当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0116336

漏洞标题:圣才学习网另一处SQL注入(影响20万用户数据)

相关厂商:100eshu.com

漏洞作者: harbour_bin

提交时间:2015-05-27 10:31

修复时间:2015-07-11 18:32

公开时间:2015-07-11 18:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-27: 细节已通知厂商并且等待厂商处理中
2015-05-27: 厂商已经确认,细节仅向厂商公开
2015-06-06: 细节向核心白帽子及相关领域专家公开
2015-06-16: 细节向普通白帽子公开
2015-06-26: 细节向实习白帽子公开
2015-07-11: 细节向公众公开

简要描述:

查看了上回提交的漏洞 圣才学习网某处SQL注入导致管理员账号泄漏+20万用户数据泄漏(涉及手机号、邮箱、QQ号等敏感信息). 厂商指哪打哪, 都没有认真检查一下.
同一处发现另一个SQL注入, 希望注意!
同时, 发现可以影响圣才题库网数据库(是其兄弟网站)
同时, 发现圣才学习网后台地址. 很严重了,哎!
一句话:很严重啊,望厂商注意吧!

详细说明:

1、注入url : http://www.100eshu.com/Member/MyAccount/myOrder.aspx
2、注入点OrderStatusTypeCode(应该懂得)

注入点.png


3、依据数据结果,发现sctkNew/sctkNew_hubo居然是兄弟网站圣才题库网的数据库
4、然后还发现了圣才电子书后台, 提交的上一个洞,已经有相应的管理员信息,有后台地址有用户名、密码,不言而喻,不深入了

漏洞证明:

