DedeCms某Nday注射漏洞大面积爆发(打包) | wooyun-2014-052276| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-052276

漏洞标题：DedeCms某Nday注射漏洞大面积爆发(打包)

漏洞作者：我来找快乐

提交时间：2014-02-28 14:49

修复时间：2014-04-14 14:50

公开时间：2014-04-14 14:50

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2014-02-28：细节已通知厂商并且等待厂商处理中
2014-03-05：厂商已经确认，细节仅向厂商公开
2014-03-15：细节向核心白帽子及相关领域专家公开
2014-03-25：细节向普通白帽子公开
2014-04-04：细节向实习白帽子公开
2014-04-14：细节向公众公开

简要描述：

168个不重复的织梦SQL注入漏洞，dedecms太恐怖了。

详细说明：

http://www.abingjs.com  UserName:admin  MD5:3e7a64d84683d218
http://www.sunnyi.cn  UserName:kicshop7356  MD5:0d735d1d077e5e24
http://www.duhoo.net  UserName:admin  MD5:a7389ec9ad889c29
http://www.0731jkj.com  UserName:xzs  MD5:fcec6c9ff7085e39
http://www.dailysilver.org  UserName:admin  MD5:86c7fbcd6ecf5109
http://www.zgwhzsh.com  UserName:yangyinghao1986  MD5:6e15b19a4038f470
http://www.2h2d.com.tw  UserName:xiangge  MD5:b1827488e9f7eff2
http://www.mobage.tw  UserName:admin  MD5:96b405ddbdad8f74
http://www.emxinc.cn  UserName:admin  MD5:e18b5117f85a6346
http://www.sdjgj.gov.cn  UserName:admin  MD5:14d9995171425f42
http://www.makkee.com.hk  UserName:admin  MD5:7a57a5a743894a0e
http://www.szgt.gov.cn  UserName:admin  MD5:b93a0dc3b77e2c3f
http://www.tpdmacao.org  UserName:admin  MD5:6ea6b7fa02701b1e
http://www.scncpa-l-tax.gov.cn  UserName:admin  MD5:14867e1ed882aac2
http://www.xjcare.com  UserName:admin  MD5:8bc0d65d453b6f23
http://www.p-expo.com  UserName:zhsp  MD5:1e1d244ffb13f2e6
http://www.jshuabo.com  UserName:admin  MD5:049c26fd1a481a7d
http://www.tzfeilu.com  UserName:tzgly  MD5:7a57a5a743894a0e
http://www.annoroad.com  UserName:admin  MD5:7136b455e18b5e2c
http://www.jnwater.com.cn  UserName:jnwater  MD5:8e471f1a0b8440ad
http://sdjn.evergrande.com  UserName:admin  MD5:3a416e73140f2d19
http://www.cbfq.cn  UserName:admin  MD5:f9b98be32100c3a1
http://bjuu.xdf.cn  UserName:admin  MD5:d2e917195d57a8b8
http://www.cautism.com  UserName:kangda  MD5:0e0b2e56dc5d5905
http://www.amt.com.cn  UserName:admin  MD5:ec411cb0044be977
http://www.d-heaven.com  UserName:cmsadmin  MD5:50ea5839b500fd74
http://nsca-shanghai.com.cn  UserName:admin  MD5:bc356ff2d42e0dcf
http://www.zmnedu.com  UserName:admin  MD5:7925a2c5b49147ff
http://www.cis-expo.com  UserName:admin  MD5:59c5e1d09a804986
http://www.zoyue.com  UserName:chinawwhb  MD5:df5ab255f3c91ae5
http://www.ugitc.com  UserName:admin  MD5:a7a0bd9ef71d8cf9
http://www.eb5yimin.com  UserName:yimin  MD5:12b0fa625f9c6733
http://www.gzptly.com  UserName:cncolour  MD5:4d7191e8c276e745
http://www.weilanshi.com  UserName:admin  MD5:571e55e4f3544600
http://www.jsjyha.com  UserName:admin  MD5:c10beb229a472662
http://www.the9edu.com  UserName:admin  MD5:b2b4dcab418c486b
