当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0204026

漏洞标题:飞流(FLMobile)多处SQL注入打包(涉及整站20W+用户信息/200+管理员信息/600+开放平台管理员信息)

相关厂商:北京飞流九天科技有限公司

漏洞作者: Exploit DB

提交时间:2016-05-01 20:51

修复时间:2016-05-09 09:00

公开时间:2016-05-09 09:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-05-01: 细节已通知厂商并且等待厂商处理中
2016-05-09: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

看到这个厂商经常性忽略~希望这个不要被忽略~

详细说明:

http://hlqk.feiliu.com/countc/downcount/?type=1&resource=fl resource=fl


http://rose.feiliu.com/newsc/news_list/?&start=8


QQ截图20160501112001.png


available databases [3]:
[*] information_schema
[*] shouyoudb
[*] test


Database: shouyoudb
[559 tables]
+------------------------------------+
| bus_article                        |
| bus_focus                          |
| flgc_usernews                      |
| media_bm                           |
| media_center                       |
| media_channel                      |
| media_class                        |
| media_gl                           |
| media_gl_content                   |
| media_pic                          |
| media_property                     |
| media_template                     |
| media_value                        |
| open_admin_action                  |
| open_admin_user                    |
| open_loginhistory                  |
| open_menu                          |
| open_menu_product                  |
| open_menu_product_20140220         |
| open_oplog                         |
| open_replenish                     |
| open_sdkmanage                     |
| open_sdkmanage_20140919            |
| open_userproduct                   |
| open_userproduct_bak               |
| open_userproduct_temp              |
| sdk_ad_ip                          |
| sdk_ad_ip_temp                     |
| sdk_addeviceinfo                   |
| sdk_admin                          |
| sdk_adminuser                      |
| sdk_announcementgames              |
| sdk_announcements                  |
| sdk_announcementset                |
| sdk_answer                         |
| sdk_call_check                     |
| sdk_cps                            |
| sdk_customer_quick_reply           |
| sdk_customer_work_list             |
| sdk_customer_works                 |
| sdk_faqs                           |
| sdk_flgames                        |
| sdk_game_coop                      |
| sdk_game_paycode                   |
| sdk_game_rule                      |
| sdk_game_update                    |
| sdk_games                          |
| sdk_games_bak20140117              |
| sdk_gameuser_vip                   |
| sdk_initation                      |
| sdk_ios7_uuid_uid                  |
| sdk_memberinvitecode               |
| sdk_memberpostinvitecode           |
| sdk_memberservice_100003           |
| sdk_memberservice_100004           |
| sdk_memberservice_100006           |
| sdk_memberservice_100011           |
| sdk_memberservice_100026           |
| sdk_memberservice_100033           |
| sdk_memberservice_100037           |
| sdk_memberservice_100038           |
| sdk_memberservice_100039           |
| sdk_memberservice_100040           |
| sdk_memberservice_100041           |
| sdk_memberservice_100042           |
| sdk_memberservice_100044           |
| sdk_memberservice_100047           |
| sdk_memberservice_100049           |
| sdk_memberservice_100050           |
| sdk_memberservice_100051           |
| sdk_memberservice_100052           |
| sdk_memberservice_100053           |
| sdk_memberservice_100054           |
| sdk_memberservice_100055           |
| sdk_memberservice_100056           |
| sdk_memberservice_100057           |
| sdk_memberservice_100058           |
| sdk_memberservice_100061           |
| sdk_memberservice_100062           |
| sdk_memberservice_100063           |
| sdk_memberservice_100064           |
| sdk_memberservice_100066           |
| sdk_memberservice_100067           |
| sdk_memberservice_100068           |
| sdk_memberservice_100069           |
| sdk_memberservice_100071           |
| sdk_memberservice_100075           |
| sdk_memberservice_100079           |
| sdk_memberservice_100083           |
| sdk_memberservice_100086           |
| sdk_memberservice_100087           |
| sdk_memberservice_100088           |
| sdk_memberservice_100089           |
| sdk_memberservice_100090           |
| sdk_memberservice_100091           |
| sdk_memberservice_100092           |
| sdk_memberservice_100093           |
| sdk_memberservice_100095           |
