漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0145806
漏洞标题:中软某站sql注入
相关厂商:中国软件与技术服务股份有限公司
漏洞作者: 流氓诺言
提交时间:2015-10-10 16:32
修复时间:2015-11-24 16:34
公开时间:2015-11-24 16:34
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:7
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-10-10: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-11-24: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
rt
详细说明:
中国软件软件商城某处sql注入
漏洞证明:
web application technology: Apache 2.4.12,
back-end DBMS: MySQL 5.0
[16:13:58] [INFO] fetching database names
[16:13:58] [INFO] the SQL query used return
[16:13:58] [INFO] resumed: information_sche
[16:13:58] [INFO] resumed: ec_shop
[16:13:58] [INFO] resumed: mysql
[16:13:58] [INFO] resumed: test
[16:13:58] [INFO] fetching tables for datab
[16:13:58] [INFO] the SQL query used return
Database: ec_shop
[88 tables]
+---------------------------------------+
| ecs_account_log |
| ecs_ad |
| ecs_ad_custom |
| ecs_ad_position |
| ecs_admin_action |
| ecs_admin_log |
| ecs_admin_message |
| ecs_admin_user |
| ecs_adsense |
| ecs_affiliate_log |
| ecs_agency |
| ecs_area_region |
| ecs_article |
| ecs_article_cat |
| ecs_attribute |
| ecs_auction_log |
| ecs_auto_manage |
| ecs_back_goods |
| ecs_back_order |
| ecs_bonus_type |
| ecs_booking_goods |
| ecs_brand |
| ecs_card |
| ecs_cart |
| ecs_cat_recommend |
| ecs_category |
| ecs_collect_goods |
| ecs_comment |
| ecs_crons |
| ecs_delivery_goods |
| ecs_delivery_order |
| ecs_email_list |
| ecs_email_sendlist |
| ecs_error_log |
| ecs_exchange_goods |
| ecs_favourable_activity |
| ecs_feedback |
| ecs_friend_link |
| ecs_goods |
| ecs_goods_activity |
| ecs_goods_article |
| ecs_goods_attr |
| ecs_goods_cat |
| ecs_goods_gallery |
| ecs_goods_type |
| ecs_group_goods |
| ecs_keywords |
| ecs_link_goods |
| ecs_mail_templates |
| ecs_member_price |
| ecs_nav |
| ecs_order_action |
| ecs_order_goods |
| ecs_order_info |
| ecs_pack |
| ecs_package_goods |
| ecs_pay_log |
| ecs_payment |
| ecs_plugins |
| ecs_products |
| ecs_reg_extend_info |
| ecs_reg_fields |
| ecs_region |
| ecs_role |
| ecs_searchengine |
| ecs_sessions |
| ecs_sessions_data |
| ecs_shipping |
| ecs_shipping_area |
| ecs_shop_config |
| ecs_snatch_log |
| ecs_stats |
| ecs_suppliers |
| ecs_tag |
| ecs_template |
| ecs_topic |
| ecs_user_account |
| ecs_user_address |
| ecs_user_bonus |
| ecs_user_feed |
| ecs_user_rank |
| ecs_users |
| ecs_virtual_card |
| ecs_volume_price |
| ecs_vote |
| ecs_vote_log |
| ecs_vote_option |
| ecs_wholesale |
+---------------------------------------+
Database: information_schema
[28 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| GLOBAL_STATUS |
| GLOBAL_VARIABLES |
| KEY_COLUMN_USAGE |
| PARTITIONS |
| PLUGINS |
| PROCESSLIST |
| PROFILING |
| REFERENTIAL_CONSTRAINTS |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| SESSION_STATUS |
| SESSION_VARIABLES |
| STATISTICS |
| TABLES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
Database: mysql
[23 tables]
+---------------------------------------+
| user |
| columns_priv |
| db |
| event |
| func |
| general_log |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| host |
| ndb_binlog_index |
| plugin |
| proc |
| procs_priv |
| servers |
| slow_log |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
+---------------------------------------+
修复方案:
过滤或者升级
版权声明:转载请注明来源 流氓诺言@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