http://www.csc114.com  UserName:admin  MD5:fc74c3c9621715ba
http://www.cnasthma.com  UserName:nahan  MD5:c831b04de153469d
http://old.5tv.com.cn  UserName:admin  MD5:67ac90f8b98ab4b8
http://www.fanstour.com  UserName:zhf@  MD5:95de932938d9a947
http://www.yfzdc.com  UserName:admin  MD5:28c460b82f54fb43
http://www.astv.com.cn  UserName:admin  MD5:6901773399d581a7
http://www.ginzza.net  UserName:teqhost  MD5:9ebb052280d37ccd
http://www.habc.org.cn  UserName:habc  MD5:469e80d32c0559f8
http://www.gdsme.org  UserName:admin  MD5:534232ee8a562849
http://www.bdwsj.gov.cn  UserName:admin  MD5:1456b237f44533a0
http://fzone.oushinet.com  UserName:admin  MD5:45e3f273326e4ea3
http://www.kidney-cares.org  UserName:administrator  MD5:3b407eafc243a082
http://www.dbond.net  UserName:chuming  MD5:6ba60d779d0aebbb
http://www.hnsbxh.org  UserName:abc  MD5:5e55395d57dc3f8a
http://www.imwchina.com  UserName:admin  MD5:d1e9b30508e63064
http://www.dgtoyota.com  UserName:myadmin  MD5:65914e6f8121f88c
http://www.daojiayouxue.com  UserName:admin  MD5:b9a0f64d09f6ab68
http://www.yxlw.org  UserName:cdgadmin  MD5:d08214e252decf49
http://www.trust-trust.com  UserName:stadmin1  MD5:79558095a64eb822
http://www.simon-sh.com  UserName:webadmin  MD5:e139be103324d04d
http://www.forhead.org  UserName:admin  MD5:69b1e3ec2f699258
http://www.wssng.com  UserName:admin  MD5:bfb709dd58931f5f
http://www.lzmcwx.com  UserName:admin  MD5:4b88cd2afde80fd2
http://www.hrzh.org  UserName:admin  MD5:ac8fc472994386de
http://grandmarkrealty.net  UserName:admin  MD5:786624e951f4fcbf
http://www.xbtcm.com  UserName:admin  MD5:9dc96c496966a7f6
http://pingnannews.com  UserName:admin  MD5:e2a900c259ab31e3
http://www.gzyjtoyota.com  UserName:myadmin  MD5:65914e6f8121f88c
http://www.cchmis.cn  UserName:CcadMaster  MD5:568393db540b9ad1
http://www.xzxinli.com  UserName:admin  MD5:4b143e089e10b1ea
http://www.uestcp.com.cn  UserName:liujinsong  MD5:a85340b1e913e0f7
http://www.hzxhly.gov.cn  UserName:admin  MD5:93e482461b714777
http://nkbayy.com  UserName:admin  MD5:029cf707939e886e
http://www.yz918.com  UserName:xtybfgu  MD5:52376ea9c7864ec8
http://hee.ctgu.edu.cn  UserName:admin  MD5:2745542386421305
http://www.sygdw.com  UserName:sygdw  MD5:291c3bb684559dfd
http://www.tongcard.net  UserName:admin  MD5:06150a04f5c163bb
http://www.koons.com.cn  UserName:admin  MD5:3996abdb71e2b508
http://www.valveyoto.com  UserName:admin  MD5:c1f3a636c05f8257
http://www.rw-wine.com  UserName:ruiwen_com2  MD5:891715ef8ceb1f7b
http://lib.qionghai.gov.cn  UserName:abc  MD5:5e55395d57dc3f8a
http://www.redbudgroup.org.cn  UserName:redbud_admin  MD5:33b34179526e12fa
http://www.fiesta.com.hk  UserName:admin  MD5:204233f582152996
http://www.fzys120.com  UserName:admin  MD5:39ff38e667472281
