当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0154651

漏洞标题:中国移动研究院SQL注射(三个应用库;上千张数据表)

相关厂商:中国移动

漏洞作者: 路人甲

提交时间:2015-11-23 22:42

修复时间:2016-01-11 15:32

公开时间:2016-01-11 15:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-23: 细节已通知厂商并且等待厂商处理中
2015-11-27: 厂商已经确认,细节仅向厂商公开
2015-12-07: 细节向核心白帽子及相关领域专家公开
2015-12-17: 细节向普通白帽子公开
2015-12-27: 细节向实习白帽子公开
2016-01-11: 细节向公众公开

简要描述:

此番注入参数路径与撸撸侠之前提出的有所不同;

详细说明:

http://**.**.**.**:80/my/ajax_my.php?action=activeload&type=pagemark&uid=300&vwid=1&pmid=2


参数:pmid

漏洞证明:

z.png


web application technology: Nginx, PHP 5.2.17
back-end DBMS: MySQL 5.0.11
Database: mobilehub
[1176 tables]
+-------------------------------------------------+
| baike_activation                                |
| baike_advertisement                             |
| baike_attachment                                |
| baike_autosave                                  |
| baike_banned                                    |
| baike_blacklist                                 |
| baike_category                                  |
| baike_categorylink                              |
| baike_channel                                   |
| baike_comment                                   |
| baike_creditdetail                              |
| baike_dimension                                 |
| baike_doc                                       |
| baike_docreference                              |
| baike_edition                                   |
| baike_focus                                     |
| baike_friendlink                                |
| baike_gift                                      |
| baike_giftlog                                   |
| baike_language                                  |
| baike_lock                                      |
| baike_plugin                                    |
| baike_pluginhook                                |
| baike_pluginvar                                 |
| baike_pms                                       |
| baike_privatetitle                              |
| baike_recycle                                   |
| baike_regular                                   |
| baike_regular_relation                          |
| baike_regulargroup                              |
| baike_relation                                  |
| baike_search_dic                                |
| baike_session                                   |
| baike_setting                                   |
| baike_style                                     |
| baike_synonym                                   |
| baike_task                                      |
| baike_uniontitle                                |
| baike_user                                      |
| baike_usergroup                                 |
| baike_vote_ip_time                              |
| baike_word                                      |
| bbs_access                                      |
| bbs_adminhelp                                   |
| bbs_administrator                               |
| bbs_adminlog                                    |
| bbs_adminmessage                                |
| bbs_adminutil                                   |
| bbs_announcement                                |
| bbs_announcementread                            |
| bbs_attachment                                  |
| bbs_attachmentpermission                        |
| bbs_attachmenttype                              |
| bbs_attachmentviews                             |
| bbs_avatar                                      |
| bbs_bbcode                                      |
| bbs_calendar                                    |
| bbs_calendarcustomfield                         |
| bbs_calendarmoderator                           |
| bbs_calendarpermission                          |
| bbs_cpsession                                   |
| bbs_cron                                        |
| bbs_cronlog                                     |
| bbs_customavatar                                |
| bbs_customprofilepic                            |
| bbs_datastore                                   |
| bbs_deletionlog                                 |
| bbs_editlog                                     |
| bbs_event                                       |
| bbs_externalcache                               |
| bbs_faq                                         |
| bbs_forum                                       |
| bbs_forumpermission                             |
| bbs_forumread                                   |
| bbs_holiday                                     |
| bbs_icon                                        |
| bbs_imagecategory                               |
| bbs_imagecategorypermission                     |
| bbs_infraction                                  |
| bbs_infractionban                               |
| bbs_infractiongroup                             |
| bbs_infractionlevel                             |
| bbs_language                                    |
| bbs_mailqueue                                   |
| bbs_moderation                                  |
| bbs_moderator                                   |
| bbs_moderatorlog                                |
| bbs_passwordhistory                             |
| bbs_paymentapi                                  |
| bbs_paymentinfo                                 |
| bbs_paymenttransaction                          |
| bbs_phrase                                      |
| bbs_phrasetype                                  |
| bbs_plugin                                      |
| bbs_pm                                          |
| bbs_pmreceipt                                   |
| bbs_pmtext                                      |
| bbs_podcast                                     |
| bbs_podcastitem                                 |
| bbs_poll                                        |
| bbs_pollvote                                    |
| bbs_post                                        |
| bbs_posthash                                    |
| bbs_postindex                                   |
| bbs_postparsed                                  |
| bbs_product                                     |
| bbs_productcode                                 |
| bbs_productdependency                           |
| bbs_profilefield                                |
| bbs_profilefieldcategory                        |
| bbs_ranks                                       |
| bbs_regimage                                    |
| bbs_reminder                                    |
| bbs_reputation                                  |
| bbs_reputationlevel                             |
| bbs_rssfeed                                     |
| bbs_rsslog                                      |
| bbs_search                                      |
| bbs_session                                     |
| bbs_setting                                     |
| bbs_settinggroup                                |
| bbs_sigparsed                                   |
| bbs_sigpic                                      |
| bbs_smilie                                      |
| bbs_stats                                       |
| bbs_strikes                                     |
| bbs_style                                       |
| bbs_subscribeevent                              |
| bbs_subscribeforum                              |
| bbs_subscribethread                             |
| bbs_subscription                                |
| bbs_subscriptionlog                             |
| bbs_subscriptionpermission                      |
| bbs_tachyforumpost                              |
| bbs_tachythreadpost                             |
| bbs_template                                    |
