漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2016-0190112
漏洞标题:webpower多处发现sql注入
相关厂商:webpower
漏洞作者: 唐小风
提交时间:2016-03-28 18:25
修复时间:2016-03-29 10:27
公开时间:2016-03-29 10:27
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:厂商已经修复
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2016-03-28: 细节已通知厂商并且等待厂商处理中
2016-03-29: 厂商已经确认,细节仅向厂商公开
2016-03-29: 厂商已经修复漏洞并主动公开,细节向公众公开
简要描述:
发现好几个注入点 !!! 讲道理 。.。# 给个激活码吧 !!
详细说明:
漏洞证明:
[18:13:19] [INFO] testing MySQL
[18:13:20] [INFO] confirming MySQL
[18:13:20] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.3.3, Apache
back-end DBMS: MySQL >= 5.0.0
[18:13:20] [INFO] fetching database names
[18:13:20] [INFO] fetching tables for databases: 'wp-e-sight-en, wp-e-sight, wp_e-home, wp_tl-group, information_schema, k11_birthday, k11_optin, ktest, mysql, phpmyadmin, site_xbox, task, ued_wiki, webpower_website, wechat_site, wp_faq, wp_task, wp_webpowerasia, wp_website'
Database: wp_task
[11 tables]
+---------------------------------------+
| task_address |
| task_coding_add |
| task_coding_type |
| task_industry |
| task_list |
| task_login_log |
| task_modify |
| task_tag |
| task_type |
| task_upload |
| task_user |
+---------------------------------------+
Database: phpmyadmin
[12 tables]
+---------------------------------------+
| pma_bookmark |
| pma_column_info |
| pma_designer_coords |
| pma_history |
| pma_pdf_pages |
| pma_recent |
| pma_relation |
| pma_table_coords |
| pma_table_info |
| pma_table_uiprefs |
| pma_tracking |
| pma_userconfig |
+---------------------------------------+
Database: wp_e-home
[14 tables]
+---------------------------------------+
| manage_about |
| manage_admin |
| manage_admin_log |
| manage_banner |
| manage_config |
| manage_h_banner |
| manage_jobs |
| manage_link |
| manage_news |
| manage_partner |
| manage_product |
| manage_subscribe |
| manage_video |
| partner_category |
+---------------------------------------+
Database: k11_optin
[4 tables]
+---------------------------------------+
| manage_admin |
| manage_admin_log |
| manage_config |
| manage_signup |
+---------------------------------------+
Database: ktest
[12 tables]
+---------------------------------------+
| manage_about |
| manage_aboutus |
| manage_admin |
| manage_admin_log |
| manage_case |
| manage_city |
| manage_config |
| manage_homepic |
| manage_human |
| manage_league |
| manage_news |
| manage_pichome |
+---------------------------------------+
Database: wp-e-sight
[19 tables]
+---------------------------------------+
| wp_bold_magazine_layout |
| wp_bold_magazine_layout_position |
| wp_bold_magazine_setting |
| wp_bold_magazine_shortcode |
| wp_bold_magazine_shortcode_wrap |
| wp_bold_magazine_sidebar |
| wp_bold_magazine_sidebar_position |
| wp_bold_magazine_template_hierarchy |
| wp_commentmeta |
| wp_comments |
| wp_links |
| wp_options |
| wp_postmeta |
| wp_posts |
| wp_term_relationships |
| wp_term_taxonomy |
| wp_terms |
| wp_usermeta |
| wp_users |
+---------------------------------------+
Database: wechat_site
[12 tables]
+---------------------------------------+
| industry_category |
| manage_about |
| manage_admin |
| manage_admin_log |
| manage_banner |
| manage_config |
| manage_event |
| manage_ibanner |
| manage_industry |
| manage_news |
| manage_signup |
| news_category |
+---------------------------------------+
Database: wp-e-sight-en
[19 tables]
+---------------------------------------+
| wp_bold_magazine_layout |
| wp_bold_magazine_layout_position |
| wp_bold_magazine_setting |
| wp_bold_magazine_shortcode |
| wp_bold_magazine_shortcode_wrap |
| wp_bold_magazine_sidebar |
| wp_bold_magazine_sidebar_position |
| wp_bold_magazine_template_hierarchy |
| wp_commentmeta |
| wp_comments |
| wp_links |
| wp_options |
| wp_postmeta |
| wp_posts |
| wp_term_relationships |
| wp_term_taxonomy |
| wp_terms |
| wp_usermeta |
| wp_users |
+---------------------------------------+
Database: wp_website
[16 tables]
+---------------------------------------+
| cases_category |
| customer_category |
| manage_about |
| manage_admin |
| manage_admin_log |
| manage_apply |
| manage_cases |
| manage_config |
| manage_customer |
| manage_event |
| manage_links |
| manage_mt |
| manage_news |
| manage_post |