| sdk_memberservice_100096           |
| sdk_memberservice_100097           |
| sdk_memberservice_100098           |
| sdk_memberservice_100099           |
| sdk_memberservice_100100           |
| sdk_memberservice_100103           |
| sdk_memberservice_100104           |
| sdk_memberservice_100105           |
| sdk_memberservice_100106           |
| sdk_memberservice_100108           |
| sdk_memberservice_100111           |
| sdk_memberservice_100112           |
| sdk_memberservice_100113           |
| sdk_memberservice_100114           |
| sdk_memberservice_100117           |
| sdk_memberservice_100118           |
| sdk_memberservice_100121           |
| sdk_memberservice_100122           |
| sdk_memberservice_100123           |
| sdk_memberservice_100124           |
| sdk_memberservice_100125           |
| sdk_memberservice_100126           |
| sdk_memberservice_100127           |
| sdk_memberservice_100129           |
| sdk_memberservice_100130           |
| sdk_memberservice_100131           |
| sdk_memberservice_100132           |
| sdk_memberservice_100133           |
| sdk_memberservice_100134           |
| sdk_memberservice_100135           |
| sdk_memberservice_100136           |
| sdk_memberservice_100137           |
| sdk_memberservice_100138           |
| sdk_memberservice_100139           |
| sdk_memberservice_100141           |
| sdk_memberservice_100143           |
| sdk_memberservice_100144           |
| sdk_memberservice_100145           |
| sdk_memberservice_100146           |
| sdk_memberservice_100147           |
| sdk_memberservice_100148           |
| sdk_memberservice_100149           |
| sdk_memberservice_100150           |
| sdk_memberservice_100151           |
| sdk_memberservice_100152           |
| sdk_memberservice_100153           |
| sdk_memberservice_100154           |
| sdk_memberservice_100155           |
| sdk_memberservice_100156           |
| sdk_memberservice_100158           |
| sdk_memberservice_100159           |
| sdk_memberservice_100160           |
| sdk_memberservice_100162           |
| sdk_memberservice_100166           |
| sdk_memberservice_100167           |
| sdk_memberservice_100168           |
| sdk_memberservice_100169           |
| sdk_memberservice_100170           |
| sdk_memberservice_100171           |
| sdk_memberservice_100172           |
| sdk_memberservice_100173           |
| sdk_memberservice_100174           |
| sdk_memberservice_100175           |
| sdk_memberservice_100176           |
| sdk_memberservice_100177           |
| sdk_memberservice_100178           |
| sdk_memberservice_100179           |
| sdk_memberservice_100181           |
| sdk_memberservice_100183           |
| sdk_memberservice_100186           |
| sdk_memberservice_100187           |
| sdk_memberservice_100188           |
| sdk_memberservice_100189           |
| sdk_memberservice_100190           |
| sdk_memberservice_100191           |
| sdk_memberservice_100192           |
| sdk_memberservice_100193           |
| sdk_memberservice_100194           |
| sdk_memberservice_100195           |
| sdk_memberservice_100196           |
| sdk_memberservice_100197           |
| sdk_memberservice_100198           |
| sdk_memberservice_100199           |
| sdk_memberservice_100200           |
| sdk_memberservice_100201           |
| sdk_memberservice_100202           |
| sdk_memberservice_100203           |
| sdk_memberservice_100204           |
| sdk_memberservice_100205           |
| sdk_memberservice_100206           |
| sdk_memberservice_100207           |
| sdk_memberservice_100208           |
| sdk_memberservice_100209           |
| sdk_memberservice_100210           |
| sdk_memberservice_100211           |
| sdk_memberservice_100213           |
| sdk_memberservice_100214           |
| sdk_memberservice_100215           |
| sdk_memberservice_100216           |
| sdk_memberservice_100217           |
| sdk_memberservice_100218           |
| sdk_memberservice_100219           |
| sdk_memberservice_100220           |
| sdk_memberservice_100221           |
| sdk_memberservice_100222           |
| sdk_memberservice_100223           |
| sdk_memberservice_100224           |
| sdk_memberservice_100225           |
| sdk_memberservice_100226           |
| sdk_memberservice_100227           |
| sdk_memberservice_100228           |
| sdk_memberservice_100229           |
| sdk_memberservice_100230           |
| sdk_memberservice_100231           |
| sdk_memberservice_100232           |