| bbs_templatehistory                             |
| bbs_thread                                      |
| bbs_threadrate                                  |
| bbs_threadread                                  |
| bbs_threadredirect                              |
| bbs_threadviews                                 |
| bbs_upgradelog                                  |
| bbs_user                                        |
| bbs_useractivation                              |
| bbs_userban                                     |
| bbs_userfield                                   |
| bbs_usergroup                                   |
| bbs_usergroupleader                             |
| bbs_usergrouprequest                            |
| bbs_userlist                                    |
| bbs_usernote                                    |
| bbs_userpromotion                               |
| bbs_usertextfield                               |
| bbs_usertitle                                   |
| bbs_word                                        |
| bizcoop_company                                 |
| bizcoop_other                                   |
| cloud_groups_email                              |
| cmri_achievement                                |
| cmri_data                                       |
| cmri_expert                                     |
| cmri_expert_ask                                 |
| cmri_groups                                     |
| cmri_individualization                          |
| cmri_link                                       |
| cmri_product                                    |
| cmri_techresult                                 |
| cmri_techresult_data                            |
| cmri_techresult_tree                            |
| cmri_users                                      |
| cmri_vke                                        |
| cmui_about                                      |
| cmui_ad                                         |
| cmui_color                                      |
| cmui_log                                        |
| cmui_mn_attachment                              |
| cmui_mn_comment                                 |
| cmui_mn_content                                 |
| cmui_mn_item                                    |
| cmui_mn_project                                 |
| cmui_new_article                                |
| cmui_new_camp                                   |
| cmui_new_camp_comments                          |
| cmui_new_invitation                             |
| cmui_new_projects                               |
| cmui_new_tagcontent                             |
| cmui_new_turn                                   |
| cmui_process                                    |
| cmui_projects                                   |
| cmui_top_news                                   |
| cmui_ui_list                                    |
| cmui_ui_size                                    |
| cmui_ui_type                                    |
| cmui_ui_type_list                               |
| cmui_ui_upload                                  |
| cmui_ui_version                                 |
| cmui_user                                       |
| cyask_answer                                    |
| cyask_collect                                   |
| cyask_grade                                     |
| cyask_notice                                    |
| cyask_ques                                      |
| cyask_res                                       |
| cyask_score                                     |
| cyask_set                                       |
| cyask_sort                                      |
| cyask_tpl                                       |
| cyask_vote                                      |
| drupal_access                                   |
| drupal_actions                                  |
| drupal_actions_aid                              |
| drupal_authmap                                  |
| drupal_batch                                    |
| drupal_blocks                                   |
| drupal_blocks_roles                             |
| drupal_blog_writer_node_bsp                     |
| drupal_blog_writer_user_bsp                     |
| drupal_boxes                                    |
| drupal_cache                                    |
| drupal_cache_block                              |
| drupal_cache_filter                             |
| drupal_cache_form                               |
| drupal_cache_menu                               |
| drupal_cache_page                               |
| drupal_cache_update                             |
| drupal_comments                                 |
| drupal_et_searcher_source                       |
| drupal_et_searcher_source_cache                 |
| drupal_et_searcher_source_tag                   |
| drupal_et_searcher_source_tree                  |
| drupal_et_tools_batch                           |
| drupal_et_user_news                             |
| drupal_et_user_pages_access                     |
| drupal_files                                    |
| drupal_filter_formats                           |
| drupal_filters                                  |
| drupal_flood                                    |
| drupal_group_admin_config                       |
| drupal_group_admin_index_tags                   |
| drupal_group_admin_notice                       |
| drupal_group_admin_recomm                       |
| drupal_group_attach_mapping                     |
| drupal_group_attachment                         |
| drupal_group_category                           |
| drupal_group_collect                            |
| drupal_group_designationchange                  |
| drupal_group_group                              |
| drupal_group_groupcategory                      |
| drupal_group_groupview                          |
| drupal_group_index_recommend_content            |
| drupal_group_index_recommend_content_mini_group |
| drupal_group_invitetype                         |
| drupal_group_message                            |
| drupal_group_point                              |
| drupal_group_pre_verify                         |
| drupal_group_reply                              |
| drupal_group_roletitle                          |
| drupal_group_scorerule                          |
| drupal_group_stat                               |
| drupal_group_tag                                |
| drupal_group_tag_category                       |
| drupal_group_tag_group                          |
| drupal_group_topic                              |
| drupal_group_topic_action                       |
| drupal_group_topic_action_hit                   |
| drupal_group_topic_action_topic                 |
| drupal_group_topic_action_view                  |
| drupal_group_topic_tag                          |
| drupal_group_topictype                          |
| drupal_group_travel_vote                        |
| drupal_group_user_forbidden                     |
| drupal_group_user_group                         |
| drupal_group_userfriend                         |
| drupal_group_users_status                       |
| drupal_group_view_history                       |
| drupal_group_vote_candidate                     |
| drupal_group_vote_history                       |
| drupal_group_wb_user                            |
| drupal_group_week_user                          |
| drupal_history                                  |
| drupal_languages                                |
| drupal_locales_source                           |
| drupal_locales_target                           |
| drupal_menu_custom                              |
