当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-031909

漏洞标题:B2Bbuilder官网SQL注入漏洞(可拖库)

相关厂商:B2Bbuilder

漏洞作者: xfkxfk

提交时间:2013-07-23 10:30

修复时间:2013-09-06 10:31

公开时间:2013-09-06 10:31

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-07-23: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-09-06: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

B2Bbuilder官网SQL注入漏洞(可拖库)
还有报路径啊

详细说明:

存在注入的url:

http://www.b2b-builder.com/announcement.php?id=30


报绝对路径漏洞:

zhuzhan1.png


官网主站的数据库:

zhuzhan2.png


数据库demomallcn的数据表:

Database: demomallcn
[97 tables]
+-----------------------------------+
| b2bbuilder_activity               |
| b2bbuilder_activity_product_list  |
| b2bbuilder_admin                  |
| b2bbuilder_admin_group            |
| b2bbuilder_admin_operation_log    |
| b2bbuilder_advs                   |
| b2bbuilder_advs_con               |
| b2bbuilder_album                  |
| b2bbuilder_announcement           |
| b2bbuilder_auditing               |
| b2bbuilder_brand                  |
| b2bbuilder_brand_cat              |
| b2bbuilder_comment                |
| b2bbuilder_contags                |
| b2bbuilder_cron                   |
| b2bbuilder_custom_cat             |
| b2bbuilder_custom_service         |
| b2bbuilder_defind_1               |
| b2bbuilder_defind_2               |
| b2bbuilder_defind_3               |
| b2bbuilder_defind_4               |
| b2bbuilder_delivery_address       |
| b2bbuilder_district               |
| b2bbuilder_fast_mail              |
| b2bbuilder_feed                   |
| b2bbuilder_filter_keyword         |
| b2bbuilder_logistics_temp         |
| b2bbuilder_logistics_temp_con     |
| b2bbuilder_mail_mod               |
| b2bbuilder_mail_record            |
| b2bbuilder_member                 |
| b2bbuilder_message                |
| b2bbuilder_nav_menu               |
| b2bbuilder_news                   |
| b2bbuilder_news_data              |
| b2bbuilder_newscat                |
| b2bbuilder_page_rec               |
| b2bbuilder_page_view              |
| b2bbuilder_payment_banks          |
| b2bbuilder_payment_card           |
| b2bbuilder_payment_cashflow       |
| b2bbuilder_payment_cashpickup     |
| b2bbuilder_payment_type           |
| b2bbuilder_payment_user           |
| b2bbuilder_points                 |
| b2bbuilder_product_cart           |
| b2bbuilder_product_cat            |
| b2bbuilder_product_comment        |
| b2bbuilder_product_delivery       |
| b2bbuilder_product_detail         |
| b2bbuilder_product_invoice        |
| b2bbuilder_product_order          |
| b2bbuilder_product_order_pro      |
| b2bbuilder_product_report         |
| b2bbuilder_product_report_subject |
| b2bbuilder_product_setmeal        |
| b2bbuilder_products               |
| b2bbuilder_property               |
| b2bbuilder_property_value         |
| b2bbuilder_reg_vercode            |
| b2bbuilder_reserve_username       |
| b2bbuilder_return                 |
| b2bbuilder_return_goods           |
| b2bbuilder_search_word            |
| b2bbuilder_shipping_address       |
| b2bbuilder_shop                   |
| b2bbuilder_shop_cat               |
| b2bbuilder_shop_domin             |
| b2bbuilder_shop_earnest           |
| b2bbuilder_shop_grade             |
| b2bbuilder_shop_link              |
| b2bbuilder_shop_navigation        |
| b2bbuilder_shop_setting           |
| b2bbuilder_shop_template          |
| b2bbuilder_site_spread            |
| b2bbuilder_sns                    |
| b2bbuilder_sns_friend             |
| b2bbuilder_sns_shareproduct       |
| b2bbuilder_sns_shareproduct_info  |
| b2bbuilder_sns_shareshop          |
| b2bbuilder_stop_ip                |
| b2bbuilder_sub_domain             |
| b2bbuilder_subscribe              |
| b2bbuilder_tags                   |
| b2bbuilder_talk                   |
| b2bbuilder_tg                     |
| b2bbuilder_tg_cat                 |
| b2bbuilder_tg_order               |
| b2bbuilder_user_comment           |
| b2bbuilder_user_connected         |
| b2bbuilder_user_group             |
| b2bbuilder_user_read_rec          |
| b2bbuilder_vote                   |
| b2bbuilder_web_con                |
| b2bbuilder_web_con_group          |
| b2bbuilder_web_config             |
| b2bbuilder_web_link               |
+-----------------------------------+


数据表b2bbuilder_admin 的部分内容:

zhuzhan3.png

漏洞证明:

见详细说明

修复方案:

过滤

版权声明:转载请注明来源 xfkxfk@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞评价:

评论

  1. 2013-07-24 09:05 | 猪头子 ( 普通白帽子 | Rank:189 漏洞数:35 | 自信的看着队友rm -rf/tar挂服务器)

    B2Bbuilder安全性好弱的说。。

  2. 2013-07-24 10:45 | xfkxfk 认证白帽子 ( 核心白帽子 | Rank:2179 漏洞数:338 | 呵呵!)

    @猪头子 嗯,注入一堆一堆的,但是没人领。。。