1、证明圣才题库网和圣才电子书电子书在同一站点

IP.png


IP1.png


2、证明注入点和数据库

注入点.png


dbs.png


3、圣才电子书和圣才题库网数据库表的信息

Database: SCEbook
[146 tables]
+------------------------------------+
| AdminRight                         |
| AdminRole                          |
| AdminUser                          |
| Advertisement                      |
| Agent                              |
| AllMemberInfo                      |
| All_TJ                             |
| All_TJ_Download_Exam               |
| All_TJ_Download_Exam_TK            |
| All_TJ_Download_XXSub              |
| All_TJ_TK                          |
| ApplePrice                         |
| BankList                           |
| BlackListIP                        |
| BookAgent                          |
| BookRelate                         |
| Config                             |
| ConfigCode                         |
| CorpInfo                           |
| Data                               |
| DataCategory                       |
| DataCheckReason                    |
| DataOperate                        |
| DataReport                         |
| DictionaryTable                    |
| DomainCategory                     |
| EBookArr                           |
| EBookConverting                    |
| EBookIdAndAgent                    |
| EBookIdAndAgentRenda               |
| EBook_Media                        |
| Ebook                              |
| EbookActMember                     |
| EbookAdvertisement                 |
| EbookCategory                      |
| EbookCategoryFTP                   |
| EbookCategorySub                   |
| EbookCategorySub_Ebook             |
| EbookCheckReason                   |
| EbookComment                       |
| EbookCommentReply                  |
| EbookDemo                          |
| EbookDraft                         |
| EbookEvaluateSetting               |
| EbookExpire                        |
| EbookFeedBack                      |
| EbookFeedBackReply                 |
| EbookGroup                         |
| EbookGroupElement                  |
| EbookOperate                       |
| EbookPwd                           |
| EbookPwdGenerate                   |
| EbookRecommend                     |
| EbookRecommendDetail               |
| EbookXueXi                         |
| Ebook_Apple                        |
| Ebook_Dangdang                     |
| EditorTool                         |
| EmailTemplate                      |
| Experience                         |
| FeeItem                            |
| FileInFolder                       |
| FolderCategory                     |
| FolderCategorySub                  |
| FolderCategorySub_Ebook            |
| FolderCategory_TJ                  |
| Help                               |
| HelpCategory                       |
| IpAddress                          |
| Log                                |
| MaterialPackage                    |
| MaterialRegistrationCodeModel      |
| Member                             |
| MemberAttr                         |
| MemberBankList                     |
| MemberBuy                          |
| MemberBuy_Stolen                   |
| MemberBuy_del                      |
| MemberClass                        |
| MemberClassRight                   |
| MemberFocus                        |
| MemberInstitute                    |
| MemberInvoice                      |
| MemberNetDisk                      |
| MemberOrder                        |
| MemberOrderPay                     |
| MemberRight                        |
| MemberRightItem                    |
| MemberRightItemCategory            |
| MemberSearchTJ                     |
| Menu                               |
| Message                            |
| MobileAdvisement                   |
| MobileInstructImage                |
| MobileInterfaceLimit               |
| MoneyWater                         |
| News                               |
| PageSeo                            |
| PayConfiguration                   |
| PlatBookDownLoad                   |
| PlatBookDownLoading                |
| PlatBookDownload_LastDay           |
| PlatBookDownload_LastMonth         |
| PlatBookDownload_LastYear          |
| PlatBookPublish                    |
| PlatBookPublishAndPlatBookDownLoad |
| PlatBookPublish_EbookTK            |
| PlatBookPublish_EbookTK_WithHezuo  |
| PlatCross                          |
| PricePasswordTJ                    |
| QQOpenId                           |
| Question                           |
| QuestionReply                      |
| QuoteProduct                       |
| RegistrationAttr                   |
| RegistrationCodeBatch              |
| RegistrationCodeBatch_bak          |
| RegistrationCodeModel              |
| RegistrationCodeModelBak           |
| RegistrationCodeModel_del          |
| ScNetDisk                          |
| Score                              |
| ScoreExchange                      |
| ScoreWater                         |
| TestCatTree                        |
| Tree                               |
| UserSearchTJ                       |
| VEbookAndApple                     |
| VEbookDownLoadCount                |
| VRenda                             |
| V_FavorAndDownloadList             |
| V_MemberBuyInfo                    |
| VarSize                            |
| View_1                             |
| View_2                             |
| View_EbookAndTb_E_QuestionPlan     |
| View_MemberOrderForCenterU         |
| Word                               |
| WordCategory                       |
| XXProductBuy                       |
| XXProductBuy_TJ                    |
| XXProductBuy_TJ_exam               |
| book                               |
| tempT                              |
| v_AliveCodeEBook                   |
| v_AliveCodeTiKu                    |
+------------------------------------+
Database: sctkNew
[196 tables]
+---------------------------------+
| AllProduct                      |
| BookAgent                       |
| Cities                          |
| Config                          |
| EbookCategoryFTP                |
| EbookXueXi                      |
| EmailTemplate                   |
| ExamState                       |
| MemberBuy                       |
| MemberBuy_del                   |
| MemberOrder                     |
| MemberOrderPay                  |
| MemberSearchTJ                  |
| PlatBookPublish                 |
| ProductSettings                 |