| sdk_memberservice_100233           |
| sdk_memberservice_100234           |
| sdk_memberservice_100235           |
| sdk_memberservice_100236           |
| sdk_memberservice_100237           |
| sdk_memberservice_100238           |
| sdk_memberservice_100239           |
| sdk_memberservice_100240           |
| sdk_memberservice_100241           |
| sdk_memberservice_100242           |
| sdk_memberservice_100243           |
| sdk_memberservice_100244           |
| sdk_memberservice_100245           |
| sdk_memberservice_100246           |
| sdk_memberservice_100247           |
| sdk_memberservice_100248           |
| sdk_memberservice_100249           |
| sdk_memberservice_100250           |
| sdk_memberservice_100251           |
| sdk_memberservice_100252           |
| sdk_memberservice_100253           |
| sdk_memberservice_100254           |
| sdk_memberservice_100255           |
| sdk_memberservice_100256           |
| sdk_memberservice_100257           |
| sdk_memberservice_100258           |
| sdk_memberservice_100259           |
| sdk_memberservice_100260           |
| sdk_memberservice_100261           |
| sdk_memberservice_100262           |
| sdk_memberservice_100263           |
| sdk_memberservice_100264           |
| sdk_memberservice_100265           |
| sdk_memberservice_100266           |
| sdk_memberservice_100267           |
| sdk_memberservice_100268           |
| sdk_memberservice_100269           |
| sdk_memberservice_100270           |
| sdk_memberservice_100271           |
| sdk_memberservice_100272           |
| sdk_memberservice_100273           |
| sdk_memberservice_100274           |
| sdk_memberservice_100275           |
| sdk_memberservice_100276           |
| sdk_memberservice_100277           |
| sdk_memberservice_100279           |
| sdk_memberservice_100280           |
| sdk_memberservice_100281           |
| sdk_memberservice_100283           |
| sdk_memberservice_100284           |
| sdk_memberservice_100285           |
| sdk_memberservice_100286           |
| sdk_memberservice_100287           |
| sdk_memberservice_100288           |
| sdk_memberservice_100289           |
| sdk_memberservice_100290           |
| sdk_memberservice_100291           |
| sdk_memberservice_100292           |
| sdk_memberservice_100293           |
| sdk_memberservice_100294           |
| sdk_memberservice_100295           |
| sdk_memberservice_100296           |
| sdk_memberservice_100297           |
| sdk_memberservice_100298           |
| sdk_memberservice_100299           |
| sdk_memberservice_100300           |
| sdk_memberservice_111111           |
| sdk_memberservice_20001            |
| sdk_memberservice_20002            |
| sdk_memberservice_20003            |
| sdk_memberservice_20004            |
| sdk_memberservice_20005            |
| sdk_memberservice_20006            |
| sdk_memberservice_20007            |
| sdk_memberservice_20008            |
| sdk_memberservice_20009            |
| sdk_memberservice_20010            |
| sdk_menu                           |
| sdk_payorderinfo                   |
| sdk_ppsg_character_cards           |
| sdk_ppsg_keji_data                 |
| sdk_ppsg_levelup_dataratio         |
| sdk_ppsg_sishengshi_data           |
| sdk_ppsg_wujiang_levelupconsume    |
| sdk_ppsg_wujiangfengge_levelupdata |
| sdk_question                       |
| sdk_rights                         |
| sdk_servers                        |
| sdk_sgyy_cardinfo                  |
| sdk_site                           |
| sdk_site_config                    |
| sdk_site_download                  |
| sdk_site_download_20140528         |
| sdk_site_download_old              |
| sdk_site_frindlinks                |
| sdk_site_gamelist                  |
| sdk_site_invite                    |
| sdk_site_tag                       |
| sdk_site_typelist                  |
| sdk_user                           |
| sdk_userright                      |
| sdk_uuid_guid_playerinfo_100026    |
| sdk_uuid_guid_playerinfo_100037    |
| sdk_uuid_guid_playerinfo_100038    |
| sdk_uuid_guid_playerinfo_100039    |
| sdk_uuid_guid_playerinfo_100040    |
| sdk_uuid_guid_playerinfo_100041    |
| sdk_uuid_guid_playerinfo_100042    |
| sdk_uuid_guid_playerinfo_100044    |
| sdk_uuid_guid_playerinfo_100047    |
| sdk_uuid_guid_playerinfo_100049    |
| sdk_uuid_guid_playerinfo_100050    |
| sdk_uuid_guid_playerinfo_100051    |
| sdk_uuid_guid_playerinfo_100052    |
| sdk_uuid_guid_playerinfo_100053    |
| sdk_uuid_guid_playerinfo_100054    |
