某财金门户分站疑似phppcms二次开发导致用户数据泄露

漏洞概要

缺陷编号:WooYun-2012-011587

漏洞标题:某财金门户分站疑似phppcms二次开发导致用户数据泄露

相关厂商:外汇通

漏洞作者:豆芽

提交时间:2012-08-31 12:46

公开时间:2012-10-15 12:47

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:5

漏洞状态:未联系到厂商或者厂商积极忽略

Tags标签:

漏洞详情

披露状态:

2012-08-31: 积极联系厂商并且等待厂商认领中,细节不对外公开
2012-10-15: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

目测是PHPCMS整站程序的问题,未对提交的字符做过滤,导致注入

详细说明:

Target: http://broker.forex.com.cn/brokerinfo.php?id=13Host IP: 58.83.227.60Web Server: Microsoft-IIS/6.0Powered-by: ASP.NETPowered-by: PHP/5.2.3DB Server: MySQL >=5Current DB: newforexbroker

漏洞证明:

Table found: phpcms_adminTable found: phpcms_admin_roleTable found: phpcms_admin_role_privTable found: phpcms_adsTable found: phpcms_ads_1012Table found: phpcms_ads_placeTable found: phpcms_ads_statTable found: phpcms_announceTable found: phpcms_areaTable found: phpcms_askTable found: phpcms_ask_actorTable found: phpcms_ask_creditTable found: phpcms_ask_postsTable found: phpcms_ask_voteTable found: phpcms_attachmentTable found: phpcms_authorTable found: phpcms_blockTable found: phpcms_broker_activeTable found: phpcms_broker_appTable found: phpcms_broker_brokerTable found: phpcms_broker_platformTable found: phpcms_broker_setuserTable found: phpcms_broker_toupiaoTable found: phpcms_c_downTable found: phpcms_c_infoTable found: phpcms_c_ku6videoTable found: phpcms_c_newsTable found: phpcms_c_pictureTable found: phpcms_c_productTable found: phpcms_c_videoTable found: phpcms_cache_countTable found: phpcms_categoryTable found: phpcms_collectTable found: phpcms_commentTable found: phpcms_contentTable found: phpcms_content_countTable found: phpcms_content_positionTable found: phpcms_content_tagTable found: phpcms_copyfromTable found: phpcms_datasourceTable found: phpcms_diggTable found: phpcms_digg_logTable found: phpcms_editor_dataTable found: phpcms_error_reportTable found: phpcms_formguideTable found: phpcms_formguide_fieldsTable found: phpcms_guestbookTable found: phpcms_hitsTable found: phpcms_ipbannedTable found: phpcms_keylinkTable found: phpcms_keywordTable found: phpcms_linkTable found: phpcms_linkageTable found: phpcms_logTable found: phpcms_mailTable found: phpcms_mail_emailTable found: phpcms_mail_email_typeTable found: phpcms_memberTable found: phpcms_member_cacheTable found: phpcms_member_companyTable found: phpcms_member_detailTable found: phpcms_member_groupTable found: phpcms_member_group_extendTable found: phpcms_member_group_privTable found: phpcms_member_infoTable found: phpcms_menuTable found: phpcms_messageTable found: phpcms_modelTable found: phpcms_model_fieldTable found: phpcms_moduleTable found: phpcms_moodTable found: phpcms_mood_dataTable found: phpcms_orderTable found: phpcms_order_deliverTable found: phpcms_order_logTable found: phpcms_pay_cardTable found: phpcms_pay_exchangeTable found: phpcms_pay_paymentTable found: phpcms_pay_pointcard_typeTable found: phpcms_pay_statTable found: phpcms_pay_user_accountTable found: phpcms_playerTable found: phpcms_positionTable found: phpcms_processTable found: phpcms_process_statusTable found: phpcms_roleTable found: phpcms_searchTable found: phpcms_search_typeTable found: phpcms_sessionTable found: phpcms_spaceTable found: phpcms_space_apiTable found: phpcms_specialTable found: phpcms_special_contentTable found: phpcms_spider_jobTable found: phpcms_spider_sitesTable found: phpcms_spider_urlsTable found: phpcms_statusTable found: phpcms_timesTable found: phpcms_typeTable found: phpcms_urlruleTable found: phpcms_videoTable found: phpcms_video_countTable found: phpcms_video_dataTable found: phpcms_video_positionTable found: phpcms_video_specialTable found: phpcms_video_special_listTable found: phpcms_video_tagTable found: phpcms_vote_dataTable found: phpcms_vote_optionTable found: phpcms_vote_subjectTable found: phpcms_vote_useroptionTable found: phpcms_workflowTable found: phpcms_yp_applyTable found: phpcms_yp_buyTable found: phpcms_yp_certTable found: phpcms_yp_collectTable found: phpcms_yp_countTable found: phpcms_yp_guestbookTable found: phpcms_yp_jobTable found: phpcms_yp_newsTable found: phpcms_yp_productTable found: phpcms_yp_relationTable found: phpcms_yp_statsTable found: phpcms_yp_stockselect count(*) from newforexbroker.phpcms_memberis 14391

修复方案:

过滤参数

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

评价