| Province                        |
| Question_Log                    |
| RegistrationCodeModel           |
| ScComShopCart                   |
| SearchEbookXueXi                |
| SearchQestionTJ                 |
| TB_E_PlanCollection             |
| T_Admin                         |
| T_BuyRelate                     |
| T_CreateIndex                   |
| T_Depart                        |
| T_ImportState                   |
| T_Level                         |
| T_Member_Action                 |
| T_Menus                         |
| T_Modules                       |
| T_QuestionIdAndAgent            |
| T_Role                          |
| T_RoleMenus                     |
| T_RoleModules                   |
| T_SystemLayout                  |
| T_SystemLog                     |
| T_User                          |
| T_UserInformation               |
| T_UserInformationDetailed       |
| T_UserMessage                   |
| T_User_Delete                   |
| T_User_news                     |
| T_VideoSelectRecord             |
| T__B_FtpConfige                 |
| Tb_E_ChapterClassTypeID         |
| Tb_E_ExamRoomType               |
| Tb_E_ExaminationSetting         |
| Tb_E_FullData                   |
| Tb_E_MobilePayInterFace         |
| Tb_E_MobilePayInterFace_bak     |
| Tb_E_Seo                        |
| Tb_E_UpgradeInstructions        |
| Tb_E_UserMotion                 |
| Tb_Search_ChapterClassTypeID    |
| Tb_e_AgentActivate              |
| Tb_e_GlobalEn                   |
| Tb_e_GlobalEncryption           |
| Tb_e_LearningRecord             |
| UserSearchTJ                    |
| V_EeverTrain                    |
| V_MyFavourites                  |
| V_Problem                       |
| V_QuestionFeedback              |
| V_QuestionInPlan                |
| V_QuestionPlan_Downloading      |
| V_ScoreSubmit                   |
| V_SelectQuestion                |
| V_SelectSearchQuestion          |
| View_MemberOrderForCenterU      |
| WordCategory                    |
| course                          |
| sysdiagrams                     |
| tb_AnswerRecord                 |
| tb_B_ADPosition                 |
| tb_B_Calendar                   |
| tb_B_CalendarSearch             |
| tb_B_CompreDate                 |
| tb_B_ExamSentimentSettings      |
| tb_B_Features                   |
| tb_B_GradeDetailed              |
| tb_B_MemberAccess               |
| tb_B_MemberS                    |
| tb_B_MoreRecommend              |
| tb_B_MyFavorites                |
| tb_B_QuestionPlanFeature        |
| tb_B_SCNews                     |
| tb_B_ShowSet                    |
| tb_B_UserJshezhi                |
| tb_B_Video                      |
| tb_B_Words                      |
| tb_B_WordsType                  |
| tb_Dic_ClassType                |
| tb_Dic_CompareItem              |
| tb_Dic_Feature                  |
| tb_Dic_FolderType               |
| tb_Dic_MenuManage               |
| tb_Dic_MenuManageButton         |
| tb_Dic_Permissions              |
| tb_Dic_QuePlanItem              |
| tb_Dic_QuestionClassType        |
| tb_Dic_QuestionType             |
| tb_Dic_QuestionTypeTotal        |
| tb_E_AccountCode                |
| tb_E_Ad                         |
| tb_E_AdBrowse                   |
| tb_E_AdClick                    |
| tb_E_BuildDataBase              |
| tb_E_BuildDataBaseNode          |
| tb_E_BuildDatabaseQuestion      |
| tb_E_Compare                    |
| tb_E_DaiJian                    |
| tb_E_DaiJinRoll                 |
| tb_E_DayTrain                   |
| tb_E_DeductionWith              |
| tb_E_DoQuestionSettings         |
| tb_E_DownQuestionPlan           |
| tb_E_Download                   |
| tb_E_EmailCode                  |
| tb_E_ExamAlert                  |
| tb_E_ExamArrange                |
| tb_E_ExamPaper                  |
| tb_E_ExamPaperNode              |
| tb_E_ExamPaperNodeQuestion      |
| tb_E_ExamPolicyItem             |
| tb_E_ExamPolicyNode             |
| tb_E_ExamRedo                   |
| tb_E_ExamRemind                 |
| tb_E_ExamSentiment              |
| tb_E_ExerciseGrade              |
| tb_E_FakeExamData               |
| tb_E_Favourites                 |
| tb_E_MachineCode                |
| tb_E_MailTemplate               |
| tb_E_Orders                     |
| tb_E_PaperCache                 |
| tb_E_PayConfiguration           |
| tb_E_Problem                    |
| tb_E_ProblemAnswered            |
| tb_E_ProblemSettings            |
| tb_E_ProdCommentReply           |
| tb_E_ProdComments               |
| tb_E_Product                    |
| tb_E_ProductGlobal              |
| tb_E_QuePlanShow                |
| tb_E_QuePlanShowGlobal          |
| tb_E_Question                   |
| tb_E_QuestionFeedback           |
| tb_E_QuestionPlan               |
| tb_E_QuestionTemp               |
| tb_E_Question_ForSearch         |
| tb_E_Receipt                    |
| tb_E_Recharge                   |
| tb_E_RegisterCodes              |
| tb_E_RegisterCodesBatch         |
| tb_E_RegisterCodes_del          |
| tb_E_Study                      |
| tb_E_StudyRecord                |
| tb_E_StudyRecordDetail          |
| tb_E_StudySentiment             |
| tb_E_StudySettings              |
| tb_E_SubjectRecommend           |
| tb_E_UserGrade                  |
| tb_E_UserRight                  |
| tb_E_VirtualInformation         |
| tb_E_WayTrain                   |
| tb_E_WebSite                    |
| tb_E_WorkFlow                   |
| tb_E_WorkState                  |
| tb_L_DownQueMenu                |
| tb_L_DownQueMenuButton          |
| tb_L_ExamUser                   |
| tb_L_QueMenu                    |
| tb_L_QueMenuButton              |
| tb_L_QuetioneTypeButton         |
| tb_PaperFolderCache             |
| tb_QuestionPlanComment          |
| tb_SearchDic_ClassType          |
| tb_SearchPaperDic_ClassType     |
| tb_Search_ExamPaper             |
| tb_Search_ExamPaperNode         |
| tb_Search_ExamPaperNodeQuestion |
| tb_Search_PaperQuePlan          |
| tb_Search_Question              |
| tb_Search_QuestionFeedback      |
| tb_Search_QuestionPlan          |
| tb_dic_ComperDateType           |
| tb_e_MobileAdvertising          |
| tb_e_PushInForMaTion            |
| tb_e_QuestionFeedbackReply      |
| tb_e_QuestionPlan_QueplanCT     |
| tb_e_Question_TJ                |
| tb_l_DownPaperQuePlan           |
| tb_l_PaperQuePlan               |
| tb_search_QuestionFeedbackReply |