| sdk_uuid_guid_playerinfo_100055    |
| sdk_uuid_guid_playerinfo_100056    |
| sdk_uuid_guid_playerinfo_100057    |
| sdk_uuid_guid_playerinfo_100058    |
| sdk_uuid_guid_playerinfo_100061    |
| sdk_uuid_guid_playerinfo_100062    |
| sdk_uuid_guid_playerinfo_100063    |
| sdk_uuid_guid_playerinfo_100064    |
| sdk_uuid_guid_playerinfo_100066    |
| sdk_uuid_guid_playerinfo_100067    |
| sdk_uuid_guid_playerinfo_100068    |
| sdk_uuid_guid_playerinfo_100069    |
| sdk_uuid_guid_playerinfo_100075    |
| sdk_uuid_guid_playerinfo_100079    |
| sdk_uuid_guid_playerinfo_100083    |
| sdk_uuid_guid_playerinfo_100086    |
| sdk_uuid_guid_playerinfo_100087    |
| sdk_uuid_guid_playerinfo_100088    |
| sdk_uuid_guid_playerinfo_100089    |
| sdk_uuid_guid_playerinfo_100090    |
| sdk_uuid_guid_playerinfo_100091    |
| sdk_uuid_guid_playerinfo_100092    |
| sdk_uuid_guid_playerinfo_100093    |
| sdk_uuid_guid_playerinfo_100095    |
| sdk_uuid_guid_playerinfo_100096    |
| sdk_uuid_guid_playerinfo_100097    |
| sdk_uuid_guid_playerinfo_100098    |
| sdk_uuid_guid_playerinfo_100099    |
| sdk_uuid_guid_playerinfo_100100    |
| sdk_uuid_guid_playerinfo_100103    |
| sdk_uuid_guid_playerinfo_100104    |
| sdk_uuid_guid_playerinfo_100105    |
| sdk_uuid_guid_playerinfo_100106    |
| sdk_uuid_guid_playerinfo_100108    |
| sdk_uuid_guid_playerinfo_100111    |
| sdk_uuid_guid_playerinfo_100112    |
| sdk_uuid_guid_playerinfo_100113    |
| sdk_uuid_guid_playerinfo_100114    |
| sdk_uuid_guid_playerinfo_100117    |
| sdk_uuid_guid_playerinfo_100118    |
| sdk_uuid_guid_playerinfo_100121    |
| sdk_uuid_guid_playerinfo_100122    |
| sdk_uuid_guid_playerinfo_100123    |
| sdk_uuid_guid_playerinfo_100124    |
| sdk_uuid_guid_playerinfo_100125    |
| sdk_uuid_guid_playerinfo_100126    |
| sdk_uuid_guid_playerinfo_100127    |
| sdk_uuid_guid_playerinfo_100129    |
| sdk_uuid_guid_playerinfo_100130    |
| sdk_uuid_guid_playerinfo_100131    |
| sdk_uuid_guid_playerinfo_100132    |
| sdk_uuid_guid_playerinfo_100133    |
| sdk_uuid_guid_playerinfo_100134    |
| sdk_uuid_guid_playerinfo_100135    |
| sdk_uuid_guid_playerinfo_100136    |
| sdk_uuid_guid_playerinfo_100137    |
| sdk_uuid_guid_playerinfo_100138    |
| sdk_uuid_guid_playerinfo_100139    |
| sdk_uuid_guid_playerinfo_100141    |
| sdk_uuid_guid_playerinfo_100143    |
| sdk_uuid_guid_playerinfo_100144    |
| sdk_uuid_guid_playerinfo_100145    |
| sdk_uuid_guid_playerinfo_100146    |
| sdk_uuid_guid_playerinfo_100147    |
| sdk_uuid_guid_playerinfo_100148    |
| sdk_uuid_guid_playerinfo_100149    |
| sdk_uuid_guid_playerinfo_100150    |
| sdk_uuid_guid_playerinfo_100151    |
| sdk_uuid_guid_playerinfo_100152    |
| sdk_uuid_guid_playerinfo_100153    |
| sdk_uuid_guid_playerinfo_100154    |
| sdk_uuid_guid_playerinfo_100155    |
| sdk_uuid_guid_playerinfo_100156    |
| sdk_uuid_guid_playerinfo_100158    |
| sdk_uuid_guid_playerinfo_100159    |
| sdk_uuid_guid_playerinfo_100160    |
| sdk_uuid_guid_playerinfo_100162    |
| sdk_uuid_guid_playerinfo_100166    |
| sdk_uuid_guid_playerinfo_100167    |
| sdk_uuid_guid_playerinfo_20001     |
| sdk_uuid_guid_playerinfo_20002     |
| sdk_uuid_guid_playerinfo_20003     |
| sdk_uuid_guid_playerinfo_20004     |
| sdk_uuid_guid_playerinfo_20005     |
| sdk_uuid_guid_playerinfo_20006     |
| sdk_uuid_guid_playerinfo_20007     |
| sdk_uuid_guid_playerinfo_20008     |
| sdk_uuid_guid_playerinfo_20009     |
| sdk_uuid_guid_playerinfo_20010     |
| sdk_uuid_uid_record                |
| sdk_waiter                         |
| sdk_waiter_game                    |
| sdk_wlmz_charge_rank               |
| sy_acpic                           |
| sy_action                          |
| sy_actiontestb                     |
| sy_actiontimelimit                 |
| sy_activity                        |
| sy_actlog                          |
| sy_actlogback20120930              |
| sy_actlogback20130326              |
| sy_actype                          |
| sy_attachments                     |
| sy_creditslevel                    |
| sy_creditslevel1                   |
| sy_creditsrule                     |
| sy_dayactionpointtimes_201207      |
| sy_dayactionpointtimes_201208      |
| sy_dayactionpointtimes_201209      |
| sy_dayactionpointtimes_201210      |
| sy_dayactionpointtimes_201211      |
| sy_dayactionpointtimes_201212      |
| sy_dayactionpointtimes_201301      |
| sy_dayactionpointtimes_201302      |
| sy_dayactionpointtimes_201303      |
