当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0148028

漏洞标题:Midifan主站SQL注入漏洞11万用户数据泄露

相关厂商:midifan.com

漏洞作者: Yenkn

提交时间:2015-10-20 14:58

修复时间:2015-10-26 14:54

公开时间:2015-10-26 14:54

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-20: 细节已通知厂商并且等待厂商处理中
2015-10-20: 厂商已经确认,细节仅向厂商公开
2015-10-26: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

Midifan主站SQL注入漏洞

详细说明:

整个站点存在很严重的注入漏洞,没有任何过滤,直接可以脱数据,但是因为不是root权限,所以没有进行下一步渗透。

QQ截图20151020133540.png


QQ截图20151020133404.png


可以直接爆目录

QQ截图20151020133721.png

漏洞证明:

+-----------------------------------+
| admin_allow                       |
| admin_login                       |
| admin_session                     |
| bbs_attachment                    |
| bbs_forum                         |
| bbs_medal                         |
| bbs_moderator                     |
| bbs_operationlog                  |
| bbs_poll                          |
| bbs_poll_option                   |
| bbs_poll_user                     |
| bbs_post                          |
| bbs_post_field                    |
| bbs_post_reply                    |
| bbs_rate                          |
| bbs_report                        |
| bbs_rule                          |
| bbs_thread                        |
| bbs_thread_digest                 |
| bbs_thread_displayorder           |
| bbs_threadaudit                   |
| bbs_threadindex                   |
| bbs_threadtype                    |
| c_list                            |
| download_att                      |
| download_mgz                      |
| gkp_Module_Comment                |
| gkp_Module_Hardwares              |
| gkp_Module_News                   |
| gkp_Module_Secondhands            |
| gkp_Module_Softwares              |
| gkp_Module_TechArticles           |
| gkp_etao                          |
| gkp_etao_shop                     |
| k_list                            |
| magazine                          |
| midifan_ios                       |
| module_ad                         |
| module_articleproduct             |
| module_author                     |
| module_categories                 |
| module_comment                    |
| module_hardwarepictures           |
| module_hardwares                  |
| module_hardwaretypes              |
| module_index_hot                  |
| module_multilevelcategories       |
| module_multilevelcategories_types |
| module_news                       |
| module_newsproduct                |
| module_newstype                   |
| module_producttype                |
| module_question                   |
| module_questionanswer             |
| module_questioncategory           |
| module_questionuser               |
| module_resourcerelates            |
| module_resources                  |
| module_secondhands                |
| module_softwarepictures           |
| module_softwares                  |
| module_softwarestype              |
| module_special                    |
| module_studio                     |
| module_techarticles               |
| my_album                          |
| my_blog                           |
| my_blogcategory                   |
| my_blogreply                      |
| my_domain                         |
| my_favorite                       |
| my_feed                           |
| my_feed_own                       |
| my_feed_uid                       |
| my_friend                         |
| my_friendrequest                  |
| my_guestbook                      |
| my_hello                          |
| my_imagereply                     |
| my_mood                           |
| my_pm                             |
| my_userfavor                      |
| my_visitor                        |
| p_list                            |
| pk_ding_history                   |
| saturday_meeting                  |
| www_address                       |
| www_announcement                  |
| www_friendlink                    |
| www_group                         |
| www_guestbook                     |
| www_guestbook_reply               |
| www_html                          |
| www_image                         |
| www_keyword                       |
| www_news                          |
| www_newsclass                     |
| www_newsimage                     |
| www_online                        |
| www_session                       |
| www_setting                       |
| www_stats                         |
| www_stats_mod_history             |
| www_user                          |
| www_user_627                      |
| www_user_event                    |
| www_userfield                     |
| www_userfield2                    |
| www_userfield_627                 |
| www_usermedal                     |
| www_userpriv                      |
+-----------------------------------+
uid,city,bday,regip,email,bday_y,bday_d,gender,bday_m,country,privacy,province,username,homecity,password,realname,attachsum,userfield2,homecountry,homeprovince
1,0,0,0,<blank>,0,0,0,0,0,0,0,admin,0,5f8be9a2a8462f9d0c67fbc192d09aa7,<blank>,0,1,0,0
112380,0,0,0,hongfu.rao@gmail.com,0,0,0,0,0,0,0,rhf,0,6b86cd032e0f9c53906d0bfff04746d4,zzh,0,0,0,0
112381,0,0,0,@126.com,0,0,0,0,0,0,0,ppppp,0,a7c471cfd3c42dc6d6a8552ac2c0a22c,ppppp,0,0,0,0
112382,0,0,0,@163.com,0,0,0,0,0,0,0,bloom,0,9ab83df76233f157a4ee623ca704355c,bloom,0,0,0,0
112383,0,0,0,@cyttao0617.sina,0,0,0,0,0,0,0,,0,b694a0631f857d404e0d3a7eae74594b,,0,0,0,0
112384,0,0,0,@hotmail.com,0,0,0,0,0,0,0,fly_dream,0,c32d98d9a21c636ddddfedcb12e2d754,fly_dream,0,0,0,0
112385,0,0,0,@www.dk,0,0,0,0,0,0,0,dk,0,6b988428eec2ae2aff776956bfa703b1,dk,0,0,0,0
112386,0,0,0,_dong@163.com,0,0,0,0,0,0,0,_dong,0,f37787215852726d2f0ede9b5c6bb0f7,_dong,0,0,0,0
112387,0,0,0,_panfeng_@163.com,0,0,0,0,0,0,0,midipf,0,2989a70b9268247cb5dec2586907095f,midipf,0,0,0,0
112388,0,0,0,0,0,0,0,0,0,0,0,LIUYING,0,e10adc3949ba59abbe56e057f20f883e,liuying,0,0,0,0

修复方案:

过滤

版权声明:转载请注明来源 Yenkn@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-10-20 22:43

厂商回复:

感谢发现漏洞,正在积极修复

最新状态:

2015-10-26:已经修复

漏洞评价:

评论