| drupal_menu_links                               |
| drupal_menu_router                              |
| drupal_msg_content                              |
| drupal_msg_inbox                                |
| drupal_msg_outbox                               |
| drupal_my_blog                                  |
| drupal_my_blog_block_morelink                   |
| drupal_my_blog_cache_controll                   |
| drupal_my_blog_category                         |
| drupal_my_blog_draft                            |
| drupal_my_blog_editor_best_post                 |
| drupal_my_blog_editor_blog_directory            |
| drupal_my_blog_editor_blog_directory0           |
| drupal_my_blog_editor_blog_directory1           |
| drupal_my_blog_editor_category                  |
| drupal_my_blog_editor_category_1                |
| drupal_my_blog_editor_category_3                |
| drupal_my_blog_editor_category_5                |
| drupal_my_blog_editor_category_7                |
| drupal_my_blog_editor_category_8                |
| drupal_my_blog_editor_category_9                |
| drupal_my_blog_editor_censor                    |
| drupal_my_blog_editor_focus_post                |
| drupal_my_blog_editor_front                     |
| drupal_my_blog_editor_hot_post                  |
| drupal_my_blog_editor_hot_tags                  |
| drupal_my_blog_editor_leader_blog               |
| drupal_my_blog_editor_mobile_post               |
| drupal_my_blog_editor_month_top                 |
| drupal_my_blog_editor_recent_blog               |
| drupal_my_blog_editor_recent_post               |
| drupal_my_blog_editor_recent_post_by_category   |
| drupal_my_blog_editor_settings                  |
| drupal_my_blog_editor_top_blog                  |
| drupal_my_blog_editor_top_nodes_comment         |
| drupal_my_blog_editor_top_nodes_read            |
| drupal_my_blog_focus_img                        |
| drupal_my_blog_forbidden_city                   |
| drupal_my_blog_mailgroup                        |
| drupal_my_blog_maillist                         |
| drupal_my_blog_my_category                      |
| drupal_my_blog_my_category_node                 |
| drupal_my_blog_myfolder                         |
| drupal_my_blog_node_permission_bloger           |
| drupal_my_blog_node_permission_comment          |
| drupal_my_blog_node_permission_read             |
| drupal_my_blog_search_index_temp                |
| drupal_my_blog_statistics                       |
| drupal_my_blog_statistics_log                   |
| drupal_my_blog_statistics_read                  |
| drupal_my_blog_tag                              |
| drupal_my_blog_tag_node                         |
| drupal_my_blog_tag_user                         |
| drupal_my_blog_tags_category                    |
| drupal_my_blog_top_nav                          |
| drupal_my_blog_user_import_record               |
| drupal_my_blog_user_node                        |
| drupal_my_blog_view_blogcount                   |
| drupal_my_blog_wp_import_posts_hits             |
| drupal_my_blog_wp_import_record                 |
| drupal_my_contact                               |
| drupal_node                                     |
| drupal_node_access                              |
| drupal_node_comment_statistics                  |
| drupal_node_counter                             |
| drupal_node_revisions                           |
| drupal_node_type                                |
| drupal_permission                               |
| drupal_role                                     |
| drupal_sessions                                 |
| drupal_superblog_allbloger_cat                  |
| drupal_superblog_allbloger_catlist              |
| drupal_superblog_bind_139                       |
| drupal_superblog_block_morelink                 |
| drupal_superblog_blog                           |
| drupal_superblog_category                       |
| drupal_superblog_comments                       |
| drupal_superblog_editor_all_blog                |
| drupal_superblog_editor_best_post               |
| drupal_superblog_editor_category                |
| drupal_superblog_editor_category_10             |
| drupal_superblog_editor_category_11             |
| drupal_superblog_editor_category_12             |
| drupal_superblog_editor_category_13             |
| drupal_superblog_editor_category_14             |
| drupal_superblog_editor_category_15             |
| drupal_superblog_editor_category_16             |
| drupal_superblog_editor_category_17             |
| drupal_superblog_editor_category_3              |
| drupal_superblog_editor_category_5              |
| drupal_superblog_editor_category_7              |
| drupal_superblog_editor_category_8              |
| drupal_superblog_editor_category_9              |
| drupal_superblog_editor_censor                  |
| drupal_superblog_editor_focus_post              |
| drupal_superblog_editor_front                   |
| drupal_superblog_editor_hot_post                |
| drupal_superblog_editor_hot_tags                |
| drupal_superblog_editor_index_article           |
| drupal_superblog_editor_leader_blog             |
| drupal_superblog_editor_mobile_post             |
| drupal_superblog_editor_month_top               |
| drupal_superblog_editor_recent_post             |
| drupal_superblog_editor_settings                |
| drupal_superblog_editor_top_blog                |
| drupal_superblog_editor_top_nodes_comment       |
| drupal_superblog_editor_top_nodes_read          |
| drupal_superblog_focus_img                      |
| drupal_superblog_forbidden_city                 |
| drupal_superblog_hottopic                       |
| drupal_superblog_html                           |
| drupal_superblog_myfolder                       |
| drupal_superblog_node                           |
| drupal_superblog_node_class                     |
| drupal_superblog_node_class_concern             |
| drupal_superblog_search_index_temp              |
| drupal_superblog_statics                        |
| drupal_superblog_statics_log                    |
| drupal_superblog_statics_read                   |
| drupal_superblog_tags                           |
| drupal_superblog_tags_category                  |
| drupal_superblog_tags_node                      |
| drupal_superblog_tags_user                      |
| drupal_superblog_top_nav                        |
| drupal_superblog_topics                         |
| drupal_superblog_topics_user                    |
| drupal_superblog_topicvote                      |
| drupal_superblog_view_blogcount                 |
| drupal_superblog_writer_node_bsp                |
| drupal_superblog_writer_user_bsp                |
| drupal_system                                   |
| drupal_term_data                                |
| drupal_term_hierarchy                           |
| drupal_term_node                                |
| drupal_term_relation                            |
| drupal_term_synonym                             |
| drupal_unique_token                             |
| drupal_upload                                   |
| drupal_url_alias                                |
| drupal_users                                    |
| drupal_users_roles                              |
| drupal_variable                                 |
| drupal_vocabulary                               |
| drupal_vocabulary_node_types                    |
| drupal_vote_status                              |
| drupal_watchdog                                 |
| hdwiki_activation                               |
| hdwiki_advertisement                            |
| hdwiki_attachment                               |
