基金安全之万银财富基金主站SQL注入两枚(涉及多个库大量数据)

漏洞概要

缺陷编号:WooYun-2015-0128700

漏洞标题:基金安全之万银财富基金主站SQL注入两枚(涉及多个库大量数据)

相关厂商:万银财富

漏洞作者:ago

提交时间:2015-07-25 18:02

公开时间:2015-09-10 20:38

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签:

漏洞详情

披露状态:

2015-07-25: 细节已通知厂商并且等待厂商处理中
2015-07-27: 厂商已经确认,细节仅向厂商公开
2015-08-06: 细节向核心白帽子及相关领域专家公开
2015-08-16: 细节向普通白帽子公开
2015-08-26: 细节向实习白帽子公开
2015-09-10: 细节向公众公开

简要描述:

详细说明:

漏洞证明:

available databases [8]:[*] information_schema[*] mysql[*] performance_schema[*] wy_blog[*] wy_forum[*] wy_sso[*] wy_www[*] wy_www_bakcurrent user: 'wyread@%'Database: information_schema[37 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || INNODB_CMP || INNODB_CMPMEM || INNODB_CMPMEM_RESET || INNODB_CMP_RESET || INNODB_LOCKS || INNODB_LOCK_WAITS || INNODB_TRX || KEY_COLUMN_USAGE || PARAMETERS || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLESPACES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+Database: mysql[24 tables]+---------------------------+| columns_priv || db || event || func || general_log || help_category || help_keyword || help_relation || help_topic || host || ndb_binlog_index || plugin || proc || procs_priv || proxies_priv || servers || slow_log || tables_priv || time_zone || time_zone_leap_second || time_zone_name || time_zone_transition || time_zone_transition_type || user |+---------------------------++------------------------+| email |+------------------------+| 158156327@**.**.**.** || 282702949@**.**.**.** || 295817785@**.**.**.** || 364522154@**.**.**.** || 784100145@**.**.**.** || 811088370@**.**.**.** || A001@**.**.**.** || banrj@**.**.**.** || caolei@**.**.**.** || chenxi@**.**.**.** || cjq_admin@**.**.**.** || dfsdf@**.**.**.** || fancc@**.**.**.** || fcc@**.**.**.** || fengxy@**.**.**.** || fuhongsheng@**.**.**.** || guanqw@**.**.**.** || guxin@**.**.**.** || handan@**.**.**.** || hl@**.**.**.** || huangsk@**.**.**.** || jianghy@**.**.**.** || kf_admin1@**.**.**.** || libs@**.**.**.** || licw@**.**.**.** || lili@**.**.**.** || liuks@**.**.**.** || liurong@**.**.**.** || liuzy@**.**.**.** || luosj@**.**.**.** || lzr@**.**.**.** || mahaoyu@**.**.**.** || mahy@**.**.**.** || phpcms@**.**.**.** || qiupt@**.**.**.** || qiuyc@**.**.**.** || qiuyc@**.**.**.** || quanyao@**.**.**.** || shisn@**.**.**.** || sudongsheng555@**.**.**.** || sunliang@**.**.**.** || trm_admin@**.**.**.** || wangzh@**.**.**.** || wy@**.**.**.** || wyh@**.**.**.** || xhwy888@**.**.**.** || [email protected]**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin1@**.**.**.** || xhwy_admin2@**.**.**.** || xhwy_admin3@**.**.**.** || xhwy_admin4@**.**.**.** || xhwy_admin5@**.**.**.** || xhwy_admin6@**.**.**.** || xhwy_admin7@**.**.**.** || xhwy_admin8@**.**.**.** || xhwy_admin@**.**.**.** || xuwei@**.**.**.** || zhangwei@**.**.**.** || zhangyj@**.**.**.** || zhaopin@**.**.**.** || zhkp12@**.**.**.** || zhongsl@**.**.**.** || zhongsl@**.**.**.** || zouna@**.**.**.** || zsl@**.**.**.** || zxs_admin@**.**.**.** |+------------------------+Database: wy_www_bak[106 tables]+-----------------------+| v9_admin || v9_admin_panel || v9_admin_role || v9_admin_role_priv || v9_announce || v9_ask_answer || v9_ask_category || v9_ask_comment || v9_ask_question || v9_ask_question_copy || v9_ask_zsask || v9_attachment || v9_attachment_index || v9_badword || v9_block || v9_block_history || v9_block_priv || v9_cache || v9_category || v9_category_priv || v9_collection_content || v9_collection_history || v9_collection_node || v9_collection_program || v9_comment || v9_comment_check || v9_comment_data_1 || v9_comment_setting || v9_comment_table || v9_content_check || v9_copyfrom || v9_datacall || v9_dbsource || v9_download || v9_download_data || v9_downservers || v9_extend_setting || v9_favorite || v9_hits || v9_ipbanned || v9_keylink || v9_link || v9_linkage || v9_log || v9_member || v9_member_detail || v9_member_group || v9_member_menu || v9_member_verify || v9_member_vip || v9_menu || v9_message || v9_message_data || v9_message_group || v9_model || v9_model_field || v9_module || v9_mood || v9_news || v9_news_data || v9_page || v9_pay_account || v9_pay_payment || v9_pay_spend || v9_picture || v9_picture_data || v9_plugin || v9_plugin_var || v9_position || v9_position_data || v9_poster || v9_poster_201301 || v9_poster_201302 || v9_poster_space || v9_queue || v9_release_point || v9_search || v9_search_keyword || v9_session || v9_site || v9_sms_report || v9_special || v9_special_c_data || v9_special_content || v9_sphinx_counter || v9_sso_admin || v9_sso_applications || v9_sso_members || v9_sso_messagequeue || v9_sso_session || v9_sso_settings || v9_tag || v9_template_bak || v9_times || v9_type || v9_urlrule || v9_video || v9_video_content || v9_video_data || v9_video_store || v9_vote_data || v9_vote_option || v9_vote_subject || v9_wap || v9_wap_type || v9_workflow |+-----------------------+

修复方案:

参数过滤

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-07-2720:37

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向证券业信息化主管部门通报,由其后续协调网站管理单位处置.

最新状态:

暂无

评价

  1. 2010-01-01 00:00 抚琴听海 白帽子 | Rank:0 漏洞数:0)

    最近鸡精真的很火