http://www.duoge007.com  UserName:duoge  MD5:cd75f87177b6febe
http://www.jssybz.com  UserName:sydw  MD5:7a57a5a743894a0e
http://www.dianfei.org  UserName:admin  MD5:b4242280103410dd
http://zjjzc.com  UserName:zjjweb  MD5:464f0b3d6e2efc34
http://www.013578.com  UserName:JINCHENG  MD5:72c1cef643c98e3a
http://www.66663333.com  UserName:admin  MD5:a5c9293c54538f08
http://www.ka147.com  UserName:admin  MD5:11c605acc3884920
http://www.114228.com  UserName:admin  MD5:1fafc8de44826dcc
http://www.zikaohn.com  UserName:33739321  MD5:65065adf021239e3
http://www.syygyy.com  UserName:cityroom  MD5:9c9105140e72c7dd
http://www.lzhxzx.net  UserName:admin  MD5:c768f674f3c92add
http://www.yixtnb.com  UserName:admin  MD5:edbe6a86266db44f
http://www.refeng.net  UserName:papaya  MD5:373f8e6fc6733f27
http://www.zaozhuangly.com  UserName:admin  MD5:49ba59abbe56e057
http://www.86123123.com  UserName:admin  MD5:17e72fccd326b99f
http://www.zdhbo.com  UserName:admin  MD5:7652bd870b7cecb0
http://www.sccj6.com  UserName:admin  MD5:1a4224be9e6c0b72
http://www.yaosuanteng.com  UserName:mafeng  MD5:8bd3e402498dce41
http://www.086kqw.com  UserName:admin  MD5:5b16336c3d67ba49
http://www.yotolo.com  UserName:tujyce  MD5:03d53c9a2395b002
http://www.tmwh.com  UserName:admin  MD5:164dbb260505c63d
http://www.goozjj.com  UserName:admin  MD5:b43a54b73b6a221f
http://www.hyzhengxing.com  UserName:admin  MD5:e32ec5c3f5a117b4
http://www.bjbaoye.com  UserName:byadmin  MD5:3a2cd1a22cea1640
http://www.bjchmnw.com  UserName:admin  MD5:3bae929f37819e58
http://www.biantawang.com  UserName:mym  MD5:f200218ff5285ab0
http://www.dgxxw.net  UserName:hbpeixun  MD5:576e62b2d91c7470
http://www.naisee.com  UserName:cgaga  MD5:3f1126d1e89c3eed
http://dhaow.com  UserName:admin  MD5:7a57a5a743894a0e
http://zuimeijia.com  UserName:admin  MD5:f615b40fd9022ef0
http://www.516diy.com  UserName:zhoucheng  MD5:c6139c908de4a604
http://www.gxbyby.com  UserName:admin  MD5:deef630e71f718d9
http://www.siyin123.com  UserName:admin  MD5:eb853cd377ff4934
http://www.yingqin.org  UserName:yingwenhua  MD5:49ba59abbe56e057
http://www.losewz.com  UserName:admin  MD5:13d2f30b108c3f8c
http://www.021shangbiao.com  UserName:admin  MD5:5a55685595a72b2c
http://www.xinkegbyy.com  UserName:admin  MD5:2ce4a75eb264485b
http://www.sh414.com  UserName:shenekin  MD5:247c7fb160a440dd
http://www.shiyoupeixun.com  UserName:mqzhqf  MD5:25c1daccb05322d6
http://www.hxxt.cn  UserName:admin  MD5:a24cfb649f754bb0
http://www.nm18.com  UserName:apider  MD5:4efe0b194e966523
http://www.tao1638.com  UserName:admin  MD5:7a57a5a743894a0e
http://www.tailum.com  UserName:admin  MD5:ad961b25c9b37e7f
http://www.tsgbyy.com  UserName:admin  MD5:49ba59abbe56e057