| hdwiki_banned                                   |
| hdwiki_blacklist                                |
| hdwiki_category                                 |
| hdwiki_channel                                  |
| hdwiki_comment                                  |
| hdwiki_contact_message                          |
| hdwiki_creditdetail                             |
| hdwiki_doc                                      |
| hdwiki_edition                                  |
| hdwiki_focus                                    |
| hdwiki_friendlink                               |
| hdwiki_language                                 |
| hdwiki_lock                                     |
| hdwiki_plugin                                   |
| hdwiki_pluginhook                               |
| hdwiki_pluginvar                                |
| hdwiki_pms                                      |
| hdwiki_regular                                  |
| hdwiki_regular_relation                         |
| hdwiki_regulargroup                             |
| hdwiki_session                                  |
| hdwiki_setting                                  |
| hdwiki_style                                    |
| hdwiki_synonym                                  |
| hdwiki_task                                     |
| hdwiki_user                                     |
| hdwiki_usergroup                                |
| hdwiki_word                                     |
| ictspace_ad                                     |
| ictspace_ad_list                                |
| ictspace_ad_position                            |
| ictspace_ad_site                                |
| ictspace_admin_exhibit                          |
| ictspace_admin_group                            |
| ictspace_admin_html                             |
| ictspace_admin_module_operation                 |
| ictspace_admin_permission                       |
| ictspace_admin_recommbox                        |
| ictspace_admin_role                             |
| ictspace_admin_role_permission                  |
| ictspace_admin_user                             |
| ictspace_admin_user_permission                  |
| ictspace_admin_user_role                        |
| ictspace_admin_white_list                       |
| ictspace_aggregate_rss_feed                     |
| ictspace_aggregate_rss_items                    |
| ictspace_alliance_attachments                   |
| ictspace_alliance_news                          |
| ictspace_alliance_news_type                     |
| ictspace_anonymous_vwlayout                     |
| ictspace_approver                               |
| ictspace_article                                |
| ictspace_article_bookmark                       |
| ictspace_article_content                        |
| ictspace_article_department                     |
| ictspace_article_more                           |
| ictspace_article_permission                     |
| ictspace_attach                                 |
| ictspace_attachments                            |
| ictspace_avatars                                |
| ictspace_blog_award                             |
| ictspace_blog_comments                          |
| ictspace_blog_posts                             |
| ictspace_blog_tags                              |
| ictspace_blogceremony_candidate                 |
| ictspace_blogceremony_cat                       |
| ictspace_blogceremony_pic                       |
| ictspace_blogceremony_vote                      |
| ictspace_bluedream_achievement                  |
| ictspace_bluedream_book                         |
| ictspace_bluedream_comment                      |
| ictspace_bluedream_donor                        |
| ictspace_bluedream_school                       |
| ictspace_bluedream_slide                        |
| ictspace_bluedream_vote                         |
| ictspace_channel_added_field                    |
| ictspace_channel_daily_data                     |
| ictspace_channel_daily_data_bak                 |
| ictspace_channelfocus_visit                     |
| ictspace_charge_report                          |
| ictspace_chennal_pers_action                    |
| ictspace_cloud_opencirrus_attend                |
| ictspace_club_active                            |
| ictspace_club_active_record                     |
| ictspace_club_admin                             |
| ictspace_club_bus_record                        |
| ictspace_club_coins_used                        |
| ictspace_club_comment                           |
| ictspace_club_gift                              |
| ictspace_club_leave                             |
| ictspace_club_picture                           |
| ictspace_club_record                            |
| ictspace_club_reply                             |
| ictspace_club_rewarded                          |
| ictspace_club_sign                              |
| ictspace_club_sign_setting                      |
| ictspace_club_survey                            |
| ictspace_club_user                              |
| ictspace_club_ybkuinfo                          |
| ictspace_cmcc2012_csr                           |
| ictspace_cmcc2013_csr                           |
| ictspace_cmcc_csr                               |
| ictspace_cmcc_departments                       |
| ictspace_cmcc_departments_tree                  |
| ictspace_cmccvote_csr                           |
| ictspace_cmccvote_csr2014                       |
| ictspace_cmccvote_items                         |
| ictspace_cmccvote_luckdraw                      |
| ictspace_cmims_partner                          |
| ictspace_cmri_department                        |
| ictspace_const_mail_address                     |
| ictspace_content_colums                         |
| ictspace_content_type                           |
| ictspace_delt_domain                            |
| ictspace_delt_mail                              |
| ictspace_dream_province                         |
| ictspace_dream_team_works                       |
| ictspace_dream_university                       |
| ictspace_dream_university_teams                 |
| ictspace_dream_vote                             |
| ictspace_dsn_expertor                           |
| ictspace_dynamic_count                          |
| ictspace_dynamic_mail_click_data                |
| ictspace_dynamic_rule                           |
| ictspace_entity_delta                           |
| ictspace_entity_permission                      |
| ictspace_entry                                  |
| ictspace_entry_cate                             |
| ictspace_entry_channel                          |
| ictspace_entry_channel_hits                     |
| ictspace_entry_comments                         |
| ictspace_entry_concern                          |
| ictspace_entry_content                          |
| ictspace_entry_editor_rss                       |
| ictspace_entry_feed                             |
| ictspace_entry_landing_config                   |
| ictspace_entry_record                           |
| ictspace_entry_rss                              |
| ictspace_entry_tag                              |
| ictspace_entry_top                              |
| ictspace_entry_use                              |
| ictspace_entry_user                             |
| ictspace_event_unlock_history                   |
| ictspace_events                                 |
| ictspace_ext_news_category                      |
| ictspace_ext_news_news                          |
| ictspace_ext_news_user                          |
| ictspace_ext_news_user_category                 |
| ictspace_focus_cgdc2012                         |