| v_FeedbackPaper                 |
+---------------------------------+
Database: sctkNew_hubo
[194 tables]
+---------------------------------+
| AllProduct                      |
| BookAgent                       |
| Cities                          |
| Config                          |
| EbookCategoryFTP                |
| EbookXueXi                      |
| EmailTemplate                   |
| ExamState                       |
| MemberBuy                       |
| MemberOrder                     |
| MemberOrderPay                  |
| MemberSearchTJ                  |
| PlatBookPublish                 |
| ProductSettings                 |
| Province                        |
| Question_Log                    |
| RegistrationCodeModel           |
| ScComShopCart                   |
| SearchEbookXueXi                |
| SearchQestionTJ                 |
| TB_E_PlanCollection             |
| T_Admin                         |
| T_BuyRelate                     |
| T_CreateIndex                   |
| T_Depart                        |
| T_ImportState                   |
| T_Level                         |
| T_Member_Action                 |
| T_Menus                         |
| T_Modules                       |
| T_QuestionIdAndAgent            |
| T_Role                          |
| T_RoleMenus                     |
| T_RoleModules                   |
| T_SystemLayout                  |
| T_SystemLog                     |
| T_User                          |
| T_UserInformation               |
| T_UserInformationDetailed       |
| T_UserMessage                   |
| T_User_Delete                   |
| T_User_news                     |
| T_VideoSelectRecord             |
| T__B_FtpConfige                 |
| Tb_E_ChapterClassTypeID         |
| Tb_E_ExamRoomType               |
| Tb_E_ExaminationSetting         |
| Tb_E_FullData                   |
| Tb_E_MobilePayInterFace         |
| Tb_E_Seo                        |
| Tb_E_UpgradeInstructions        |
| Tb_E_UserMotion                 |
| Tb_Search_ChapterClassTypeID    |
| Tb_e_AgentActivate              |
| Tb_e_GlobalEn                   |
| Tb_e_GlobalEncryption           |
| Tb_e_LearningRecord             |
| UserSearchTJ                    |
| V_EeverTrain                    |
| V_MyFavourites                  |
| V_Problem                       |
| V_QuestionFeedback              |
| V_QuestionInPlan                |
| V_QuestionPlan_Downloading      |
| V_ScoreSubmit                   |
| V_SelectQuestion                |
| V_SelectSearchQuestion          |
| View_MemberOrderForCenterU      |
| WordCategory                    |
| course                          |
| sysdiagrams                     |
| tb_AnswerRecord                 |
| tb_B_ADPosition                 |
| tb_B_Calendar                   |
| tb_B_CalendarSearch             |
| tb_B_CompreDate                 |
| tb_B_ExamSentimentSettings      |
| tb_B_Features                   |
| tb_B_GradeDetailed              |
| tb_B_MemberAccess               |
| tb_B_MemberS                    |
| tb_B_MoreRecommend              |
| tb_B_MyFavorites                |
| tb_B_QuestionPlanFeature        |
| tb_B_SCNews                     |
| tb_B_ShowSet                    |
| tb_B_UserJshezhi                |
| tb_B_Video                      |
| tb_B_Words                      |
| tb_B_WordsType                  |
| tb_Dic_ClassType                |
| tb_Dic_CompareItem              |
| tb_Dic_Feature                  |
| tb_Dic_FolderType               |
| tb_Dic_MenuManage               |
| tb_Dic_MenuManageButton         |
| tb_Dic_Permissions              |
| tb_Dic_QuePlanItem              |
| tb_Dic_QuestionClassType        |
| tb_Dic_QuestionType             |
| tb_Dic_QuestionTypeTotal        |
| tb_E_AccountCode                |
| tb_E_Ad                         |
| tb_E_AdBrowse                   |
| tb_E_AdClick                    |
| tb_E_BuildDataBase              |
| tb_E_BuildDataBaseNode          |
| tb_E_BuildDatabaseQuestion      |
| tb_E_Compare                    |
| tb_E_DaiJian                    |
| tb_E_DaiJinRoll                 |
| tb_E_DayTrain                   |
| tb_E_DeductionWith              |
| tb_E_DoQuestionSettings         |
| tb_E_DownQuestionPlan           |
| tb_E_Download                   |
| tb_E_EmailCode                  |
| tb_E_ExamAlert                  |
| tb_E_ExamArrange                |
| tb_E_ExamPaper                  |
| tb_E_ExamPaperNode              |
| tb_E_ExamPaperNodeQuestion      |
| tb_E_ExamPolicyItem             |
| tb_E_ExamPolicyNode             |
| tb_E_ExamRedo                   |
| tb_E_ExamRemind                 |
| tb_E_ExamSentiment              |
| tb_E_ExerciseGrade              |
| tb_E_FakeExamData               |
| tb_E_Favourites                 |
| tb_E_MachineCode                |
| tb_E_MailTemplate               |
| tb_E_Orders                     |
| tb_E_PaperCache                 |
| tb_E_PayConfiguration           |
| tb_E_Problem                    |
| tb_E_ProblemAnswered            |
| tb_E_ProblemSettings            |
| tb_E_ProdCommentReply           |
| tb_E_ProdComments               |
| tb_E_Product                    |
| tb_E_ProductGlobal              |
| tb_E_QuePlanShow                |
| tb_E_QuePlanShowGlobal          |
| tb_E_Question                   |
| tb_E_QuestionFeedback           |
| tb_E_QuestionPlan               |
| tb_E_QuestionTemp               |
| tb_E_Question_ForSearch         |
| tb_E_Receipt                    |
| tb_E_Recharge                   |
| tb_E_RegisterCodes              |
| tb_E_RegisterCodesBatch         |
| tb_E_Study                      |
| tb_E_StudyRecord                |
| tb_E_StudyRecordDetail          |
| tb_E_StudySentiment             |
| tb_E_StudySettings              |
| tb_E_SubjectRecommend           |
| tb_E_UserGrade                  |
| tb_E_UserRight                  |
| tb_E_VirtualInformation         |
| tb_E_WayTrain                   |
| tb_E_WebSite                    |
| tb_E_WorkFlow                   |
| tb_E_WorkState                  |
| tb_L_DownQueMenu                |
| tb_L_DownQueMenuButton          |
| tb_L_ExamUser                   |
| tb_L_QueMenu                    |
| tb_L_QueMenuButton              |
| tb_L_QuetioneTypeButton         |
| tb_PaperFolderCache             |
| tb_QuePlanContent               |
| tb_QuestionPlanComment          |
| tb_SearchDic_ClassType          |
| tb_SearchPaperDic_ClassType     |