http://www.mydcj.com  UserName:bianhy  MD5:39576dd3c96ed626
http://www.120xd.com  UserName:admin  MD5:13955235245b2497
http://www.renliu365.com  UserName:0779admin  MD5:ade0ca12790eb95c
http://www.028chuzhou.com  UserName:admin  MD5:f1ee5a1be7bb4fe8
http://www.tiandily.com  UserName:tiandily2010  MD5:f5facda10893b2e2
http://www.zgditan.com  UserName:admin  MD5:f74ec646b7890896
http://cn.west.travel  UserName:admin  MD5:bfa64cbcea931592
http://www.5k58.com  UserName:my_admin  MD5:63d4b32999ceb403
http://www.ynguzhen.com  UserName:admin  MD5:da7de4810c96042f
http://www.tjbfyy.com  UserName:admin  MD5:e338c11d91a56de5
http://www.17jzg.com  UserName:admin  MD5:3f53f9fc4e1b51ca
http://www.catholic.cd  UserName:admin  MD5:335cc2acb8ce87fb
http://www.ziweifu.com  UserName:leadcom  MD5:37a7ce29dc602a59
http://www.jpxf.com  UserName:admin  MD5:005bf9a430660367
http://www.dipujie.com  UserName:admin  MD5:7a57a5a743894a0e
http://www.gk116.cn  UserName:admin  MD5:f920ca1c9f9a5ec8
http://www.hep6.com  UserName:admin  MD5:3075dcad135e26cd
http://www.mbzhan.com  UserName:admin  MD5:affaa0cca5eecba7
http://www.jzmoban.com  UserName:admin  MD5:bc5d348b09b42fad
http://www.bdfch.com  UserName:admin  MD5:a0f32b688a015346
http://www.5loveb.com  UserName:admin  MD5:b9f1e3d940d5aa12
http://www.youkeyou.com  UserName:fanren  MD5:b9e2e489de343173
http://www.sdzsxx.net  UserName:admin  MD5:9e2b8eae02a5606b
http://www.119cumt.com  UserName:admin  MD5:b02759daf7814712
http://www.51ou.com  UserName:adminsswqzxdede51oucom  MD5:ad32fb0f66e2f3ad
http://www.maomaome.com  UserName:admin  MD5:be27139e41c93cab
http://news.xuejiqiao.com  UserName:admin  MD5:d94a6ea252fd0165
http://www.hxlaa.com  UserName:xiao  MD5:6b41eb2011dcf129
http://www.zz1x.com  UserName:btao24  MD5:24656dcb484a04b2
http://www.525222.com  UserName:lotus  MD5:1c9b9131355627bc
http://www.shouwutang.com  UserName:admin  MD5:4394dda586a2b734
http://202.196.33.231  UserName:yxz  MD5:293f3c88011d98e6
http://www.qbzjw.org  UserName:admin  MD5:e2695f8bed7ea430
http://www.mtksj.com  UserName:youzhibin  MD5:9a3eecebbaee7162
http://www.ajzw.gov.cn  UserName:admin  MD5:0e1b2a7b1edad7bc
http://www.hrbcct.com  UserName:Fabu  MD5:8a6107e9574674cc08dbe6b43b43
http://www.52bus.com  UserName:admin  MD5:9716bbd9f69b4582
http://www.robotain.com  UserName:robotain  MD5:dab90ff1f6b416f1
http://www.justds.com  UserName:admin  MD5:87561d5afa5ba709
http://www.cnyako.com  UserName:didi8765  MD5:a7d6fe7baaff92f9
http://www.chromegame.org  UserName:admin_Game@123  MD5:34471f652c9ef6bd
http://www.tgindt.com  UserName:admin  MD5:fab11a8a46bc41a5
http://www.gzhifi.com  UserName:admin  MD5:c262973e4f9d8fbe
http://www.chinajianyang.com  UserName:admin  MD5:be692a77e34d959c