| ictspace_focus_consultant                       |
| ictspace_forbid_user_history                    |
| ictspace_forbidden_mail                         |
| ictspace_forum_attach                           |
| ictspace_forum_comment                          |
| ictspace_forum_joinuser                         |
| ictspace_fragment_center                        |
| ictspace_fragment_headline                      |
| ictspace_fragment_news                          |
| ictspace_friend_link                            |
| ictspace_friendlink_type                        |
| ictspace_fruit_mail                             |
| ictspace_fruit_mail_address                     |
| ictspace_fruit_mail_channel                     |
| ictspace_fruit_mail_item                        |
| ictspace_fruit_mail_logo                        |
| ictspace_fruit_mail_state                       |
| ictspace_gti                                    |
| ictspace_gti_asia                               |
| ictspace_gti_south                              |
| ictspace_guest_info                             |
| ictspace_guest_mbao                             |
| ictspace_hits_count                             |
| ictspace_hn_user                                |
| ictspace_home_page_turn_pic_right               |
| ictspace_home_personalize                       |
| ictspace_imic2012_users                         |
| ictspace_imic_discussant_list                   |
| ictspace_imic_partner                           |
| ictspace_imic_users                             |
| ictspace_imr_contact                            |
| ictspace_imr_expertor                           |
| ictspace_imr_results                            |
| ictspace_imr_user_results                       |
| ictspace_individualization                      |
| ictspace_individualization_internet             |
| ictspace_individualization_iot                  |
| ictspace_individualization_lte                  |
| ictspace_individualization_mterminal            |
| ictspace_individualization_operator             |
| ictspace_innovate_book                          |
| ictspace_innovate_book_attachments              |
| ictspace_internal_share_article                 |
| ictspace_internal_share_click                   |
| ictspace_internal_share_result                  |
| ictspace_internal_share_user                    |
| ictspace_internal_test_member                   |
| ictspace_invite_feedback                        |
| ictspace_invite_group_mail                      |
| ictspace_invite_group_temp                      |
| ictspace_invite_history                         |
| ictspace_invite_ranking                         |
| ictspace_invite_register                        |
| ictspace_invite_result                          |
| ictspace_invite_send                            |
| ictspace_issue                                  |
| ictspace_issue_history                          |
| ictspace_issue_item                             |
| ictspace_jobs                                   |
| ictspace_mail_address                           |
| ictspace_mail_address_not_chinamobile           |
| ictspace_mail_address_temp                      |
| ictspace_mail_annex                             |
| ictspace_mail_article                           |
| ictspace_mail_automatic_create_html             |
| ictspace_mail_ontime_send                       |
| ictspace_mail_response                          |
| ictspace_mail_state                             |
| ictspace_mail_state_temp                        |
| ictspace_mail_statistics                        |
| ictspace_mail_statistics_details                |
| ictspace_mail_submit_state                      |
| ictspace_mail_weekly_article                    |
| ictspace_mail_weekly_html                       |
| ictspace_mail_weekly_response                   |
| ictspace_mail_weekly_state                      |
| ictspace_mail_weekly_statistics                 |
| ictspace_mail_weekly_statistics_details         |
| ictspace_mkchannel_history                      |
| ictspace_mkchannel_history_old                  |
| ictspace_mms                                    |
| ictspace_moa_users                              |
| ictspace_mobile_content                         |
| ictspace_mobile_content_bak                     |
| ictspace_mobile_img                             |
| ictspace_mobile_img_bak                         |
| ictspace_mobiler_passwd_change_log              |
| ictspace_module_guestbook                       |
| ictspace_module_guestbook_content               |
| ictspace_module_guestbook_management            |
| ictspace_module_termbank_article_cfo            |
| ictspace_module_termbank_article_tags           |
| ictspace_module_termbank_category               |
| ictspace_module_termbank_category_channel       |
| ictspace_module_termbank_feature                |
| ictspace_module_termbank_origin                 |
| ictspace_module_termbank_origin_channel         |
| ictspace_module_termbank_rel_category_channel   |
| ictspace_module_termbank_rel_origin_channel     |
| ictspace_module_termbank_related_tag            |
| ictspace_module_termbank_tag                    |
| ictspace_module_termbank_tag_synonym            |
| ictspace_module_vote_list                       |
| ictspace_module_vote_option                     |
| ictspace_mttr                                   |
| ictspace_mylayout                               |
| ictspace_newmail_address                        |
| ictspace_newmail_address_group                  |
| ictspace_newmail_address_group_rel              |
| ictspace_newmail_address_trash                  |
| ictspace_newmail_fragment                       |
| ictspace_newmail_fragment_category              |
| ictspace_newmail_fragment_item                  |
| ictspace_newmail_fragment_style                 |
| ictspace_newmail_log                            |
| ictspace_newmail_mail                           |
| ictspace_newmail_mail_template                  |
| ictspace_newmail_mail_type                      |
| ictspace_newmail_statistics                     |
| ictspace_newmail_subscribe_history              |
| ictspace_permission_group                       |
| ictspace_permission_user_group                  |
| ictspace_pers_pt2c_action                       |
| ictspace_personal_hits_data                     |
| ictspace_personal_interest_data                 |
| ictspace_personal_recom_item                    |
| ictspace_personal_today_item                    |
| ictspace_personal_tree_data                     |
| ictspace_personal_user_keyword                  |
| ictspace_personal_user_keyword_1                |
| ictspace_personal_user_keyword_2                |
| ictspace_personal_user_keyword_now              |
| ictspace_personal_user_recom                    |
| ictspace_personal_user_recom_1                  |
| ictspace_personal_user_recom_2                  |
| ictspace_pmlayout                               |
| ictspace_pmlayout_bak                           |
| ictspace_portlet_content                        |
| ictspace_portlet_item_set                       |
| ictspace_portlet_map                            |
| ictspace_portlet_vote                           |
| ictspace_portlet_vote_history                   |
| ictspace_portlets                               |
| ictspace_portlets_bak                           |
| ictspace_portlets_channel_index                 |
| ictspace_portlets_daily_data                    |
| ictspace_portlets_daily_data_bak                |
| ictspace_rank                                   |
| ictspace_rank_hits                              |
| ictspace_read_record                            |
