当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-091406

漏洞标题:卖座网主站一处MySQL注射(支持union)

相关厂商:maizuo.com

漏洞作者: lijiejie

提交时间:2015-01-12 16:19

修复时间:2015-02-26 16:20

公开时间:2015-02-26 16:20

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:14

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-01-12: 细节已通知厂商并且等待厂商处理中
2015-01-13: 厂商已经确认,细节仅向厂商公开
2015-01-23: 细节向核心白帽子及相关领域专家公开
2015-02-02: 细节向普通白帽子公开
2015-02-12: 细节向实习白帽子公开
2015-02-26: 细节向公众公开

简要描述:

卖座网主站一处MySQL注射(支持union)

详细说明:

注入点: 

http://www.maizuo.com/zt/index.htm?id=279


参数id可注入。MySQL,支持union.

漏洞证明:

该站点访问过快会被临时屏蔽,But,发现了一个绕过的方法:

http访问过快确实被屏蔽了,使用https访问,则再快都不会被拦截。


当前数据库用户:

current user:    '[email protected]'


数据库:

available databases [2]:
[*] dMaizuo_Manage
[*] information_schema


数据表:

Database: dMaizuo_Manage
[82 tables]
+-----------------------------+
| tAppActivity                |
| tAppActivity_prize          |
| tAppAdvertise               |
| tAppChannel                 |
| tAppManage                  |
| tAppPicture                 |
| tAppRedTip                  |
| tAppReview                  |
| tAppVersion                 |
| tCCBActive                  |
| tCCBActive_prize            |
| tCCBActive_user             |
| tCCBActive_userinfo         |
| tCCB_feedback               |
| tCard_CompanyPurchase       |
| tCard_newCardMoney          |
| tCard_newCardNo             |
| tCard_newCardPrivilege      |
| tCilentCode_active          |
| tCilentCode_cinema          |
| tCilentCode_user            |
| tConfigInfo                 |
| tCrazyConfirmCodeLog        |
| tCrazyPageForetell          |
| tCrazyPageMsg               |
| tCrazyUserBuy               |
| tCrazy_mobilecode           |
| tDingZuo_Login              |
| tDingZuo_active             |
| tDingZuo_activeCode         |
| tDingZuo_hotActive          |
| tDingZuo_mobilecode         |
| tDingZuo_newsEye            |
| tDingZuo_newsImage          |
| tDingZuo_orderMessage       |
| tDingZuo_special            |
| tDingZuo_specialActive      |
| tDingZuo_timeActive         |
| tDingZuo_tuan               |
| tDingZuo_tuan_cinema        |
| tDingZuo_userInvite         |
| tDingZuo_userapply          |
| tDingZuo_userbuy            |
| tDingZuo_usermessage        |
| tFeedBack_reply             |
| tFeedBack_theme             |
| tFiveActive_buyTicket       |
| tFiveActive_cityCount       |
| tFiveActive_movie           |
| tFiveActive_read            |
| tH5StaticPage               |
| tHB_Active                  |
| tHB_App                     |
| tHB_Content                 |
| tHB_Prize                   |
| tHB_User                    |
| tManage_page                |
| tMsnModel                   |
| tNetSale                    |
| tNewsPush                   |
| tOrderMail                  |
| tReserve                    |
| tReserve_template           |
| tSinglePush                 |
| tSmsTemplate                |
| tTaoBaoSeat                 |
| tThirdExchange_account      |
| tThirdNewOrder              |
| tThirdOrderStatus           |
| tThirdPartyReservation      |
| tThirdPartyReservation_2014 |
| tThirdParty_account         |
| tThirdParty_seat            |
| tThird_blogCardNo           |
| tWeChat_cashVoucher         |
| tWeChat_ticketCode          |
| tWechat_menu                |
| tWeekFilmEye                |
| tYouHui_limit               |
| tYouHui_rule                |
| tYouZheng_slide             |
| t_page_jump                 |
+-----------------------------+


数据库中应该有电影兑换码和个人信息,未再深入。

修复方案:

参数过滤,类型转换

版权声明:转载请注明来源 lijiejie@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-01-13 17:56

厂商回复:

已经在修复,稍后送出礼物,多谢

最新状态:

暂无