漏洞证明：

http://www.abingjs.com  UserName:admin  MD5:3e7a64d84683d218
http://www.sunnyi.cn  UserName:kicshop7356  MD5:0d735d1d077e5e24
http://www.duhoo.net  UserName:admin  MD5:a7389ec9ad889c29
http://www.0731jkj.com  UserName:xzs  MD5:fcec6c9ff7085e39
http://www.dailysilver.org  UserName:admin  MD5:86c7fbcd6ecf5109
http://www.zgwhzsh.com  UserName:yangyinghao1986  MD5:6e15b19a4038f470
http://www.2h2d.com.tw  UserName:xiangge  MD5:b1827488e9f7eff2
http://www.mobage.tw  UserName:admin  MD5:96b405ddbdad8f74
http://www.emxinc.cn  UserName:admin  MD5:e18b5117f85a6346
http://www.sdjgj.gov.cn  UserName:admin  MD5:14d9995171425f42
http://www.makkee.com.hk  UserName:admin  MD5:7a57a5a743894a0e
http://www.szgt.gov.cn  UserName:admin  MD5:b93a0dc3b77e2c3f
http://www.tpdmacao.org  UserName:admin  MD5:6ea6b7fa02701b1e
http://www.scncpa-l-tax.gov.cn  UserName:admin  MD5:14867e1ed882aac2
http://www.xjcare.com  UserName:admin  MD5:8bc0d65d453b6f23
http://www.p-expo.com  UserName:zhsp  MD5:1e1d244ffb13f2e6
http://www.jshuabo.com  UserName:admin  MD5:049c26fd1a481a7d
http://www.tzfeilu.com  UserName:tzgly  MD5:7a57a5a743894a0e
http://www.annoroad.com  UserName:admin  MD5:7136b455e18b5e2c
http://www.jnwater.com.cn  UserName:jnwater  MD5:8e471f1a0b8440ad
http://sdjn.evergrande.com  UserName:admin  MD5:3a416e73140f2d19
http://www.cbfq.cn  UserName:admin  MD5:f9b98be32100c3a1
http://bjuu.xdf.cn  UserName:admin  MD5:d2e917195d57a8b8
http://www.cautism.com  UserName:kangda  MD5:0e0b2e56dc5d5905
http://www.amt.com.cn  UserName:admin  MD5:ec411cb0044be977
http://www.d-heaven.com  UserName:cmsadmin  MD5:50ea5839b500fd74
http://nsca-shanghai.com.cn  UserName:admin  MD5:bc356ff2d42e0dcf
http://www.zmnedu.com  UserName:admin  MD5:7925a2c5b49147ff
http://www.cis-expo.com  UserName:admin  MD5:59c5e1d09a804986
http://www.zoyue.com  UserName:chinawwhb  MD5:df5ab255f3c91ae5
http://www.ugitc.com  UserName:admin  MD5:a7a0bd9ef71d8cf9
http://www.eb5yimin.com  UserName:yimin  MD5:12b0fa625f9c6733
http://www.gzptly.com  UserName:cncolour  MD5:4d7191e8c276e745
http://www.weilanshi.com  UserName:admin  MD5:571e55e4f3544600
http://www.jsjyha.com  UserName:admin  MD5:c10beb229a472662
http://www.the9edu.com  UserName:admin  MD5:b2b4dcab418c486b
http://www.csc114.com  UserName:admin  MD5:fc74c3c9621715ba
http://www.cnasthma.com  UserName:nahan  MD5:c831b04de153469d
http://old.5tv.com.cn  UserName:admin  MD5:67ac90f8b98ab4b8
http://www.fanstour.com  UserName:zhf@  MD5:95de932938d9a947
http://www.yfzdc.com  UserName:admin  MD5:28c460b82f54fb43
http://www.astv.com.cn  UserName:admin  MD5:6901773399d581a7
http://www.ginzza.net  UserName:teqhost  MD5:9ebb052280d37ccd
http://www.habc.org.cn  UserName:habc  MD5:469e80d32c0559f8
http://www.gdsme.org  UserName:admin  MD5:534232ee8a562849
http://www.bdwsj.gov.cn  UserName:admin  MD5:1456b237f44533a0
