现所述情况,已经转由CNCERT下发给山东分中心,由其后续协调网站管理部门处置。
暂无