| sy_dayactionpointtimes_201304      |
| sy_dayactionpointtimes_201305      |
| sy_dayactionpointtimes_201306      |
| sy_dayactionpointtimes_201307      |
| sy_dayactionpointtimes_201308      |
| sy_dayactionpointtimes_201309      |
| sy_dayactionpointtimes_201310      |
| sy_dayactionpointtimes_201311      |
| sy_dayactionpointtimes_201312      |
| sy_downloadrecord                  |
| sy_feedback                        |
| sy_fileimport                      |
| sy_filerec                         |
| sy_flresrecommend                  |
| sy_forum_creditslevel              |
| sy_forum_levelname                 |
| sy_forum_member                    |
| sy_forum_member_credits_log        |
| sy_forums                          |
| sy_forumusermsgnum                 |
| sy_friend                          |
| sy_gameserverlist                  |
| sy_ghalbum                         |
| sy_ghalbumpic                      |
| sy_ghgame                          |
| sy_ghgamelist                      |
| sy_ghhuibiao                       |
| sy_ghinfo                          |
| sy_ghinfofeild                     |
| sy_ghjob                           |
| sy_ghlogo                          |
| sy_ghmember                        |
| sy_groupcheckin                    |
| sy_groupjoblist                    |
| sy_idbox                           |
| sy_idboxinfo                       |
| sy_idtype                          |
| sy_indextop                        |
| sy_invitejoin                      |
| sy_joininfo                        |
| sy_levelname                       |
| sy_member_joinactivity             |
| sy_memberavatar                    |
| sy_memberbadword                   |
| sy_memberbox                       |
| sy_memberdcthread                  |
| sy_memberfavorites                 |
| sy_memberfields                    |
| sy_membergame                      |
| sy_members                         |
| sy_members_copy                    |
| sy_memberthreads                   |
| sy_membervoterec                   |
| sy_newslist                        |
| sy_pointrecord_201207              |
| sy_pointrecord_201208              |
| sy_pointrecord_201209              |
| sy_pointrecord_201210              |
| sy_pointrecord_201211              |
| sy_pointrecord_201212              |
| sy_pointrecord_201301              |
| sy_pointrecord_201302              |
| sy_pointrecord_201303              |
| sy_pointrecord_201304              |
| sy_pointrecord_201305              |
| sy_pointrecord_201306              |
| sy_pointrecord_201307              |
| sy_pointrecord_201308              |
| sy_pointrecord_201309              |
| sy_pointrecord_201310              |
| sy_pointrecord_201311              |
| sy_pointrecord_201312              |
| sy_pointrule                       |
| sy_pointtype                       |
| sy_posts                           |
| sy_posts_test                      |
| sy_pushmsghistory                  |
| sy_qh_recommend                    |
| sy_recommendation                  |
| sy_recommendnickname               |
| sy_searchkeyword                   |
| sy_searchkw                        |
| sy_threadcreditlog                 |
| sy_threads                         |
| sy_threads_test                    |
| sy_threadtypes                     |
| sy_threadvote                      |
| sy_threadvoteitem                  |
| sy_useractionrec                   |
| sy_userauthcellphone               |
| sy_userband                        |
| sy_usercheckin                     |
| sy_userlogincontinue               |
| sy_userlogincontinue30             |
| sy_userloginrec                    |
| sy_userpushid                      |
| sy_userstats                       |
| sy_userstatus                      |
| sy_userusenumber                   |
| sy_useryuding                      |
| tbl_synctable                      |
| tmp_fl_uuid_0425                   |
| tmp_fl_uuid_0426                   |
| tmp_zh_allconnuser_26              |
| tmp_zh_allconnuser_27              |
| tmp_zh_connuser_26                 |
| tmp_zh_connuser_27                 |
| tmp_zh_uuid_0425                   |
| tmp_zhzh_allconnuser_27            |
| tp_count                           |
| tp_user                            |
| wanpu_qudao                        |
| wansha_bbs_manager                 |
| www_votecounter                    |
| www_voterecord                     |
+------------------------------------+