http://fzone.oushinet.com  UserName:admin  MD5:45e3f273326e4ea3
http://www.kidney-cares.org  UserName:administrator  MD5:3b407eafc243a082
http://www.dbond.net  UserName:chuming  MD5:6ba60d779d0aebbb
http://www.hnsbxh.org  UserName:abc  MD5:5e55395d57dc3f8a
http://www.imwchina.com  UserName:admin  MD5:d1e9b30508e63064
http://www.dgtoyota.com  UserName:myadmin  MD5:65914e6f8121f88c
http://www.daojiayouxue.com  UserName:admin  MD5:b9a0f64d09f6ab68
http://www.yxlw.org  UserName:cdgadmin  MD5:d08214e252decf49
http://www.trust-trust.com  UserName:stadmin1  MD5:79558095a64eb822
http://www.simon-sh.com  UserName:webadmin  MD5:e139be103324d04d
http://www.forhead.org  UserName:admin  MD5:69b1e3ec2f699258
http://www.wssng.com  UserName:admin  MD5:bfb709dd58931f5f
http://www.lzmcwx.com  UserName:admin  MD5:4b88cd2afde80fd2
http://www.hrzh.org  UserName:admin  MD5:ac8fc472994386de
http://grandmarkrealty.net  UserName:admin  MD5:786624e951f4fcbf
http://www.xbtcm.com  UserName:admin  MD5:9dc96c496966a7f6
http://pingnannews.com  UserName:admin  MD5:e2a900c259ab31e3
http://www.gzyjtoyota.com  UserName:myadmin  MD5:65914e6f8121f88c
http://www.cchmis.cn  UserName:CcadMaster  MD5:568393db540b9ad1
http://www.xzxinli.com  UserName:admin  MD5:4b143e089e10b1ea
http://www.uestcp.com.cn  UserName:liujinsong  MD5:a85340b1e913e0f7
http://www.hzxhly.gov.cn  UserName:admin  MD5:93e482461b714777
http://nkbayy.com  UserName:admin  MD5:029cf707939e886e
http://www.yz918.com  UserName:xtybfgu  MD5:52376ea9c7864ec8
http://hee.ctgu.edu.cn  UserName:admin  MD5:2745542386421305
http://www.sygdw.com  UserName:sygdw  MD5:291c3bb684559dfd
http://www.tongcard.net  UserName:admin  MD5:06150a04f5c163bb
http://www.koons.com.cn  UserName:admin  MD5:3996abdb71e2b508
http://www.valveyoto.com  UserName:admin  MD5:c1f3a636c05f8257
http://www.rw-wine.com  UserName:ruiwen_com2  MD5:891715ef8ceb1f7b
http://lib.qionghai.gov.cn  UserName:abc  MD5:5e55395d57dc3f8a
http://www.redbudgroup.org.cn  UserName:redbud_admin  MD5:33b34179526e12fa
http://www.fiesta.com.hk  UserName:admin  MD5:204233f582152996
http://www.fzys120.com  UserName:admin  MD5:39ff38e667472281
http://www.duoge007.com  UserName:duoge  MD5:cd75f87177b6febe
http://www.jssybz.com  UserName:sydw  MD5:7a57a5a743894a0e
http://www.dianfei.org  UserName:admin  MD5:b4242280103410dd
http://zjjzc.com  UserName:zjjweb  MD5:464f0b3d6e2efc34
http://www.013578.com  UserName:JINCHENG  MD5:72c1cef643c98e3a
http://www.66663333.com  UserName:admin  MD5:a5c9293c54538f08
http://www.ka147.com  UserName:admin  MD5:11c605acc3884920
http://www.114228.com  UserName:admin  MD5:1fafc8de44826dcc
http://www.zikaohn.com  UserName:33739321  MD5:65065adf021239e3
http://www.syygyy.com  UserName:cityroom  MD5:9c9105140e72c7dd
http://www.lzhxzx.net  UserName:admin  MD5:c768f674f3c92add