| tb_Search_ExamPaper             |
| tb_Search_ExamPaperNode         |
| tb_Search_ExamPaperNodeQuestion |
| tb_Search_PaperQuePlan          |
| tb_Search_Question              |
| tb_Search_QuestionFeedback      |
| tb_Search_QuestionPlan          |
| tb_dic_ComperDateType           |
| tb_e_MobileAdvertising          |
| tb_e_PushInForMaTion            |
| tb_e_QuestionFeedbackReply      |
| tb_e_QuestionPlan_QueplanCT     |
| tb_e_Question_TJ                |
| tb_l_DownPaperQuePlan           |
| tb_l_PaperQuePlan               |
| tb_search_QuestionFeedbackReply |
| v_FeedbackPaper                 |
+---------------------------------+
Database: scebookData
[147 tables]
+------------------------------------+
| AdminRight                         |
| AdminRole                          |
| AdminUser                          |
| Advertisement                      |
| Agent                              |
| AllMemberInfo                      |
| All_TJ                             |
| All_TJ_Download_Exam               |
| All_TJ_Download_Exam_TK            |
| All_TJ_Download_XXSub              |
| All_TJ_TK                          |
| ApplePrice                         |
| BankList                           |
| BlackListIP                        |
| BookAgent                          |
| BookRelate                         |
| Config                             |
| ConfigCode                         |
| CorpInfo                           |
| CreateHtmlQueue                    |
| Data                               |
| DataCategory                       |
| DataCheckReason                    |
| DataOperate                        |
| DataReport                         |
| DictionaryTable                    |
| DomainCategory                     |
| EBookArr                           |
| EBookConverting                    |
| EBookIdAndAgent                    |
| EBookIdAndAgentRenda               |
| EBook_Media                        |
| Ebook                              |
| EbookActMember                     |
| EbookAdvertisement                 |
| EbookCategory                      |
| EbookCategoryFTP                   |
| EbookCategorySub                   |
| EbookCategorySub_Ebook             |
| EbookCheckReason                   |
| EbookComment                       |
| EbookCommentReply                  |
| EbookDemo                          |
| EbookDraft                         |
| EbookEvaluateSetting               |
| EbookExpire                        |
| EbookFeedBack                      |
| EbookFeedBackReply                 |
| EbookGroup                         |
| EbookGroupElement                  |
| EbookOperate                       |
| EbookPwd                           |
| EbookPwdGenerate                   |
| EbookRecommend                     |
| EbookRecommendDetail               |
| EbookXueXi                         |
| Ebook_Apple                        |
| Ebook_Dangdang                     |
| EditorTool                         |
| EmailTemplate                      |
| Experience                         |
| FeeItem                            |
| FileInFolder                       |
| FolderCategory                     |
| FolderCategorySub                  |
| FolderCategorySub_Ebook            |
| FolderCategory_TJ                  |
| Help                               |
| HelpCategory                       |
| IpAddress                          |
| Log                                |
| MaterialPackage                    |
| MaterialRegistrationCodeModel      |
| Member                             |
| MemberAttr                         |
| MemberBankList                     |
| MemberBuy                          |
| MemberBuy_Stolen                   |
| MemberBuy_del                      |
| MemberClass                        |
| MemberClassRight                   |
| MemberFocus                        |
| MemberInstitute                    |
| MemberInvoice                      |
| MemberNetDisk                      |
| MemberOrder                        |
| MemberOrderPay                     |
| MemberRight                        |
| MemberRightItem                    |
| MemberRightItemCategory            |
| MemberSearchTJ                     |
| Menu                               |
| Message                            |
| MobileAdvisement                   |
| MobileInstructImage                |
| MobileInterfaceLimit               |
| MoneyWater                         |
| News                               |
| PageSeo                            |
| PayConfiguration                   |
| PlatBookDownLoad                   |
| PlatBookDownLoading                |
| PlatBookDownload_LastDay           |
| PlatBookDownload_LastMonth         |
| PlatBookDownload_LastYear          |
| PlatBookPublish                    |
| PlatBookPublishAndPlatBookDownLoad |
| PlatBookPublish_EbookTK            |
| PlatBookPublish_EbookTK_WithHezuo  |
| PlatCross                          |
| PricePasswordTJ                    |
| QQOpenId                           |
| Question                           |
| QuestionReply                      |
| QuoteProduct                       |
| RegistrationAttr                   |
| RegistrationCodeBatch              |
| RegistrationCodeBatch_bak          |
| RegistrationCodeModel              |
| RegistrationCodeModelBak           |
| RegistrationCodeModel_del          |
| ScNetDisk                          |
| Score                              |
| ScoreExchange                      |
| ScoreWater                         |
| TestCatTree                        |
| Tree                               |
| UserSearchTJ                       |
| VEbookAndApple                     |
| VEbookDownLoadCount                |
| VRenda                             |
| V_FavorAndDownloadList             |
| V_MemberBuyInfo                    |
| VarSize                            |
| View_1                             |
| View_2                             |
| View_EbookAndTb_E_QuestionPlan     |
| View_MemberOrderForCenterU         |
| Word                               |
| WordCategory                       |
| XXProductBuy                       |
| XXProductBuy_TJ                    |
| XXProductBuy_TJ_exam               |
| book                               |
| tempT                              |
| v_AliveCodeEBook                   |
| v_AliveCodeTiKu                    |
+------------------------------------+


