漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0136826
漏洞标题:芒果网某站存在SQL注入漏洞之一(布尔型盲注)
相关厂商:芒果网
漏洞作者: Xmyth_夏洛克
提交时间:2015-08-25 14:12
修复时间:2015-08-30 14:14
公开时间:2015-08-30 14:14
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-08-25: 细节已通知厂商并且等待厂商处理中
2015-08-30: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
23333
详细说明:
芒果网某分站在线订机票系统存在注入页面:
bj.mangocity.com/visa/online.jsp
存在注入的参数
抓到POST包
放入sqlmap跑
start_day存在注入点,是布尔型盲注
漏洞证明:
涉及数据库3个:
161个表
Database: ut7
[161 tables]
+---------------------------+
| account_info |
| call_post_set |
| comments |
| comments_reply |
| crm_info |
| dev_data_fields |
| dev_data_table |
| dev_input_field |
| dev_page_input |
| dev_template |
| fm_parameter |
| fm_parameter_set |
| fm_receivables_payables |
| g_accessory |
| g_fm_accounting |
| g_fm_advertisement |
| g_fm_inspect |
| g_fm_person_brokerage |
| g_sign_state |
| gather_document |
| gl_season_destination |
| gl_strategy |
| gl_strategy_page_block |
| hc_train_info |
| high_custom |
| hk_airlines_info |
| hk_flight_info |
| hk_models |
| hotel_basic_info |
| hotel_photo |
| hotel_price_info |
| hotel_room_info |
| income_expenses_single |
| insurance_company |
| insurance_info |
| jd_facility |
| jd_group_info |
| jd_hotel_info |
| jd_photo |
| jd_room_info |
| l_photo |
| member_log |
| mobile_web_page_block |
| monthly_balance |
| oa_appliance |
| oa_leave |
| oa_notice |
| oa_purchase |
| oa_purchase_log |
| oa_report_annul |
| oa_report_annul_log |
| oa_supplier |
| oa_userget |
| old_order |
| online_ask |
| optional_order |
| order_basic_info |
| order_checkseat |
| order_doc |
| order_file |
| order_finance_statistics |
| order_gathering |
| order_insurance |
| order_invoice |
| order_other_cost |
| order_outteam |
| order_pay |
| order_pay_log |
| order_pledge |
| order_reality_data |
| order_refund |
| order_remark |
| order_supplier |
| order_visit |
| order_visit_log |
| os_accessory_file |
| os_city |
| os_company |
| os_country |
| os_data_source |
| os_fileup |
| os_function |
| os_g_destination |
| os_g_trip_type |
| os_help |
| os_log |
| os_login_user |
| os_module |
| os_order |
| os_photo |
| os_province |
| os_suggest |
| os_system |
| pay_order |
| personal_quick |
| phone_to_callcenter |
| qc_car_info |
| qc_group_info |
| reg_member |
| reg_tables |
| remit_info |
| reply_question |
| scenic_info |
| scenic_photo |
| self_expense |
| set_of_book |
| sign_contract |
| sms_date |
| sms_log |
| sms_port |
| sort_table |
| strategy_article |
| strategy_aspect_info |
| strategy_destination_info |
| strategy_photo |
| strategy_web_column |
| system_seting |
| system_variable |
| t_ad |
| t_admin |
| t_article |
| t_base_trans |
| t_category |
| t_commen |
| t_gather |
| t_gatherhis |
| t_keywords |
| t_label |
| t_role |
| t_source |
| t_special |
| t_template |
| t_vote |
| t_voteitem |
| t_web_seting |
| tour_aspect |
| tour_basic_info |
| tour_basic_info_order |
| tour_destination |
| tour_price_info |
| tour_price_info_order |
| tour_schedule_info |
| tour_shoping |
| tour_stard_info |
| tour_time |
| trip_type |
| user_department |
| user_msg |
| visa_basic_info |
| visa_reservation |
| visa_test |
| visitor_list |
| web_article |
| web_column |
| web_custom |
| web_email_subscriptions |
| web_error_page |
| web_friendly_link |
| web_page_block |
| web_set_tour_aspect |
| web_set_tour_destination |
+---------------------------+
修复方案:
过滤
版权声明:转载请注明来源 Xmyth_夏洛克@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2015-08-30 14:14
厂商回复:
漏洞Rank:15 (WooYun评价)
最新状态:
暂无