漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-082305
漏洞标题:浙江汽车网高危SQL注入漏洞可导致全库泄露
相关厂商:浙江汽车网
漏洞作者: 路人甲
提交时间:2014-11-07 12:14
修复时间:2014-12-22 12:16
公开时间:2014-12-22 12:16
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-11-07: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-12-22: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
浙江汽车网高危SQL注入漏洞 #全库泄露
详细说明:
浙江汽车网高危SQL注入漏洞 #全库泄露
漏洞证明:
注射地址:
Database: zjcw
[189 tables]
+---------------------+
| cms_aalbum_zt |
| cms_aalbums |
| cms_aalbums_shipin |
| cms_abrels |
| cms_acommus |
| cms_afields |
| cms_aguides |
| cms_amconfigs |
| cms_archives |
| cms_archives11 |
| cms_archives12 |
| cms_archives13 |
| cms_archives14 |
| cms_archives15 |
| cms_archives16 |
| cms_archives17 |
| cms_archives18 |
| cms_archives19 |
| cms_archives20 |
| cms_archives21 |
| cms_archives_1 |
| cms_archives_17 |
| cms_archives_18 |
| cms_archives_19 |
| cms_archives_2 |
| cms_archives_20 |
| cms_archives_21 |
| cms_archives_3 |
| cms_archives_41 |
| cms_archives_42 |
| cms_archives_43 |
| cms_archives_44 |
| cms_archives_45 |
| cms_archives_46 |
| cms_archives_47 |
| cms_archives_48 |
| cms_archives_49 |
| cms_archives_50 |
| cms_archives_51 |
| cms_archives_52 |
| cms_archives_81 |
| cms_archives_82 |
| cms_archives_83 |
| cms_archives_84 |
| cms_archives_85 |
| cms_archives_86 |
| cms_archives_87 |
| cms_archives_9 |
| cms_archives_sub |
| cms_asession |
| cms_aurls |
| cms_badwords |
| cms_bannedips |
| cms_btagnames |
| cms_catalogs |
| cms_channels |
| cms_cnconfigs |
| cms_cnodes |
| cms_cnrels |
| cms_cntpls |
| cms_coclass |
| cms_commu_answers |
| cms_commu_bmly |
| cms_commu_bookoffer |
| cms_commu_dayi |
| cms_commu_dsc |
| cms_commu_expert |
| cms_commu_grdp |
| cms_commu_jbask |
| cms_commu_jbinfo |
| cms_commu_jc |
| cms_commu_jxdp |
| cms_commu_jxtg |
| cms_commu_jxzxdp |
| cms_commu_news |
| cms_commu_offer |
| cms_commu_pinpai |
| cms_commu_pldp |
| cms_commu_sjia |
| cms_commu_sjiaoffer |
| cms_commu_tgbm |
| cms_commu_videodp |
| cms_commu_webtw |
| cms_commu_xunjia |
| cms_commu_yangche |
| cms_commu_yinxiang |
| cms_commu_yixiang |
| cms_commu_youhao |
| cms_commu_yyfw |
| cms_commu_yyzx |
| cms_commu_zcyuyue |
| cms_commu_zfdj |
| cms_commu_zldp |
| cms_commu_zvote |
| cms_commu_zxpj |
| cms_cotypes |
| cms_cron |
| cms_crprices |
| cms_crprojects |
| cms_currency0 |
| cms_currency1 |
| cms_currencys |
| cms_dbdebugs |
| cms_dbfields |
| cms_dbsources |
| cms_domains |
| cms_faces |
| cms_facetypes |
| cms_farchives |
| cms_farchives_1 |
| cms_farchives_2 |
| cms_farchives_3 |
| cms_farchives_31 |
| cms_farchives_32 |
| cms_farchives_33 |
| cms_farchives_34 |
| cms_farchives_35 |
| cms_farchives_36 |
| cms_farchives_37 |
| cms_farchives_4 |
| cms_farchives_5 |
| cms_farchives_6 |
| cms_farchives_7 |
| cms_farchives_8 |
| cms_fcatalogs |
| cms_fchannels |
| cms_fragments |
| cms_frcatalogs |
| cms_freeinfos |
| cms_gmissions |
| cms_gmodels |
| cms_grouptypes |
| cms_gurls |
| cms_keywords |
| cms_localfiles |
| cms_mcatalogs |
| cms_mcerts |
| cms_mchannels |
| cms_mcnodes |
| cms_mconfigs |
| cms_mctypes |
| cms_members |
| cms_members_1 |
| cms_members_11 |
| cms_members_12 |
| cms_members_13 |
| cms_members_14 |
| cms_members_2 |
| cms_members_3 |
| cms_members_sub |
| cms_menus |
| cms_mmenus |
| cms_mmtypes |
| cms_msession |
| cms_mtconfigs |
| cms_mtrans |
| cms_mtypes |
| cms_onlinetime |
| cms_pagecaches |
| cms_pays |
| cms_permissions |
| cms_players |
| cms_pms |
| cms_process |
| cms_rprojects |
| cms_sitemaps |
| cms_splangs |
| cms_splitbls |
| cms_spreads |
| cms_sptpls |
| cms_static_mission |
| cms_static_process |
| cms_subscribes |
| cms_uclasses |
| cms_union_logs |
| cms_up_ids |
| cms_uprojects |
| cms_userfiles |
| cms_usergroups |
| cms_usualurls |
| cms_utrans |
| cms_variables |
| cms_vcatalogs |
| cms_visitors |
| cms_voptions |
| cms_votes |
| cms_watermarks |
| cms_webcall |
| cms_wordlinks |
+---------------------+
修复方案:
过滤
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:2 (WooYun评价)