| ictspace_readhistory                            |
| ictspace_recent_hits                            |
| ictspace_recom_rss_items                        |
| ictspace_recomendation                          |
| ictspace_report_access                          |
| ictspace_report_buyrecord                       |
| ictspace_report_category_tag                    |
| ictspace_report_comments                        |
| ictspace_report_item                            |
| ictspace_report_relations                       |
| ictspace_report_stat                            |
| ictspace_rss_items                              |
| ictspace_school                                 |
| ictspace_sendemail                              |
| ictspace_sessions                               |
| ictspace_shehui_job_resume                      |
| ictspace_shehui_jobs                            |
| ictspace_shehui_mark                            |
| ictspace_shehui_news                            |
| ictspace_shehui_resume                          |
| ictspace_shehui_resume_attach                   |
| ictspace_shehui_resume_edu                      |
| ictspace_shehui_resume_foreign                  |
| ictspace_shehui_resume_practice                 |
| ictspace_shehui_resume_project                  |
| ictspace_shehui_resume_regard                   |
| ictspace_shehui_resume_skill                    |
| ictspace_shehui_users                           |
| ictspace_shixisheng_job_resume                  |
| ictspace_shixisheng_jobs                        |
| ictspace_shixisheng_mark                        |
| ictspace_shixisheng_news                        |
| ictspace_shixisheng_resume                      |
| ictspace_shixisheng_resume_attach               |
| ictspace_shixisheng_resume_edu                  |
| ictspace_shixisheng_resume_foreign              |
| ictspace_shixisheng_resume_practice             |
| ictspace_shixisheng_resume_project              |
| ictspace_shixisheng_resume_regard               |
| ictspace_shixisheng_resume_skill                |
| ictspace_shixisheng_users                       |
| ictspace_spec_user                              |
| ictspace_specialMail                            |
| ictspace_subject                                |
| ictspace_subject_model                          |
| ictspace_subject_type                           |
| ictspace_survey_item                            |
| ictspace_survey_item_set                        |
| ictspace_survey_result                          |
| ictspace_survey_result_detail                   |
| ictspace_survey_reward                          |
| ictspace_teamshow_article                       |
| ictspace_teamshow_cases                         |
| ictspace_teamshow_day_view                      |
| ictspace_teamshow_info                          |
| ictspace_teamshow_teams                         |
| ictspace_teamshow_user_interface                |
| ictspace_teamshow_vote                          |
| ictspace_technique_subject                      |
| ictspace_temp_mail                              |
| ictspace_temp_mail__add_pagemark                |
| ictspace_temp_mail_click_data                   |
| ictspace_temp_mail_source                       |
| ictspace_term_pos                               |
| ictspace_terms                                  |
| ictspace_topics                                 |
| ictspace_topics_module_type                     |
| ictspace_topics_modules                         |
| ictspace_userInfor                              |
| ictspace_user_blog_rss                          |
| ictspace_user_blog_rss_item                     |
| ictspace_user_blog_rss_item_durpal_node_1212    |
| ictspace_user_channel                           |
| ictspace_user_school                            |
| ictspace_users                                  |
| ictspace_visit_level                            |
| ictspace_visit_stat                             |
| ictspace_vote                                   |
| ictspace_vote_history                           |
| ictspace_vwlayout                               |
| ictspace_vwlayout_bak                           |
| ictspace_wearable_user                          |
| ictspace_webinar                                |
| ictspace_webinar_album                          |
| ictspace_webinar_album_item                     |
| ictspace_webinar_chat                           |
| ictspace_webinar_head                           |
| ictspace_webinar_history                        |
| ictspace_webinar_reg                            |
| ictspace_wiise_register                         |
| ictspace_wtusers                                |
| ictspace_xiaoyuan_act                           |
| ictspace_xiaoyuan_allot                         |
| ictspace_xiaoyuan_isok                          |
| ictspace_xiaoyuan_job_resume                    |
| ictspace_xiaoyuan_jobs                          |
| ictspace_xiaoyuan_mark                          |
| ictspace_xiaoyuan_news                          |
| ictspace_xiaoyuan_resume                        |
| ictspace_xiaoyuan_resume_assess                 |
| ictspace_xiaoyuan_resume_attach                 |
| ictspace_xiaoyuan_resume_edu                    |
| ictspace_xiaoyuan_resume_foreign                |
| ictspace_xiaoyuan_resume_paper                  |
| ictspace_xiaoyuan_resume_patent                 |
| ictspace_xiaoyuan_resume_practice               |
| ictspace_xiaoyuan_resume_project                |
| ictspace_xiaoyuan_resume_regard                 |
| ictspace_xiaoyuan_resume_skill                  |
| ictspace_xiaoyuan_school                        |
| ictspace_xiaoyuan_site                          |
| ictspace_xiaoyuan_sxr_log                       |
| ictspace_xiaoyuan_tiaoji                        |
| ictspace_xiaoyuan_user_log                      |
| ictspace_xiaoyuan_user_role                     |
| ictspace_xiaoyuan_users                         |
| ictspace_zan                                    |
| ictspace_zhanhui                                |
| ictspace_zhanhui_ditu                           |
| ictspace_zhanhui_qiye                           |
| ictspace_zhaopin_job_resume                     |
| ictspace_zhaopin_jobs                           |
| ictspace_zhaopin_mark                           |
| ictspace_zhaopin_news                           |
| ictspace_zhaopin_resume                         |
| ictspace_zhaopin_resume_attach                  |
| ictspace_zhaopin_resume_edu                     |
| ictspace_zhaopin_resume_foreign                 |
| ictspace_zhaopin_resume_practice                |
| ictspace_zhaopin_resume_project                 |
| ictspace_zhaopin_resume_regard                  |
| ictspace_zhaopin_resume_skill                   |
| ictspace_zhaopin_users                          |
| ilabs_audit_user                                |
| ilabs_collect_user_concern                      |
| ilabs_craw_rule                                 |
| ilabs_crawl_log                                 |
| ilabs_like_user_concern                         |
| ilabs_navigation_class                          |
| ilabs_pushdb                                    |
| ilabs_source                                    |
| ilabs_source_class                              |
| ilabs_source_class_concern                      |
| ilabs_source_recommend                          |
| ilabs_source_template_concern                   |
| ilabs_source_url_concern                        |
| ilabs_source_user_concern                       |
| ilabs_task_log                                  |
| ilabs_template                                  |
