漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-081346
漏洞标题:天极网分站存在高危SQL注射(数百万数据告急)
相关厂商:天极传媒集团
漏洞作者: 黑暗游侠
提交时间:2014-10-30 13:38
修复时间:2014-12-14 13:40
公开时间:2014-12-14 13:40
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-10-30: 细节已通知厂商并且等待厂商处理中
2014-10-30: 厂商已经确认,细节仅向厂商公开
2014-11-09: 细节向核心白帽子及相关领域专家公开
2014-11-19: 细节向普通白帽子公开
2014-11-29: 细节向实习白帽子公开
2014-12-14: 细节向公众公开
简要描述:
天极网分站存在高危SQL注射 # 百万数据告急
详细说明:
天极网分站存在高危SQL注射 # 千万数据告急
count例证
漏洞证明:
注射地址:
available databases [14]:
[*] information_schema
[*] mysql
[*] performance_schema
[*] picbbs
[*] qunle
[*] qunle20
[*] test
[*] tipask
[*] ucenter
[*] ucenter16
[*] ucenter_zh
[*] uchome
[*] wenda_import_bak
[*] yesky_zhidao
Database: wenda_import_bak
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| crawl_answer_yahoo | 2757257 |
| da_baiduzhidao4 | 2611733 |
| crawl_answer_sohu | 1553058 |
| ask_site_title | 1245540 |
| wen_baiduzhidao4 | 925275 |
| wenda_title | 585526 |
| da_baiduzhidao3 | 569055 |
| ask_site_context_0914 | 565811 |
| da_baiduzhidao2 | 546341 |
| ask_site_context | 384072 |
| crawl_answer_pconline | 362133 |
| da_baiduzhidao1 | 319036 |
| wenda_context | 310427 |
| crawl_question_sohu | 291220 |
| wen_baiduzhidao3 | 168278 |
| wen_baiduzhidao2 | 150660 |
| wen_baiduzhidao1 | 107281 |
| crawl_question_pconline | 16025 |
| crawl_question_yahoo | 4 |
+---------------------------------------+---------+
Database: ucenter16
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| cdb_uc_memberfields | 794660 |
| cdb_uc_members | 790138 |
| cdb_uc_tags | 117052 |
| cdb_uc_pm_indexes | 8604 |
| cdb_uc_pms | 7464 |
| cdb_uc_pm_members | 5900 |
| cdb_uc_pm_lists | 3046 |
| cdb_uc_pm_messages_7 | 936 |
| cdb_uc_pm_messages_6 | 922 |
| cdb_uc_pm_messages_5 | 905 |
| cdb_uc_pm_messages_8 | 897 |
| cdb_uc_pm_messages_9 | 861 |
| cdb_uc_pm_messages_0 | 843 |
| cdb_uc_pm_messages_2 | 841 |
| cdb_uc_pm_messages_3 | 836 |
| cdb_uc_newpm | 814 |
| cdb_uc_pm_messages_1 | 797 |
| cdb_uc_pm_messages_4 | 743 |
| cdb_uc_notelist | 605 |
| cdb_uc_friends | 535 |
| cdb_uc_settings | 27 |
| cdb_uc_admins | 3 |
| cdb_uc_applications | 3 |
| cdb_uc_failedlogins | 3 |
+---------------------------------------+---------+
Database: performance_schema
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| setup_consumers | 8 |
| performance_timers | 5 |
| setup_timers | 1 |
+---------------------------------------+---------+
Database: picbbs
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| pre_ucenter_members | 138587 |
| pre_common_member | 50000 |
| pre_common_district | 45051 |
| pre_forum_statlog | 14407 |
| pre_forum_post_tableid | 13547 |
| pre_forum_thread | 13544 |
| pre_forum_post | 13535 |
| pre_forum_threadaddviews | 3935 |
| pre_forum_forum | 632 |
| tmp_forum | 619 |
| pre_common_setting | 432 |
| pre_common_stylevar | 270 |
| pre_forum_attachment | 241 |
| pre_forum_forumfield | 143 |
| pre_forum_rsscache | 116 |
| pre_common_syscache | 111 |
| pre_common_block_style | 103 |
| pre_forum_threadimage | 90 |
| pre_common_smiley | 85 |
| pre_common_admincp_perm | 67 |
| pre_common_member_profile_setting | 51 |
| pre_common_nav | 48 |
| pre_forum_attachment_1 | 38 |
| pre_common_credit_rule | 31 |
| pre_forum_attachment_7 | 31 |
| pre_forum_attachment_2 | 29 |
| pre_common_tagitem | 27 |
| pre_forum_attachment_unused | 27 |
| pre_ucenter_settings | 26 |
| pre_forum_attachment_0 | 25 |
| pre_forum_attachment_3 | 24 |
| pre_forum_attachment_8 | 24 |
| pre_common_cron | 21 |
| pre_forum_attachment_9 | 21 |
| pre_common_usergroup | 20 |
