漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0132097
漏洞标题:同花顺多个域名SQL注入(涉及94个数据库含各种内部系统管理账户等)
相关厂商:同花顺
漏洞作者: 管管侠
提交时间:2015-08-06 13:48
修复时间:2015-09-25 09:00
公开时间:2015-09-25 09:00
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-08-06: 细节已通知厂商并且等待厂商处理中
2015-08-11: 厂商已经确认,细节仅向厂商公开
2015-08-21: 细节向核心白帽子及相关领域专家公开
2015-08-31: 细节向普通白帽子公开
2015-09-10: 细节向实习白帽子公开
2015-09-25: 细节向公众公开
简要描述:
@@
忽略漏洞的厂商不是好厂商,快来确认
详细说明:
http://search.10jqka.com.cn/diag/concept-detail?conceptId=300433
https://220.189.211.10/diag/concept-detail?conceptId=300433
http://s.10jqka.com.cn/diag/concept-detail?conceptId=300920
漏洞证明:
available databases [94]:
[*] `new-web`
[*] ad_admin
[*] advertising
[*] assess_queryresult
[*] bin_log
[*] bugfree2
[*] bugfree_test
[*] cakephp
[*] channels_opeator_log
[*] chunkquery
[*] crawl_bug
[*] crawl_users
[*] crawler_admin
[*] dagudong
[*] data_operation_bak0608
[*] department_structrue
[*] diagnosis_stock
[*] domain_admin_bak0608
[*] dwiki
[*] ecshop
[*] entry_admin_bak
[*] external_admin_bak0608
[*] file_config
[*] finance
[*] fortest
[*] GMonitor
[*] hexinwikidb
[*] info_stockpick
[*] information_schema
[*] inputQuery_Sample
[*] khxt
[*] knowledge
[*] manage_admin
[*] messagepage_stock
[*] mysql
[*] new_crawler
[*] new_schema
[*] news
[*] newssurface_stockpick
[*] onlinelog
[*] ontology_users
[*] op_webstockpick
[*] organization
[*] other_admin
[*] people
[*] personnel
[*] phrase
[*] phrase_20140505
[*] phrase_bak
[*] POMonitor_bak0608
[*] port_admin
[*] port_users
[*] protege
[*] protege_st
[*] query_chunk_bak0608
[*] queryChunk
[*] queryChunk_bak
[*] queryChunk_bak20130516
[*] queryChunk_bak20130517
[*] queryChunk_bak20130521
[*] relations_crawler
[*] relations_library
[*] report
[*] research
[*] sample_webstockpick
[*] search_adjust
[*] search_admin
[*] search_admin_test
[*] search_bug
[*] search_Intervention0628
[*] snap_admin
[*] stat_log
[*] stock
[*] stockpick_test
[*] suyuan
[*] syntax_cn
[*] team_works
[*] teamusers
[*] test
[*] test_label
[*] test_master_slave
[*] test_wikidb
[*] test_zfmanagerelease
[*] thsnews
[*] trace_study
[*] users
[*] usersurvey
[*] vitrodb
[*] web_admin
[*] web_stockpick
[*] wikidb
[*] yii_app
[*] zhaopin_bak0608
[*] zjhadmin
修复方案:
@@
版权声明:转载请注明来源 管管侠@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:8
确认时间:2015-08-11 08:59
厂商回复:
已开始修复,谢谢。
最新状态:
暂无