当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-055033

漏洞标题:大河网某子站sql注射漏洞

相关厂商:大河网

漏洞作者: 卡卡

提交时间:2014-04-01 10:42

修复时间:2014-04-06 10:42

公开时间:2014-04-06 10:42

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-04-01: 细节已通知厂商并且等待厂商处理中
2014-04-06: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

混个脸熟,别打脸~~

详细说明:

问题出现在http://book.dahe.cn
漏洞链接:

http://book.dahe.cn/book/content.asp?id=19


很明显的一处sql注射漏洞,参数IP未作防护,还是Oracle的库,有钱啊!

oracle.png


库:

[*] APEX_030200
[*] APPQOSSYS
[*] CTXSYS
[*] DBSNMP
[*] DHSL
[*] EXFSYS
[*] FLOWS_FILES
[*] MDSYS
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TONGSHU
[*] WMSYS
[*] XDB


当前库为DHSL
表:

Database: DHSL
[41 tables]
+-----------------------+
| DIMING                |
| DV_ASS                |
| DV_BAOZHANG           |
| DV_CART               |
| DV_FAVORITE           |
| DV_ORDER              |
| DV_ORDERITEM          |
| DV_PIC                |
| DV_PINDAO             |
| DV_TOP                |
| DV_TOP_ITEM           |
| DV_USER               |
| DV_USER_ORDERADDRESS  |
| ERP_BASE              |
| ERP_CBS               |
| ERP_FS                |
| ERP_HOT_KEY           |
| ERP_NEW_LB            |
| ERP_WEB_LB            |
| IMP_TEMP              |
| PLAN_TABLE            |
| WEB_BAOZHANG          |
| WEB_BOOK              |
| WEB_CXDJ              |
| WEB_DAXL              |
| WEB_DEL_DATA          |
| WEB_HISTORY_BAND      |
| WEB_HISTORY_BAND_ITEM |
| WEB_HISTORY_YEAR_BAND |
| WEB_LANMU             |
| WEB_LANMU_ITEM        |
| WEB_MRT               |
| WEB_MRT_ITEM          |
| WEB_NEWS              |
| WEB_PIC               |
| WEB_PRICE             |
| WEB_PRICE1            |
| WEB_PRICE_ITEM        |
| WEB_TOP               |
| WEB_TOP_ITEM          |
| WEB_TRANSPORT         |
+-----------------------+


还可以跨库的,亲~~
只是检测,并未继续深入!

漏洞证明:

oracle.png


库:

[*] APEX_030200
[*] APPQOSSYS
[*] CTXSYS
[*] DBSNMP
[*] DHSL
[*] EXFSYS
[*] FLOWS_FILES
[*] MDSYS
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TONGSHU
[*] WMSYS
[*] XDB


当前库为DHSL
表:

Database: DHSL
[41 tables]
+-----------------------+
| DIMING                |
| DV_ASS                |
| DV_BAOZHANG           |
| DV_CART               |
| DV_FAVORITE           |
| DV_ORDER              |
| DV_ORDERITEM          |
| DV_PIC                |
| DV_PINDAO             |
| DV_TOP                |
| DV_TOP_ITEM           |
| DV_USER               |
| DV_USER_ORDERADDRESS  |
| ERP_BASE              |
| ERP_CBS               |
| ERP_FS                |
| ERP_HOT_KEY           |
| ERP_NEW_LB            |
| ERP_WEB_LB            |
| IMP_TEMP              |
| PLAN_TABLE            |
| WEB_BAOZHANG          |
| WEB_BOOK              |
| WEB_CXDJ              |
| WEB_DAXL              |
| WEB_DEL_DATA          |
| WEB_HISTORY_BAND      |
| WEB_HISTORY_BAND_ITEM |
| WEB_HISTORY_YEAR_BAND |
| WEB_LANMU             |
| WEB_LANMU_ITEM        |
| WEB_MRT               |
| WEB_MRT_ITEM          |
| WEB_NEWS              |
| WEB_PIC               |
| WEB_PRICE             |
| WEB_PRICE1            |
| WEB_PRICE_ITEM        |
| WEB_TOP               |
| WEB_TOP_ITEM          |
| WEB_TRANSPORT         |
+-----------------------+


修复方案:

添加过滤语句或增加waf设备!

版权声明:转载请注明来源 卡卡@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-04-06 10:42

厂商回复:

最新状态:

暂无

漏洞评价:

评论