| ilabs_template_user_concern                     |
| ilabs_url_rule                                  |
| ilabs_verify                                    |
| imic_manage                                     |
| imic_user                                       |
| labs_concern                                    |
| mobile_apple_token                              |
| mobile_favorites                                |
| mobile_feedback                                 |
| mobile_user_category                            |
| poll_comment                                    |
| poll_config                                     |
| poll_data                                       |
| poll_index                                      |
| poll_ip                                         |
| poll_log                                        |
| poll_templates                                  |
| poll_templateset                                |
| poll_user                                       |
| ppsp_access                                     |
| ppsp_actions                                    |
| ppsp_actions_aid                                |
| ppsp_authmap                                    |
| ppsp_batch                                      |
| ppsp_blocks                                     |
| ppsp_blocks_roles                               |
| ppsp_boxes                                      |
| ppsp_cache                                      |
| ppsp_cache_block                                |
| ppsp_cache_filter                               |
| ppsp_cache_form                                 |
| ppsp_cache_menu                                 |
| ppsp_cache_page                                 |
| ppsp_cache_update                               |
| ppsp_comments                                   |
| ppsp_files                                      |
| ppsp_filter_formats                             |
| ppsp_filters                                    |
| ppsp_flood                                      |
| ppsp_forum                                      |
| ppsp_history                                    |
| ppsp_menu_custom                                |
| ppsp_menu_links                                 |
| ppsp_menu_router                                |
| ppsp_node                                       |
| ppsp_node_access                                |
| ppsp_node_comment_statistics                    |
| ppsp_node_counter                               |
 ppsp_node_revisions                             |
| ppsp_node_type                                  |
| ppsp_permission                                 |
| ppsp_role                                       |
| ppsp_sessions                                   |
| ppsp_system                                     |
| ppsp_term_data                                  |
| ppsp_term_hierarchy                             |
| ppsp_term_node                                  |
| ppsp_term_relation                              |
| ppsp_term_synonym                               |
| ppsp_url_alias                                  |
| ppsp_users                                      |
| ppsp_users_roles                                |
| ppsp_variable                                   |
| ppsp_vocabulary                                 |
| ppsp_vocabulary_node_types                      |
| ppsp_watchdog                                   |
| reader_access                                   |
| reader_all                                      |
| reader_collect                                  |
| reader_read                                     |
| reader_topic_history                            |
| reader_topic_node                               |
| reader_topics                                   |
| recom_item_item                                 |
| recom_item_tag                                  |
| recom_others_item                               |
| recom_random_blog                               |
| recom_random_group                              |
| recom_related_item                              |
| recom_relative_group                            |
| recom_rule                                      |
| recom_similar_item                              |
| recom_simple_similar_item                       |
| recom_tag                                       |
| sc_bookmarks                                    |
| sc_tags                                         |
| sc_users                                        |
| sc_watched                                      |
| techcircle_category                             |
| techcircle_category_company                     |
| techcircle_category_recomm                      |
| techcircle_comment                              |
| techcircle_company                              |
| techcircle_company_recomm                       |
| techcircle_company_statistics                   |
| techcircle_focus                                |
| techcircle_forbidden_word                       |
| techcircle_friendly_links                       |
| techcircle_product                              |
| techcircle_product_recomm                       |
| techcircle_product_statistics                   |
| techcircle_project                              |
| techcircle_project_cmri_members                 |
| techcircle_tag                                  |
| techcircle_tag_post                             |
| techcircle_tag_user                             |
| temp_novipmail                                  |
| test_wiki_cmri_user                             |
| upper_line_login                                |
| users_api                                       |
| vke_answer                                      |
| vke_character_class                             |
| vke_comment                                     |
| vke_data                                        |
| vke_data_concern                                |
| vke_invite                                      |
| vke_invite_answer                               |
| vke_invite_info                                 |
| vke_log                                         |
| vke_mail                                        |
| vke_new_message                                 |
| vke_question                                    |
| vke_question_report                             |
| vke_question_topic                              |
| vke_question_trends                             |
| vke_top_on                                      |
| vke_topic                                       |
| vke_topic_class                                 |
| vke_topic_class_relation                        |
| vke_topic_related                               |
| vke_user                                        |
| vke_user_character_class                        |
| vke_user_headpic                                |
| wiki_archive                                    |
| wiki_categorylinks                              |
| wiki_externallinks                              |
| wiki_filearchive                                |
| wiki_hitcounter                                 |
| wiki_image                                      |
| wiki_imagelinks                                 |
| wiki_interwiki                                  |
| wiki_ipblocks                                   |
| wiki_job                                        |
| wiki_langlinks                                  |
| wiki_logging                                    |
| wiki_math                                       |
| wiki_objectcache                                |
| wiki_oldimage                                   |
| wiki_page                                       |