4、后台地址信息

Database: SCEbook
Table: Menu
[94 entries]
+-----+----------+----------------------------------------------------------+---
---+---------------+-------------+--------+----------------------------+--------
----+
| Id  | ParentId | Url                                                      | So
rt | Name          | Path        | IsShow | AddTime                    | IsWrite
Log |
+-----+----------+----------------------------------------------------------+---
---+---------------+-------------+--------+----------------------------+--------
----+
| 1   | 0        | /ScEbook_Admin/                                          | 90
00 | E书管理          | 0-1         | 1      | 10 16 2012 \\?a05:11PM     | 1
       |
| 10  | 0        | /ScEbook_Admin/                                          | 91
0  | 信息管理          | 0-10        | 1      | 10 16 2012 \\?a05:25PM     | 1
        |
| 100 | 99       | /ScEbook_Admin/EbookPwd/default.aspx                     | 99
0  | 批量密码生成        | 0-1-99-100  | 1      | 12 \\?a03 2012 10:41AM     | 1
          |
| 101 | 99       | /ScEbook_Admin/EbookPwd/generatehand.aspx                | 10
00 | 随书密码生成        | 0-1-99-101  | 1      | 12 \\?a03 2012 10:42AM     | 1
          |
| 102 | 99       | /ScEbook_Admin/EbookPwd/protect.aspx                     | 98
0  | e书密码查询        | 0-1-99-102  | 1      | 12 \\?a03 2012 10:43AM     | 1
         |
| 104 | 14       | /ScEbook_Admin/Finance/invoice.aspx                      | 50
0  | 发票受理          | 0-14-104    | 1      | 12 \\?a07 2012 \\?a05:07PM | 1
        |
| 105 | 4        | /ScEbook_Admin/EbookEvaluate/error.aspx                  | 40
0  | 错误反馈          | 0-1-4-105   | 1      | 12 19 2012 \\?a02:11PM     | 1
        |
| 107 | 7        | /ScEbook_Admin/Data/checkSetting.aspx                    | 39
0  | 素材审核设置        | 0-103-7-107 | 1      | 01 \\?a03 2013 11:09AM     | 1
          |
| 108 | 9        | /ScEbook_Admin/Question/checkSetting.aspx                | 59
0  | 咨询审核设置        | 0-9-108     | 1      | 01 \\?a03 2013 \\?a05:29PM | 1
          |
| 109 | 7        | /ScEbook_Admin/Data/report.aspx                          | 0
   | 素材举报受理        | 0-103-7-109 | 1      | 02 17 2013 \\?a03:16PM     | 1
          |
| 11  | 0        | /ScEbook_Admin/                                          | 90
0  | 广告管理          | 0-11        | 1      | 10 16 2012 \\?a05:25PM     | 1
        |
| 110 | 16       | /ScEbook_Admin/Help/edithelp.aspx                        | 40
   | 编辑指南          | 0-16-110    | 1      | 04 16 2013 \\?a01:59PM     | 1
        |
| 112 | 17       | /ScEbook_Admin/Admin/AdminUserOnline.aspx                | 96
0  | 在线管理员查询       | 0-17-112    | 1      | 05 22 2013 10:06PM         |
1          |
| 114 | 1        | /ScEbook_Admin/ScNetDisk/                                | 90
00 | 圣才网盘          | 0-1-114     | 0      | 08 \\?a01 2013 \\?a02:33PM | 1
        |
| 115 | 11       | /ScEbook_Admin/MobileInstructImage/                      | 80
0  | 移动引导图片        | 0-11-115    | 1      | 08 19 2013 \\?a09:00AM     | 1
          |
| 116 | 11       | /ScEbook_Admin/MobileAdvisement/                         | 70
0  | 移动广告管理        | 0-11-116    | 1      | 08 19 2013 \\?a09:00AM     | 1
          |
| 117 | 17       | /ScEbook_Admin/PayConfiguration/                         | 1
   | 第三方支付接口       | 0-17        | 1      | 09 12 2013 \\?a08:33AM     |
1          |
| 12  | 0        | /ScEbook_Admin/                                          | 89
0  | 会员管理          | 0-12        | 1      | 10 16 2012 \\?a05:26PM     | 1
        |
| 120 | 17       | /ScEbook_Admin/PayLimitConfiguration/                    | 2
   | 移动端支付限制管理     | 0-17        | 1      | 09 23 2013 \\?a02:02PM
| 1          |
| 122 | 17       | /ScEbook_Admin/SEO/                                      | 3
   | 搜索优化          | 0-17-122    | 1      | 11 24 2013 \\?a02:15PM     | 1
        |
| 124 | 1        | \\ScEbook_Admin\\Agent\\AgentMessage.aspx                | 0
   | 代理商功能         | 0-1-124     | 0      | 01 26 2014 \\?a02:04PM     | 1
         |
| 125 | 124      | /ScEbook_Admin/Agent/AppleMessage.aspx                   | 0
   | 苹果供货          | 0-1-124-125 | 0      | 03 12 2014 \\?a05:19PM     | 1
        |
| 126 | 124      | /ScEbook_Admin/Agent/AgentMessage.aspx                   | 0
   | 当当供货          | 0-1-124-126 | 0      | 03 12 2014 \\?a05:20PM     | 1
        |
| 127 | 124      | /ScEbook_Admin/Agent/RenDa.aspx                          | 2
   | 人大经济论坛推送      | 0-1-124-127 | 0      | 04 \\?a04 2014 \\?a06:46PM |
 1          |
| 128 | 2        | /ScEbook_Admin/EbookActMember/                           | 48
0  | E书操作          | 0-1-128     | 1      | 07 23 2014 \\?a03:40PM     | 1
       |
| 129 | 1        | /ScEbook_Admin/Ebook/epub.aspx                           | 0
   | e书网生成全部epub格式 | 0-1-129     | 0      | 03 30 2015 \\?a05:54PM     |
 1          |
| 130 | 15       | /ScEbook_Admin/Statistics/BookDownEdit.aspx              | 71
5  | e书(题库)下载量修改   | 0-15-130    | 1      | 04 15 2015 \\?a03:59PM
 | 1          |
| 131 | 12       | \\ScEbook_Admin\\ServiceDept\\UserGroupMakeInfoList.aspx | 0
   | e书定制信息列表      | 0-12-131    | 0      | 04 25 2015 10:17AM         |
1          |
| 14  | 0        | /ScEbook_Admin/                                          | 87
0  | 财务管理          | 0-14        | 1      | 10 16 2012 \\?a05:26PM     | 1
        |
| 15  | 0        | /ScEbook_Admin/                                          | 86
0  | 统计管理          | 0-15        | 1      | 10 16 2012 \\?a05:26PM     | 1