| pre_common_usergroup_field | 20 |
| pre_forum_sofa | 18 |
| pre_home_click | 15 |
| pre_common_plugin | 12 |
| pre_forum_threadclass | 12 |
| pre_forum_attachment_4 | 10 |
| pre_forum_medal | 10 |
| pre_common_credit_rule_log | 8 |
| pre_common_admingroup | 7 |
| pre_common_tag | 7 |
| pre_forum_attachment_6 | 7 |
| pre_common_member_field_forum | 6 |
| pre_common_style | 6 |
| pre_common_template | 6 |
| pre_forum_typeoption | 6 |
| pre_common_admincp_group | 5 |
| pre_common_member_count | 5 |
| pre_common_member_field_home | 5 |
| pre_common_member_profile | 5 |
| pre_common_member_status | 5 |
| pre_forum_attachment_5 | 5 |
| pre_ucenter_memberfields | 5 |
| pre_forum_bbcode | 4 |
| pre_forum_onlinelist | 4 |
| pre_forum_grouplevel | 3 |
| pre_forum_imagetype | 3 |
| pre_home_notification | 3 |
| pre_common_admincp_cmenu | 2 |
| pre_common_block | 2 |
| pre_common_failedlogin | 2 |
| pre_common_stat | 2 |
| pre_common_template_block | 2 |
| pre_common_word_type | 2 |
| pre_forum_filter_post | 2 |
| pre_mobile_setting | 2 |
| pre_common_admincp_session | 1 |
| pre_common_diy_data | 1 |
| pre_common_failedip | 1 |
| pre_common_member_validate | 1 |
| pre_common_onlinetime | 1 |
| pre_common_statuser | 1 |
| pre_forum_newthread | 1 |
| pre_forum_threadmod | 1 |
| pre_forum_threadprofile | 1 |
| pre_ucenter_admins | 1 |
| pre_ucenter_applications | 1 |
+---------------------------------------+---------+
Database: qunle
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| cdb_threads_queue_1 | 7511386 |
| cdb_threadtags | 5260852 |
| cdb_favoritethreads | 4563367 |
| cdb_posts | 4535477 |
| cdb_posts_bak | 3107630 |
| pre_common_member_profile | 3032971 |
| cdb_memberfields | 2934086 |
| cdb_members | 2926720 |
| cdb_forums_queue | 2390736 |
| cdb_attachments | 1058748 |
| cdb_purifyhylanda | 825732 |
| cdb_threads | 722263 |
| cdb_threads_view | 722263 |
| cdb_prompt | 692661 |
| ls_cdb_threads | 654439 |
| cdb_threads_bak20111207 | 628188 |
| cdb_uc_memberfields | 505514 |
| cdb_uc_members | 500937 |
| cdb_threadsmod | 263937 |
| cdb_mytasks | 200328 |
| cdb_threads_queue | 189769 |
| cdb_uc_tags | 116209 |
| cdb_tags | 101603 |
| cdb_onlinetime | 70419 |
| cdb_xwb_bind_info | 21047 |
| cdb_debateposts | 19831 |
| cdb_xwb_bind_thread | 14772 |
| cdb_creditslog | 13233 |
| cdb_modworks | 8287 |
| cdb_uc_pms | 7464 |
| cdb_words | 7032 |
| cdb_regips | 6864 |
| cdb_memberrecommend | 6617 |
| cdb_ratelog | 5812 |
| cdb_uc_notelist | 4367 |
| cdb_rsscaches | 3599 |
| cdb_czwpostplus_threadsmood | 3367 |
| cdb_attachpaymentlog | 3148 |
| cdb_warnings | 2622 |
| cdb_paymentlog | 2291 |
| cdb_medallog | 2203 |
| cdb_polloptions | 2174 |
| cdb_attachmentfields | 2149 |
| cdb_favorites | 1672 |
| cdb_rewardlog | 1420 |
| cdb_postposition | 1375 |
| cdb_czwpostplus_threads | 1246 |
| cdb_czwpostplus_fae | 1230 |
| cdb_czwpostplus_posts | 978 |
| cdb_optionvalue277 | 761 |
| cdb_ks_mod_money | 578 |
| cdb_uc_friends | 521 |
| cdb_activityapplies | 462 |
| cdb_note_mmm | 459 |
| cdb_moderators | 451 |
| cdb_uc_newpm | 446 |
| cdb_baidu_bind | 440 |
| cdb_polls | 397 |
| cdb_threadtypes | 313 |
| cdb_forumfields | 274 |
| cdb_settings | 253 |
| cdb_forums | 242 |
| cdb_forums_view1 | 242 |
| cdb_request | 226 |
| cdb_reportlog | 194 |
| cdb_favoriteforums | 159 |
| cdb_smilies | 140 |
| cdb_dps_medalapplies | 135 |
| cdb_typeoptionvars | 128 |
| cdb_stylevars | 95 |
| cdb_pluginvars | 92 |
| cdb_statvars | 91 |
| cdb_typeoptions | 73 |
| cdb_stats | 64 |
| cdb_spacecaches | 54 |
| cdb_activities | 53 |
