当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-039763

漏洞标题:专注IDC三十天#欧网科技SQL注入

相关厂商:欧网科技

漏洞作者: m1x7e1

提交时间:2013-10-15 11:19

修复时间:2013-11-29 11:20

公开时间:2013-11-29 11:20

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-10-15: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-11-29: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT

详细说明:

地址:http://www.spdns.com/Host/hostmore.asp?type=1

ouwang_01.png


ouwang_02.png


Database: FreeHost
[72 tables]
+-----------------------------------------------+
| dbo.[FreeHost.FreeHost_Admuser] |
| dbo.[FreeHost.FreeHost_AgentRaR] |
| dbo.[FreeHost.FreeHost_Agent] |
| dbo.[FreeHost.FreeHost_Agent_ALLdomain] |
| dbo.[FreeHost.FreeHost_Agent_domain] |
| dbo.[FreeHost.FreeHost_Agent_pers] |
| dbo.[FreeHost.FreeHost_Agent_price] |
| dbo.[FreeHost.FreeHost_Agent_user_price] |
| dbo.[FreeHost.FreeHost_CDNProductlist] |
| dbo.[FreeHost.FreeHost_CDNProductlist_AGN] |
| dbo.[FreeHost.FreeHost_CDN_analog] |
| dbo.[FreeHost.FreeHost_DomainProductlist] |
| dbo.[FreeHost.FreeHost_DomainProductlist_AGN] |
| dbo.[FreeHost.FreeHost_EmailProductlist] |
| dbo.[FreeHost.FreeHost_EmailProductlist_AGN] |
| dbo.[FreeHost.FreeHost_Fapiao] |
| dbo.[FreeHost.FreeHost_Functionlog] |
| dbo.[FreeHost.FreeHost_HostProductlist] |
| dbo.[FreeHost.FreeHost_HostProductlist_AGN] |
| dbo.[FreeHost.FreeHost_HtmlStyle] |
| dbo.[FreeHost.FreeHost_ICPDB] |
| dbo.[FreeHost.FreeHost_IDCIP] |
| dbo.[FreeHost.FreeHost_IDCJG] |
| dbo.[FreeHost.FreeHost_IDCProductlist] |
| dbo.[FreeHost.FreeHost_IDCProductlist_AGN] |
| dbo.[FreeHost.FreeHost_KeFu] |
| dbo.[FreeHost.FreeHost_Loginlog] |
| dbo.[FreeHost.FreeHost_Moneylog] |
| dbo.[FreeHost.FreeHost_NetCNProductlist] |
| dbo.[FreeHost.FreeHost_NetCNProductlist_AGN] |
| dbo.[FreeHost.FreeHost_Netpay] |
| dbo.[FreeHost.FreeHost_News] |
| dbo.[FreeHost.FreeHost_Order] |
| dbo.[FreeHost.FreeHost_OtherProductlist] |
| dbo.[FreeHost.FreeHost_OtherProductlist_AGN] |
| dbo.[FreeHost.FreeHost_Preopen_Product] |
| dbo.[FreeHost.FreeHost_Product_ALLDNS] |
| dbo.[FreeHost.FreeHost_Product_ALLEmail] |
| dbo.[FreeHost.FreeHost_Product_CDN] |
| dbo.[FreeHost.FreeHost_Product_Domain] |
| dbo.[FreeHost.FreeHost_Product_Email] |
| dbo.[FreeHost.FreeHost_Product_Host] |
| dbo.[FreeHost.FreeHost_Product_Host_IP] |
| dbo.[FreeHost.FreeHost_Product_IDC] |
| dbo.[FreeHost.FreeHost_Product_IDC_repair] |
| dbo.[FreeHost.FreeHost_Product_NetCN] |
| dbo.[FreeHost.FreeHost_Product_Other] |
| dbo.[FreeHost.FreeHost_Product_Sql] |
| dbo.[FreeHost.FreeHost_Product_URLRE] |
| dbo.[FreeHost.FreeHost_Product_VPS] |
| dbo.[FreeHost.FreeHost_Product_VPS_IP] |
| dbo.[FreeHost.FreeHost_ServerBindlist] |
| dbo.[FreeHost.FreeHost_ServerCDNlist] |
| dbo.[FreeHost.FreeHost_ServerDNSlist] |
| dbo.[FreeHost.FreeHost_ServerPORTlist] |
| dbo.[FreeHost.FreeHost_ServerVPSlist] |
| dbo.[FreeHost.FreeHost_Serveremaillist] |
| dbo.[FreeHost.FreeHost_Serverlist] |
| dbo.[FreeHost.FreeHost_Serversqllist] |
| dbo.[FreeHost.FreeHost_SqlProductlist] |
| dbo.[FreeHost.FreeHost_SqlProductlist_AGN] |
| dbo.[FreeHost.FreeHost_System_Info] |
| dbo.[FreeHost.FreeHost_USER] |
| dbo.[FreeHost.FreeHost_VPSProductlist] |
| dbo.[FreeHost.FreeHost_VPSProductlist_AGN] |
| dbo.[FreeHost.FreeHost_online_aws] |
| dbo.[FreeHost.FreeHost_oplog] |
| dbo.[FreeHost.Regicpdomain] |
| dbo.[FreeHost.Taobao] |
| dbo.[FreeHost.oaserver] |
| dbo.[FreeHost.sms_in] |
| dbo.[FreeHost.sms_out] |
+-----------------------------------------------+


漏洞证明:

见详细说明

修复方案:

管理员会修复的。

版权声明:转载请注明来源 m1x7e1@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论