| wiki_page_restrictions                          |
| wiki_pagelinks                                  |
| wiki_querycache                                 |
| wiki_querycache_info                            |
| wiki_querycachetwo                              |
| wiki_recentchanges                              |
| wiki_redirect                                   |
| wiki_revision                                   |
| wiki_searchindex                                |
| wiki_site_stats                                 |
| wiki_templatelinks                              |
| wiki_text                                       |
| wiki_trackbacks                                 |
| wiki_transcache                                 |
| wiki_user                                       |
| wiki_user_groups                                |
| wiki_user_newtalk                               |
| wiki_watchlist                                  |
| ydzone_access                                   |
| ydzone_actions                                  |
| ydzone_actions_aid                              |
| ydzone_authmap                                  |
| ydzone_batch                                    |
| ydzone_blocks                                   |
| ydzone_blocks_roles                             |
| ydzone_boxes                                    |
| ydzone_cache                                    |
| ydzone_cache_block                              |
| ydzone_cache_filter                             |
| ydzone_cache_form                               |
| ydzone_cache_menu                               |
| ydzone_cache_page                               |
| ydzone_cache_update                             |
| ydzone_comments                                 |
| ydzone_files                                    |
| ydzone_filter_formats                           |
| ydzone_filters                                  |
| ydzone_flood                                    |
| ydzone_group_admin_config                       |
| ydzone_group_admin_index_tags                   |
| ydzone_group_admin_notice                       |
| ydzone_group_admin_recomm                       |
| ydzone_group_admin_recomm_bak1                  |
| ydzone_group_apply_join                         |
| ydzone_group_attach_mapping                     |
| ydzone_group_attachment                         |
| ydzone_group_category                           |
| ydzone_group_collect                            |
| ydzone_group_designationchange                  |
| ydzone_group_editor_setting                     |
| ydzone_group_group                              |
| ydzone_group_groupcategory                      |
| ydzone_group_groupview                          |
| ydzone_group_index_topics                       |
| ydzone_group_invitetype                         |
| ydzone_group_message                            |
| ydzone_group_pre_verify                         |
| ydzone_group_reply                              |
| ydzone_group_roletitle                          |
| ydzone_group_scorerule                          |
| ydzone_group_stat                               |
| ydzone_group_tag                                |
| ydzone_group_tag_category                       |
| ydzone_group_tag_group                          |
| ydzone_group_topic                              |
| ydzone_group_topic_category                     |
| ydzone_group_topic_tag                          |
| ydzone_group_topic_view                         |
| ydzone_group_topictype                          |
| ydzone_group_user_forbidden                     |
| ydzone_group_user_group                         |
| ydzone_group_userfriend                         |
| ydzone_group_view_history                       |
| ydzone_group_vote_candidate                     |
| ydzone_group_vote_history                       |
| ydzone_group_wb_user                            |
| ydzone_history                                  |
| ydzone_index_category                           |
| ydzone_index_picture                            |
| ydzone_languages                                |
| ydzone_locales_source                           |
| ydzone_locales_target                           |
| ydzone_menu_custom                              |
| ydzone_menu_links                               |
| ydzone_menu_router                              |
| ydzone_my_blog                                  |
| ydzone_my_blog_cache_controll                   |
| ydzone_my_blog_category                         |
| ydzone_my_blog_draft                            |
| ydzone_my_blog_editor_best_post                 |
| ydzone_my_blog_editor_blog_directory0           |
| ydzone_my_blog_editor_blog_directory1           |
| ydzone_my_blog_editor_category                  |
| ydzone_my_blog_editor_category_1                |
| ydzone_my_blog_editor_category_2                |
| ydzone_my_blog_editor_category_3                |
| ydzone_my_blog_editor_censor                    |
| ydzone_my_blog_editor_front                     |
| ydzone_my_blog_editor_hot_tags                  |
| ydzone_my_blog_editor_mobile_post               |
| ydzone_my_blog_editor_recent_blog               |
| ydzone_my_blog_editor_recent_post               |
| ydzone_my_blog_editor_recent_post_by_category   |
| ydzone_my_blog_editor_settings                  |
| ydzone_my_blog_editor_top_blog                  |
| ydzone_my_blog_mailgroup                        |
| ydzone_my_blog_maillist                         |
| ydzone_my_blog_my_category                      |
| ydzone_my_blog_my_category_node                 |
| ydzone_my_blog_myfolder                         |
| ydzone_my_blog_statistics                       |
| ydzone_my_blog_statistics_log                   |
| ydzone_my_blog_tag                              |
| ydzone_my_blog_tag_node                         |
| ydzone_my_blog_tag_user                         |
| ydzone_my_blog_tags_category                    |
| ydzone_my_blog_user_import_record               |
| ydzone_my_blog_user_node                        |
| ydzone_my_blog_wp_import_posts_hits             |
| ydzone_my_blog_wp_import_record                 |
| ydzone_node                                     |
| ydzone_node_access                              |
| ydzone_node_comment_statistics                  |
| ydzone_node_counter                             |
| ydzone_node_revisions                           |
| ydzone_node_type                                |
| ydzone_permission                               |
| ydzone_recomm_interested                        |
| ydzone_recomm_sister                            |
| ydzone_role                                     |
| ydzone_sessions                                 |
| ydzone_system                                   |
| ydzone_term_data                                |
| ydzone_term_hierarchy                           |
| ydzone_term_node                                |
| ydzone_term_relation                            |
| ydzone_term_synonym                             |
| ydzone_url_alias                                |
| ydzone_users                                    |
| ydzone_users_roles                              |
| ydzone_variable                                 |
| ydzone_vocabulary                               |
| ydzone_vocabulary_node_types                    |
| ydzone_watchdog                                 |
| z_acommentsLog                                  |
+-------------------------------------------------+


存在大量的重要数据,严重性不言而喻;

修复方案:

整改;

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-11-27 15:05

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置。

最新状态:

暂无