        |
| 16  | 0        | /ScEbook_Admin/                                          | 85
0  | 帮助管理          | 0-16        | 1      | 10 16 2012 \\?a05:27PM     | 1
        |
| 17  | 0        | /ScEbook_Admin/                                          | 84
0  | 系统管理          | 0-17        | 1      | 10 16 2012 \\?a05:28PM     | 1
        |
| 18  | 17       | /ScEbook_Admin/Config/                                   | 10
00 | 系统基本参数        | 0-17-18     | 1      | 10 16 2012 \\?a05:28PM     | 1
          |
| 19  | 17       | /ScEbook_Admin/Menu/                                     | 99
0  | 系统菜单          | 0-17-19     | 1      | 10 16 2012 \\?a05:29PM     | 1
        |
| 2   | 1        | /ScEbook_Admin/                                          | 99
0  | E书分类          | 0-1-2       | 1      | 10 16 2012 \\?a05:12PM     | 1
       |
| 20  | 17       | /ScEbook_Admin/Admin/AdminRole.aspx                      | 98
0  | 管理员角色配置       | 0-17-20     | 1      | 10 16 2012 \\?a05:46PM     |
1          |
| 21  | 17       | /ScEbook_Admin/Admin/AdminUser.aspx                      | 97
0  | 管理员配置         | 0-17-21     | 1      | 10 16 2012 \\?a05:47PM     | 1
         |
| 22  | 2        | /ScEbook_Admin/EbookCategory/                            | 50
0  | E书分类          | 0-1-2-22    | 1      | 10 17 2012 \\?a04:12PM     | 1
       |
| 23  | 17       | /ScEbook_Admin/Log/                                      | 30
0  | 系统日志          | 0-17-23     | 1      | 10 18 2012 \\?a03:04PM     | 1
        |
| 24  | 17       | /ScEbook_Admin/Email/                                    | 40
0  | 系统邮件模板        | 0-17-24     | 1      | 10 19 2012 11:36AM         | 1
          |
| 25  | 16       | /ScEbook_Admin/Help/webhelp.aspx                         | 10
0  | 前台帮助          | 0-16-25     | 1      | 10 19 2012 \\?a02:16PM     | 1
        |
| 26  | 16       | /ScEbook_Admin/Help/systemhelp.aspx                      | 50
   | 后台帮助          | 0-16-26     | 1      | 10 19 2012 \\?a02:16PM     | 1
        |
| 27  | 2        | /ScEbook_Admin/Ebook/                                    | 49
0  | 所有E书列表        | 0-1-2-27    | 1      | 10 19 2012 \\?a02:17PM     | 1
         |
| 34  | 3        | /ScEbook_Admin/EbookRecommend/                           | 50
0  | 推荐设置          | 0-1-3-34    | 1      | 10 19 2012 \\?a02:25PM     | 1
        |
| 35  | 3        | /ScEbook_Admin/EbookRecommend/edit.aspx                  | 45
0  | 推荐查询与修改       | 0-1-3-35    | 1      | 10 19 2012 \\?a02:25PM     |
1          |
| 37  | 4        | /ScEbook_Admin/EbookEvaluate/comment.aspx                | 42
0  | 评论管理          | 0-1-4-37    | 1      | 10 19 2012 \\?a02:26PM     | 1
        |
| 38  | 5        | /ScEbook_Admin/EbookSort/make.aspx                       | 50
0  | 制作排行          | 0-1-5-38    | 1      | 10 19 2012 \\?a02:27PM     | 1
        |
| 39  | 5        | /ScEbook_Admin/EbookSort/read.aspx                       | 49
0  | 阅读排行          | 0-1-5-39    | 1      | 10 19 2012 \\?a02:28PM     | 1
        |
| 4   | 1        | /ScEbook_Admin/EbookEvaluate/                            | 97
0  | E书评价          | 0-1-4       | 1      | 10 16 2012 \\?a05:13PM     | 1
       |
| 40  | 5        | /ScEbook_Admin/EbookSort/favorite.aspx                   | 48
0  | 收藏排行          | 0-1-5-40    | 1      | 10 19 2012 \\?a02:28PM     | 1
        |
| 41  | 5        | /ScEbook_Admin/EbookSort/download.aspx                   | 46
0  | 下载排行          | 0-1-5-41    | 1      | 10 19 2012 \\?a02:29PM     | 1
        |
| 43  | 6        | /ScEbook_Admin/EbookMake/basicsetting.aspx               | 48
0  | E书基本设置        | 0-1-6-43    | 1      | 10 19 2012 \\?a02:30PM     | 1
         |
| 44  | 6        | /ScEbook_Admin/EbookMake/encryption.aspx                 | 47
0  | E书加密设置        | 0-1-6-44    | 1      | 10 19 2012 \\?a02:31PM     | 1
         |
| 46  | 7        | /ScEbook_Admin/DataCategory/                             | 50
0  | 素材分类管理        | 0-103-7-46  | 1      | 10 19 2012 \\?a02:43PM     | 1
          |
| 47  | 7        | /ScEbook_Admin/Data/                                     | 49
0  | 所有素材列表        | 0-103-7-47  | 1      | 10 19 2012 \\?a02:43PM     | 1
          |
| 48  | 7        | /ScEbook_Admin/Data/toCheck.aspx                         | 48
0  | 待审核的素材        | 0-103-7-48  | 1      | 10 19 2012 \\?a02:43PM     | 1
          |
| 49  | 7        | /ScEbook_Admin/Data/bechecked.aspx                       | 45
0  | 审核已通过的素材      | 0-103-7-49  | 1      | 10 19 2012 \\?a02:45PM     |
 1          |
| 5   | 1        | /ScEbook_Admin/EbookSort/make.aspx                       | 96
0  | E书排行          | 0-1-5       | 1      | 10 16 2012 \\?a05:15PM     | 1
       |
| 50  | 7        | /ScEbook_Admin/Data/checknopass.aspx                     | 44
0  | 审核未通过的素材      | 0-103-7-50  | 1      | 10 19 2012 \\?a02:45PM     |
 1          |
| 51  | 7        | /ScEbook_Admin/Data/rejectReason.aspx                    | 43
0  | 审核回复设置        | 0-103-7-51  | 1      | 10 19 2012 \\?a02:45PM     | 1
          |
| 52  | 7        | /ScEbook_Admin/Data/mydata.aspx                          | 41
0  | 我发布的素材        | 0-103-7-52  | 1      | 10 19 2012 \\?a02:46PM     | 1
          |
| 53  | 7        | /ScEbook_Admin/Data/garbage.aspx                         | 40
0  | 素材回收站         | 0-103-7-53  | 1      | 10 19 2012 \\?a02:47PM     | 1
         |
| 54  | 8        | /ScEbook_Admin/DataSort/upload.aspx                      | 50
0  | 上传排行          | 0-103-8-54  | 1      | 10 19 2012 \\?a02:47PM     | 1