| post_category |
| tag_category |
+---------------------------------------+
Database: site_xbox
[4 tables]
+---------------------------------------+
| manage_admin |
| manage_admin_log |
| manage_config |
| manage_order |
+---------------------------------------+
Database: webpower_website
[24 tables]
+---------------------------------------+
| classicalcourse_feedback |
| contact_feedback |
| manage_about |
| manage_admin |
| manage_admin_log |
| manage_config |
| manage_event |
| manage_salon |
| manage_ssalon |
| manage_ssalonuser |
| manage_talk |
| manage_talkuser |
| media_feedback |
| wp_class |
| wp_client |
| wp_faq |
| wp_glossary |
| wp_links |
| wp_news |
| wp_service |
| wp_solve |
| wp_subscribe |
| wp_trydmdelivery |
| wp_whitepapers |
+---------------------------------------+
Database: wp_webpowerasia
[16 tables]
+---------------------------------------+
| cases_category |
| customer_category |
| manage_about |
| manage_admin |
| manage_admin_log |
| manage_apply |
| manage_cases |
| manage_config |
| manage_customer |
| manage_event |
| manage_links |
| manage_mt |
| manage_news |
| manage_post |
| post_category |
| tag_category |
+---------------------------------------+
Database: task
[11 tables]
+---------------------------------------+
| task_address |
| task_coding_add |
| task_coding_type |
| task_industry |
| task_list |
| task_login_log |
| task_modify |
| task_tag |
| task_type |
| task_upload |
| task_user |
+---------------------------------------+
Database: wp_faq
[7 tables]
+---------------------------------------+
| manage_about |
| manage_admin |
| manage_admin_log |
| manage_config |
| manage_news |
| manage_signup |
| news_category |
+---------------------------------------+
Database: mysql
[23 tables]
+---------------------------------------+
| user |
| columns_priv |
| db |
| event |
| func |
| general_log |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| host |
| ndb_binlog_index |
| plugin |
| proc |
| procs_priv |
| servers |
| slow_log |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
+---------------------------------------+
Database: wp_tl-group
[11 tables]
+---------------------------------------+
| jobs_category |
| manage_about |
| manage_admin |
| manage_admin_log |
| manage_banner |
| manage_config |
| manage_feedback |
| manage_jobs |
| manage_news |
| manage_subscribe |
| manage_teambanner |
+---------------------------------------+
Database: k11_birthday
[5 tables]
+---------------------------------------+
| manage_admin |
| manage_admin_log |
| manage_config |
| manage_list |
| manage_phone |
+---------------------------------------+
Database: ued_wiki
[49 tables]
+---------------------------------------+
| ued_archive |
| ued_category |
| ued_categorylinks |
| ued_change_tag |
| ued_externallinks |
| ued_filearchive |
| ued_image |
| ued_imagelinks |
| ued_interwiki |
| ued_ipblocks |
| ued_iwlinks |
| ued_job |
| ued_l10n_cache |
| ued_langlinks |
| ued_log_search |
| ued_logging |
| ued_module_deps |
| ued_msg_resource |
| ued_msg_resource_links |
| ued_objectcache |
| ued_oldimage |
| ued_page |
| ued_page_props |
| ued_page_restrictions |
| ued_pagelinks |
| ued_protected_titles |
| ued_querycache |
| ued_querycache_info |
| ued_querycachetwo |
| ued_recentchanges |
| ued_redirect |
| ued_revision |
| ued_searchindex |
| ued_site_identifiers |
| ued_site_stats |
| ued_sites |
| ued_tag_summary |
| ued_templatelinks |
| ued_text |
| ued_transcache |
| ued_updatelog |
| ued_uploadstash |
| ued_user |
| ued_user_former_groups |
| ued_user_groups |
| ued_user_newtalk |
| ued_user_properties |
| ued_valid_tag |
| ued_watchlist |
+---------------------------------------+
Database: information_schema
[28 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| GLOBAL_STATUS |
| GLOBAL_VARIABLES |
| KEY_COLUMN_USAGE |
| PARTITIONS |
| PLUGINS |
| PROCESSLIST |
| PROFILING |
| REFERENTIAL_CONSTRAINTS |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| SESSION_STATUS |
| SESSION_VARIABLES |
| STATISTICS |
| TABLES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
修复方案:
过滤
版权声明:转载请注明来源 唐小风@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:5
确认时间:2016-03-29 10:26
厂商回复:
已确认,并修复
最新状态:
2016-03-29:已修复