| cdb_giftlog | 50 |
| cdb_medals | 48 |
| cdb_caches | 44 |
| cdb_admincustom | 41 |
| cdb_dps_medalfields | 39 |
| cdb_faqs | 34 |
| cdb_usergroups | 34 |
| cdb_debates | 30 |
| cdb_taskvars | 28 |
| cdb_crons | 26 |
| cdb_advertisements | 24 |
| cdb_uc_settings | 24 |
| cdb_ks_mod_czlog | 22 |
| cdb_plugins | 21 |
| cdb_jobcenter | 18 |
| cdb_jobcenterreg | 18 |
| cdb_jobcenterstats | 17 |
| cdb_myrepeats | 16 |
| cdb_2fly_gift | 15 |
| cdb_banned | 14 |
| cdb_projects | 13 |
| cdb_gifts | 12 |
| cdb_magics | 12 |
| cdb_tasks | 11 |
| cdb_admingroups | 8 |
| cdb_onlinelist | 7 |
| cdb_prompttype | 7 |
| cdb_typevars | 7 |
| cdb_dps_medaltypes | 6 |
| cdb_grab_signin | 6 |
| cdb_typemodels | 6 |
| cdb_bbcodes | 5 |
| cdb_navs | 5 |
| cdb_ranks | 5 |
| cdb_trades | 5 |
| cdb_addons | 4 |
| cdb_imagetypes | 4 |
| cdb_itempool | 4 |
| cdb_jobcenterdig | 4 |
| cdb_ks_mod | 3 |
| cdb_pluginhooks | 3 |
| cdb_styles | 2 |
| cdb_templates | 2 |
| cdb_uc_admins | 2 |
| ls_monitor | 2 |
| cdb_adminactions | 1 |
| cdb_adminsessions | 1 |
| cdb_failedlogins | 1 |
| cdb_forumlinks | 1 |
| cdb_forumrecommend | 1 |
| cdb_ks_mod_admin | 1 |
| cdb_ks_mod_log | 1 |
| cdb_ks_mod_pingjia | 1 |
| cdb_optionvalue234 | 1 |
| cdb_profilefields | 1 |
| cdb_uc_applications | 1 |
| ls_innodb | 1 |
+---------------------------------------+---------+
Database: mysql
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| help_relation | 993 |
| help_topic | 506 |
| help_keyword | 452 |
| `user` | 73 |
| db | 71 |
| help_category | 38 |
| proxies_priv | 2 |
| tables_priv | 1 |
+---------------------------------------+---------+
Database: ucenter
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| uc_members | 1719167 |
| uc_memberfields | 1678844 |
| uc_tags | 201243 |
| uc_newpm | 173382 |
| uc_friends | 129139 |
| uc_notelist | 107398 |
| uc_pms | 19756 |
| uc_settings | 27 |
| uc_applications | 14 |
| uc_protectedmembers | 6 |
| uc_admins | 1 |
| uc_failedlogins | 1 |
| uc_members_bak | 1 |
+---------------------------------------+---------+
Database: test
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| pre_common_district | 45051 |
| pre_common_setting | 385 |
| pre_common_syscache | 104 |
| pre_common_block_style | 103 |
| pre_common_stylevar | 90 |
| pre_common_smiley | 85 |
| pre_common_nav | 80 |
| pre_common_admincp_perm | 67 |
| pre_common_member_profile_setting | 51 |
| pre_forum_forumfield | 46 |
| pre_forum_forum | 45 |
| pre_forum_post | 34 |
| pre_forum_post_tableid | 34 |
| pre_forum_thread | 32 |
| pre_common_credit_rule | 31 |
| pre_forum_statlog | 27 |
| pre_ucenter_settings | 26 |
| pre_common_magic | 24 |
| pre_home_notification | 24 |
| pre_common_pluginvar | 21 |
| pre_common_usergroup | 20 |
| pre_common_usergroup_field | 20 |
| pre_common_cron | 18 |
| pre_home_click | 15 |
| pre_common_stat | 12 |
| pre_common_plugin | 11 |
| pre_common_block_item | 10 |
| pre_forum_forumrecommend | 10 |
| pre_forum_medal | 10 |
| pre_common_credit_log | 8 |
| pre_common_credit_rule_log | 8 |
| pre_forum_attachment | 8 |
| pre_common_admingroup | 7 |
| pre_forum_threadmod | 7 |
| pre_forum_typeoption | 6 |
| pre_common_admincp_group | 5 |
| pre_common_friendlink | 5 |
| pre_common_member | 5 |
| pre_common_member_count | 5 |
| pre_common_member_field_forum | 5 |
| pre_common_member_field_home | 5 |
| pre_common_member_profile | 5 |
| pre_common_member_status | 5 |
| pre_commo
修复方案:
紧急修复
版权声明:转载请注明来源 黑暗游侠@乌云
漏洞回应
厂商回应:
危害等级:低
漏洞Rank:3
确认时间:2014-10-30 13:57
厂商回复:
非常感谢您对我们网站安全的关注,非常感谢。
最新状态:
暂无