        |
| 55  | 8        | /ScEbook_Admin/DataSort/create.aspx                      | 49
0  | 创意排行          | 0-103-8-55  | 1      | 10 19 2012 \\?a02:47PM     | 1
        |
| 56  | 8        | /ScEbook_Admin/DataSort/favorite.aspx                    | 48
0  | 收藏排行          | 0-103-8-56  | 1      | 10 19 2012 \\?a02:48PM     | 1
        |
| 57  | 8        | /ScEbook_Admin/DataSort/download.aspx                    | 47
0  | 下载排行          | 0-103-8-57  | 1      | 10 19 2012 \\?a02:48PM     | 1
        |
| 58  | 9        | /ScEbook_Admin/Question/all.aspx                         | 10
00 | 所有咨询列表        | 0-9-58      | 1      | 10 19 2012 \\?a02:51PM     | 1
          |
| 59  | 9        | /ScEbook_Admin/Question/memberAnswer.aspx                | 90
0  | 会员回应的咨询       | 0-9-59      | 1      | 10 19 2012 \\?a02:52PM     |
1          |
| 6   | 1        | /ScEbook_Admin/                                          | 95
0  | E书制作          | 0-1-6       | 1      | 10 16 2012 \\?a05:19PM     | 0
       |
| 60  | 9        | /ScEbook_Admin/Question/scAnswer.aspx                    | 80
0  | 圣才回应的咨询       | 0-9-60      | 1      | 10 19 2012 \\?a02:53PM     |
1          |
| 61  | 9        | /ScEbook_Admin/Question/experience.aspx                  | 60
0  | 经验分享          | 0-9-61      | 1      | 10 19 2012 \\?a02:53PM     | 1
        |
| 62  | 9        | /ScEbook_Admin/Question/noAnswer.aspx                    | 60
0  | 未回应的咨询        | 0-9-62      | 1      | 10 19 2012 \\?a02:55PM     | 1
          |
| 63  | 10       | /ScEbook_Admin/News/                                     | 10
00 | 圣才快讯          | 0-10-63     | 1      | 10 19 2012 \\?a03:16PM     | 1
        |
| 66  | 10       | /ScEbook_Admin/News/making.aspx                          | 85
0  | 正在制作          | 0-10-66     | 1      | 10 19 2012 \\?a03:17PM     | 1
        |
| 67  | 11       | /ScEbook_Admin/Advertisement/                            | 10
00 | 网站广告          | 0-11-67     | 1      | 10 19 2012 \\?a03:18PM     | 1
        |
| 68  | 11       | /ScEbook_Admin/EbookAdvertisement/                       | 90
0  | E书广告          | 0-11-68     | 1      | 10 19 2012 \\?a03:18PM     | 1
       |
| 69  | 12       | /ScEbook_Admin/Member/                                   | 10
00 | 注册会员列表        | 0-12-69     | 1      | 10 19 2012 \\?a03:19PM     | 1
          |
| 7   | 103      | /ScEbook_Admin/                                          | 94
0  | 素材审核          | 0-103-7     | 1      | 10 16 2012 \\?a05:24PM     | 1
        |
| 73  | 12       | /ScEbook_Admin/Member/order.aspx                         | 95
0  | 会员订单管理        | 0-12-73     | 1      | 10 19 2012 \\?a03:20PM     | 1
          |
| 76  | 13       | /ScEbook_Admin/Score/                                    | 10
00 | 积分规则设置        | 0-13-76     | 1      | 10 19 2012 \\?a03:22PM     | 1
          |
| 77  | 13       | /ScEbook_Admin/ScoreSearch/                              | 90
0  | 会员积分查询        | 0-13-77     | 1      | 10 19 2012 \\?a03:22PM     | 1
          |
| 78  | 13       | /ScEbook_Admin/ScoreExchange/                            | 80
0  | 会员积分兑换        | 0-13-78     | 1      | 10 19 2012 \\?a03:23PM     | 1
          |
| 79  | 14       | /ScEbook_Admin/Finance/income.aspx                       | 10
00 | 收入查询          | 0-14-79     | 1      | 10 19 2012 \\?a04:27PM     | 1
        |
| 8   | 103      | /ScEbook_Admin/                                          | 93
0  | 素材排行          | 0-103-8     | 1      | 10 16 2012 \\?a05:24PM     | 1
        |
| 83  | 15       | /ScEbook_Admin/Statistics/ebook.aspx                     | 10
00 | E书统计          | 0-15-83     | 1      | 10 19 2012 \\?a04:29PM     | 1
       |
| 85  | 15       | /ScEbook_Admin/Statistics/evaluate.aspx                  | 80
0  | 评价统计          | 0-15-85     | 1      | 10 19 2012 \\?a04:30PM     | 1
        |
| 88  | 15       | /ScEbook_Admin/Statistics/member.aspx                    | 77
0  | 会员统计          | 0-15-88     | 1      | 10 19 2012 \\?a04:31PM     | 1
        |
| 89  | 15       | /ScEbook_Admin/Statistics/recharge.aspx                  | 76
0  | 收入统计          | 0-15-89     | 1      | 10 19 2012 \\?a04:32PM     | 1
        |
| 90  | 15       | /ScEbook_Admin/Statistics/consume.aspx                   | 75
0  | 消费统计          | 0-15-90     | 1      | 10 19 2012 \\?a04:32PM     | 1
        |
| 91  | 15       | /ScEbook_Admin/Statistics/withdraw.aspx                  | 72
0  | 分成统计          | 0-15-91     | 1      | 10 19 2012 \\?a04:32PM     | 1
        |
| 92  | 17       | /ScEbook_Admin/Tree/                                     | 10
   | 前台菜单          | 0-17-92     | 1      | 10 30 2012 10:07AM         | 1
        |
| 95  | 17       | /ScEbook_Admin/Word/                                     | 55
0  | 敏感词管理         | 0-17-95     | 1      | 11 25 2012 \\?a01:53PM     | 1
         |
| 98  | 97       | /ScEbook_Admin/EbookDownLoad/                            | 10
00 | E书下载设置        | 0-1-97-98   | 1      | 12 \\?a03 2012 10:01AM     | 1
         |
| 99  | 1        | /ScEbook_Admin/Ebook.aspx                                | 92
0  | E书密码          | 0-1-99      | 1      | 12 \\?a03 2012 10:41AM     | 1
       |
+-----+----------+----------------------------------------------------------+---
---+---------------+-------------+--------+----------------------------+--------
----+

修复方案:

你们更专业!

版权声明:转载请注明来源 harbour_bin@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-05-27 18:31

厂商回复:

谢谢

最新状态:

暂无