当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-031909

漏洞标题:B2Bbuilder官网SQL注入漏洞(可拖库)

相关厂商:B2Bbuilder

漏洞作者: xfkxfk

提交时间:2013-07-23 10:30

修复时间:2013-09-06 10:31

公开时间:2013-09-06 10:31

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-07-23: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-09-06: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

B2Bbuilder官网SQL注入漏洞(可拖库)
还有报路径啊

详细说明:

存在注入的url:

http://www.b2b-builder.com/announcement.php?id=30


报绝对路径漏洞:

zhuzhan1.png


官网主站的数据库:

zhuzhan2.png


数据库demomallcn的数据表:

Database: demomallcn
[97 tables]
+-----------------------------------+
| b2bbuilder_activity |
| b2bbuilder_activity_product_list |
| b2bbuilder_admin |
| b2bbuilder_admin_group |
| b2bbuilder_admin_operation_log |
| b2bbuilder_advs |
| b2bbuilder_advs_con |
| b2bbuilder_album |
| b2bbuilder_announcement |
| b2bbuilder_auditing |
| b2bbuilder_brand |
| b2bbuilder_brand_cat |
| b2bbuilder_comment |
| b2bbuilder_contags |
| b2bbuilder_cron |
| b2bbuilder_custom_cat |
| b2bbuilder_custom_service |
| b2bbuilder_defind_1 |
| b2bbuilder_defind_2 |
| b2bbuilder_defind_3 |
| b2bbuilder_defind_4 |
| b2bbuilder_delivery_address |
| b2bbuilder_district |
| b2bbuilder_fast_mail |
| b2bbuilder_feed |
| b2bbuilder_filter_keyword |
| b2bbuilder_logistics_temp |
| b2bbuilder_logistics_temp_con |
| b2bbuilder_mail_mod |
| b2bbuilder_mail_record |
| b2bbuilder_member |
| b2bbuilder_message |
| b2bbuilder_nav_menu |
| b2bbuilder_news |
| b2bbuilder_news_data |
| b2bbuilder_newscat |
| b2bbuilder_page_rec |
| b2bbuilder_page_view |
| b2bbuilder_payment_banks |
| b2bbuilder_payment_card |
| b2bbuilder_payment_cashflow |
| b2bbuilder_payment_cashpickup |
| b2bbuilder_payment_type |
| b2bbuilder_payment_user |
| b2bbuilder_points |
| b2bbuilder_product_cart |
| b2bbuilder_product_cat |
| b2bbuilder_product_comment |
| b2bbuilder_product_delivery |
| b2bbuilder_product_detail |
| b2bbuilder_product_invoice |
| b2bbuilder_product_order |
| b2bbuilder_product_order_pro |
| b2bbuilder_product_report |
| b2bbuilder_product_report_subject |
| b2bbuilder_product_setmeal |
| b2bbuilder_products |
| b2bbuilder_property |
| b2bbuilder_property_value |
| b2bbuilder_reg_vercode |
| b2bbuilder_reserve_username |
| b2bbuilder_return |
| b2bbuilder_return_goods |
| b2bbuilder_search_word |
| b2bbuilder_shipping_address |
| b2bbuilder_shop |
| b2bbuilder_shop_cat |
| b2bbuilder_shop_domin |
| b2bbuilder_shop_earnest |
| b2bbuilder_shop_grade |
| b2bbuilder_shop_link |
| b2bbuilder_shop_navigation |
| b2bbuilder_shop_setting |
| b2bbuilder_shop_template |
| b2bbuilder_site_spread |
| b2bbuilder_sns |
| b2bbuilder_sns_friend |
| b2bbuilder_sns_shareproduct |
| b2bbuilder_sns_shareproduct_info |
| b2bbuilder_sns_shareshop |
| b2bbuilder_stop_ip |
| b2bbuilder_sub_domain |
| b2bbuilder_subscribe |
| b2bbuilder_tags |
| b2bbuilder_talk |
| b2bbuilder_tg |
| b2bbuilder_tg_cat |
| b2bbuilder_tg_order |
| b2bbuilder_user_comment |
| b2bbuilder_user_connected |
| b2bbuilder_user_group |
| b2bbuilder_user_read_rec |
| b2bbuilder_vote |
| b2bbuilder_web_con |
| b2bbuilder_web_con_group |
| b2bbuilder_web_config |
| b2bbuilder_web_link |
+-----------------------------------+


数据表b2bbuilder_admin 的部分内容:

zhuzhan3.png

漏洞证明:

见详细说明

修复方案:

过滤

版权声明:转载请注明来源 xfkxfk@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论

  1. 2013-07-24 09:05 | 猪头子 ( 普通白帽子 | Rank:189 漏洞数:35 | 自信的看着队友rm -rf/tar挂服务器)

    B2Bbuilder安全性好弱的说。。

  2. 2013-07-24 10:45 | xfkxfk 认证白帽子 ( 核心白帽子 | Rank:2179 漏洞数:338 | 呵呵!)

    @猪头子 嗯,注入一堆一堆的,但是没人领。。。