http://www.yixtnb.com  UserName:admin  MD5:edbe6a86266db44f
http://www.refeng.net  UserName:papaya  MD5:373f8e6fc6733f27
http://www.zaozhuangly.com  UserName:admin  MD5:49ba59abbe56e057
http://www.86123123.com  UserName:admin  MD5:17e72fccd326b99f
http://www.zdhbo.com  UserName:admin  MD5:7652bd870b7cecb0
http://www.sccj6.com  UserName:admin  MD5:1a4224be9e6c0b72
http://www.yaosuanteng.com  UserName:mafeng  MD5:8bd3e402498dce41
http://www.086kqw.com  UserName:admin  MD5:5b16336c3d67ba49
http://www.yotolo.com  UserName:tujyce  MD5:03d53c9a2395b002
http://www.tmwh.com  UserName:admin  MD5:164dbb260505c63d
http://www.goozjj.com  UserName:admin  MD5:b43a54b73b6a221f
http://www.hyzhengxing.com  UserName:admin  MD5:e32ec5c3f5a117b4
http://www.bjbaoye.com  UserName:byadmin  MD5:3a2cd1a22cea1640
http://www.bjchmnw.com  UserName:admin  MD5:3bae929f37819e58
http://www.biantawang.com  UserName:mym  MD5:f200218ff5285ab0
http://www.dgxxw.net  UserName:hbpeixun  MD5:576e62b2d91c7470
http://www.naisee.com  UserName:cgaga  MD5:3f1126d1e89c3eed
http://dhaow.com  UserName:admin  MD5:7a57a5a743894a0e
http://zuimeijia.com  UserName:admin  MD5:f615b40fd9022ef0
http://www.516diy.com  UserName:zhoucheng  MD5:c6139c908de4a604
http://www.gxbyby.com  UserName:admin  MD5:deef630e71f718d9
http://www.siyin123.com  UserName:admin  MD5:eb853cd377ff4934
http://www.yingqin.org  UserName:yingwenhua  MD5:49ba59abbe56e057
http://www.losewz.com  UserName:admin  MD5:13d2f30b108c3f8c
http://www.021shangbiao.com  UserName:admin  MD5:5a55685595a72b2c
http://www.xinkegbyy.com  UserName:admin  MD5:2ce4a75eb264485b
http://www.sh414.com  UserName:shenekin  MD5:247c7fb160a440dd
http://www.shiyoupeixun.com  UserName:mqzhqf  MD5:25c1daccb05322d6
http://www.hxxt.cn  UserName:admin  MD5:a24cfb649f754bb0
http://www.nm18.com  UserName:apider  MD5:4efe0b194e966523
http://www.tao1638.com  UserName:admin  MD5:7a57a5a743894a0e
http://www.tailum.com  UserName:admin  MD5:ad961b25c9b37e7f
http://www.tsgbyy.com  UserName:admin  MD5:49ba59abbe56e057
http://www.mydcj.com  UserName:bianhy  MD5:39576dd3c96ed626
http://www.120xd.com  UserName:admin  MD5:13955235245b2497
http://www.renliu365.com  UserName:0779admin  MD5:ade0ca12790eb95c
http://www.028chuzhou.com  UserName:admin  MD5:f1ee5a1be7bb4fe8
http://www.tiandily.com  UserName:tiandily2010  MD5:f5facda10893b2e2
http://www.zgditan.com  UserName:admin  MD5:f74ec646b7890896
http://cn.west.travel  UserName:admin  MD5:bfa64cbcea931592
http://www.5k58.com  UserName:my_admin  MD5:63d4b32999ceb403
http://www.ynguzhen.com  UserName:admin  MD5:da7de4810c96042f
http://www.tjbfyy.com  UserName:admin  MD5:e338c11d91a56de5
http://www.17jzg.com  UserName:admin  MD5:3f53f9fc4e1b51ca
http://www.catholic.cd  UserName:admin  MD5:335cc2acb8ce87fb
http://www.ziweifu.com  UserName:leadcom  MD5:37a7ce29dc602a59
http://www.jpxf.com  UserName:admin  MD5:005bf9a430660367