QQ截图20160501112001.png


Database: shouyoudb
Table: sy_members
[27 columns]
+---------------+--------------+
| Column        | Type         |
+---------------+--------------+
| birthday      | int(10)      |
| constellation | varchar(20)  |
| createtime    | int(10)      |
| credits       | int(10)      |
| email         | varchar(100) |
| fluid         | int(10)      |
| friendnum     | int(10)      |
| gender        | tinyint(1)   |
| ghid          | int(10)      |
| is_band       | tinyint(1)   |
| is_del        | tinyint(1)   |
| is_reg        | tinyint(1)   |
| mcode         | varchar(200) |
| mid           | int(10)      |
| mobieinfo     | varchar(255) |
| nickname      | varchar(50)  |
| password      | varchar(100) |
| posts         | mediumint(8) |
| qqwb          | varchar(40)  |
| region        | varchar(20)  |
| regtime       | int(10)      |
| salt          | varchar(6)   |
| signature     | varchar(255) |
| sinawb        | varchar(20)  |
| threads       | int(10)      |
| uid           | bigint(12)   |
| username      | varchar(50)  |
+---------------+--------------+


QQ截图20160501112001.png


Database: shouyoudb
Table: sdk_adminuser
[13 columns]
+------------+--------------+
| Column     | Type         |
+------------+--------------+
| adddate    | int(100)     |
| adminid    | int(8)       |
| adminname  | varchar(100) |
| adminpwd   | varchar(50)  |
| channelid  | int(10)      |
| companyid  | int(10)      |
| creator    | int(10)      |
| email      | varchar(50)  |
| parent     | varchar(50)  |
| remark     | varchar(220) |
| roleid     | int(11)      |
| truename   | varchar(100) |
| userstatus | int(2)       |
+------------+--------------+


QQ截图20160501112001.png


Database: shouyoudb
Table: open_admin_user
[22 columns]
+--------------+----------------------+
| Column       | Type                 |
+--------------+----------------------+
| exists       | tinyint(4)           |
| level        | int(2)               |
| action_list  | text                 |
| add_time     | int(11)              |
| agency_id    | smallint(5) unsigned |
| bossname     | varchar(30)          |
| email        | varchar(60)          |
| is_super     | int(1)               |
| lang_type    | varchar(50)          |
| last_ip      | varchar(15)          |
| last_login   | int(11)              |
| nav_list     | text                 |
| password     | varchar(32)          |
| remark       | text                 |
| rights       | text                 |
| role_id      | smallint(5)          |
| salt         | varchar(8)           |
| suppliers_id | mediumint(9)         |
| todolist     | longtext             |
| truename     | varchar(20)          |
| user_id      | smallint(5) unsigned |
| user_name    | varchar(60)          |
+--------------+----------------------+


几个管理平台
1.http://sso.feiliu.com/
2.http://open.feiliu.com/
3.http://fladminsso.feiliu.com/

漏洞证明:

修复方案:

版权声明:转载请注明来源 Exploit DB@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-05-09 09:00

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无