http://www.dipujie.com  UserName:admin  MD5:7a57a5a743894a0e
http://www.gk116.cn  UserName:admin  MD5:f920ca1c9f9a5ec8
http://www.hep6.com  UserName:admin  MD5:3075dcad135e26cd
http://www.mbzhan.com  UserName:admin  MD5:affaa0cca5eecba7
http://www.jzmoban.com  UserName:admin  MD5:bc5d348b09b42fad
http://www.bdfch.com  UserName:admin  MD5:a0f32b688a015346
http://www.5loveb.com  UserName:admin  MD5:b9f1e3d940d5aa12
http://www.youkeyou.com  UserName:fanren  MD5:b9e2e489de343173
http://www.sdzsxx.net  UserName:admin  MD5:9e2b8eae02a5606b
http://www.119cumt.com  UserName:admin  MD5:b02759daf7814712
http://www.51ou.com  UserName:adminsswqzxdede51oucom  MD5:ad32fb0f66e2f3ad
http://www.maomaome.com  UserName:admin  MD5:be27139e41c93cab
http://news.xuejiqiao.com  UserName:admin  MD5:d94a6ea252fd0165
http://www.hxlaa.com  UserName:xiao  MD5:6b41eb2011dcf129
http://www.zz1x.com  UserName:btao24  MD5:24656dcb484a04b2
http://www.525222.com  UserName:lotus  MD5:1c9b9131355627bc
http://www.shouwutang.com  UserName:admin  MD5:4394dda586a2b734
http://202.196.33.231  UserName:yxz  MD5:293f3c88011d98e6
http://www.qbzjw.org  UserName:admin  MD5:e2695f8bed7ea430
http://www.mtksj.com  UserName:youzhibin  MD5:9a3eecebbaee7162
http://www.ajzw.gov.cn  UserName:admin  MD5:0e1b2a7b1edad7bc
http://www.hrbcct.com  UserName:Fabu  MD5:8a6107e9574674cc08dbe6b43b43
http://www.52bus.com  UserName:admin  MD5:9716bbd9f69b4582
http://www.robotain.com  UserName:robotain  MD5:dab90ff1f6b416f1
http://www.justds.com  UserName:admin  MD5:87561d5afa5ba709
http://www.cnyako.com  UserName:didi8765  MD5:a7d6fe7baaff92f9
http://www.chromegame.org  UserName:admin_Game@123  MD5:34471f652c9ef6bd
http://www.tgindt.com  UserName:admin  MD5:fab11a8a46bc41a5
http://www.gzhifi.com  UserName:admin  MD5:c262973e4f9d8fbe
http://www.chinajianyang.com  UserName:admin  MD5:be692a77e34d959c

修复方案：

防

版权声明：转载请注明来源我来找快乐@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：20

确认时间：2014-03-05 09:38

厂商回复：

CNVD确认并复现所述情况，根据测试用例，已经转由CNCERT通过对应省份分中心下发，同时已经组织全国分中心验证和处置涉及本省的政府网站案例。按通用软件漏洞案例进行评分，rank 20+
如果白帽子有基于主动式检测（非google hack）的识别方法，也请进一步告知，以便CNCERT做好全互联网的应急工作。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-052276

漏洞标题：DedeCms某Nday注射漏洞大面积爆发(打包)

相关厂商：Dedecms

漏洞作者：我来找快乐

提交时间：2014-02-28 14:49

修复时间：2014-04-14 14:50

公开时间：2014-04-14 14:50

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源我来找快乐@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-052276

漏洞标题：DedeCms某Nday注射漏洞大面积爆发(打包)

相关厂商：Dedecms

漏洞作者： 我来找快乐

提交时间：2014-02-28 14:49

修复时间：2014-04-14 14:50

公开时间：2014-04-14 14:50

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2014-052276"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 我来找快乐@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：我来找快乐

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源我来找快乐@乌云