漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0123763
漏洞标题:Swoole技术某分站SQL注入一枚
相关厂商:Swoole技术论坛社区
漏洞作者: 路人甲
提交时间:2015-07-03 17:41
修复时间:2015-08-17 17:42
公开时间:2015-08-17 17:42
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-07-03: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-08-17: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
详细说明:
swoole论坛社区
http://group.swoole.com/search/ajax/search_result/search_type-all__q-Module%20'pcntl'%20already%20loaded__template-__page-2
漏洞证明:
数据库:WWW4SWOOLE
用户名:WWW4SWOOLE@LOCaLHOST
COLLaTIONS
COLLaTION_CHaRaCTER_SET_aPPLICaBILITY
COLUMNS
COLUMN_PRIVILEGES
ENGINES
EVENTS
FILES
GLOBaL_STaTUS
GLOBaL_VaRIaBLES
KEY_COLUMN_USaGE
OPTIMIZER_TRaCE
PaRaMETERS
PaRTITIONS
PLUGINS
PROCESSLIST
PROFILING
REFERENTIaL_CONSTRaINTS
ROUTINES
SCHEMaTa
SCHEMa_PRIVILEGES
SESSION_STaTUS
SESSION_VaRIaBLES
STaTISTICS
TaBLES
TaBLESPaCES
TaBLE_CONSTRaINTS
TaBLE_PRIVILEGES
TRIGGERS
USER_PRIVILEGES
VIEWS
INNODB_LOCKS
INNODB_TRX
INNODB_SYS_DaTaFILES
INNODB_LOCK_WaITS
INNODB_SYS_TaBLESTaTS
INNODB_CMP
INNODB_METRICS
INNODB_CMP_RESET
INNODB_CMP_PER_INDEX
INNODB_CMPMEM_RESET
INNODB_FT_DELETED
INNODB_BUFFER_PaGE_LRU
INNODB_SYS_FOREIGN
INNODB_SYS_COLUMNS
INNODB_SYS_INDEXES
INNODB_FT_DEFaULT_STOPWORD
INNODB_SYS_FIELDS
INNODB_CMP_PER_INDEX_RESET
INNODB_BUFFER_PaGE
INNODB_CMPMEM
INNODB_FT_INDEX_TaBLE
INNODB_FT_BEING_DELETED
INNODB_SYS_TaBLESPaCES
INNODB_FT_INDEX_CaCHE
INNODB_SYS_FOREIGN_COLS
INNODB_SYS_TaBLES
INNODB_BUFFER_POOL_STaTS
INNODB_FT_CONFIG
aSK_CaTEGORY
aSK_CONTENT
aSK_REPLY
aSK_SUBJECT
aSK_VOTE
ST_aDMIN
ST_aPPS
ST_aTTaCHMENT
ST_BRaNCH
ST_CaTELOG
ST_DOWNLOaD
ST_GUESTBOOK
ST_NEWS
ST_PaGE
ST_PRODUCT
ST_TaG
ST_VIDEO
USER_BLOG
USER_BLOGCaTE
USER_COMMENT
USER_FEED
USER_FRIEND
USER_LINK
USER_LOGIN
USER_MaIL
USER_MICROBLOG
USER_NOTE
USER_PICTURE
USER_SKILL
WIKI_CONTENT
WIKI_HISTORY
WIKI_PROJECT
WIKI_TREE
aSK_CaTEGORY
aSK_CONTENT
aSK_REPLY
aSK_SUBJECT
aSK_VOTE
aWS_aCTIVE_TBL
aWS_aNSWER
aWS_aNSWER_COMMENTS
aWS_aNSWER_THaNKS
AWS_aNSWER_VOTE
aWS_aPPROVaL
aWS_aTTaCH
aWS_CaTEGORY
aWS_DRaFT
aWS_EDM_TaSK
aWS_EDM_TaSKDaTa
aWS_EDM_USERDaTa
aWS_EDM_USERGROUP
aWS_EDUCaTION_EXPERIENCE
aWS_FaVORITE
aWS_FaVORITE_TaG
aWS_FEaTURE
aWS_FEaTURE_TOPIC
aWS_INTEGRaL_LOG
aWS_INVITaTION
aWS_JOBS
aWS_MaIL_QUEUE
aWS_NaV_MENU
aWS_NOTICE
aWS_NOTICE_DIaLOG
aWS_NOTICE_RECIPIENT
aWS_NOTIFICaTION
aWS_NOTIFICaTION_DaTa
aWS_QUESTION
aWS_QUESTION_COMMENTS
aWS_QUESTION_FOCUS
aWS_QUESTION_INVITE
aWS_QUESTION_THaNKS
aWS_QUESTION_UNINTERESTED
aWS_REDIRECT
aWS_RELaTED_TOPIC
aWS_REPORT
aWS_REPUTaTION_CaTEGORY
aWS_REPUTaTION_TOPIC
aWS_SCHOOL
aWS_SESSIONS
aWS_SYSTEM_SETTING
aWS_TOPIC
aWS_TOPIC_FOCUS
aWS_TOPIC_MERGE
aWS_TOPIC_QUESTION
aWS_USER_aCTION_HISTORY
aWS_USER_aCTION_HISTORY_DaTa
aWS_USER_aCTION_HISTORY_FRESH
aWS_USER_FOLLOW
aWS_USERS
aWS_USERS_aTTRIB
aWS_USERS_FORBIDDEN
aWS_USERS_GROUP
aWS_USERS_NOTIFICaTION_SETTING
aWS_USERS_ONLINE
aWS_USERS_QQ
aWS_USERS_SINa
aWS_USERS_UCENTER
aWS_VERIFY_aPPLY
aWS_WEIXIN_FaKE_ID
aWS_WEIXIN_MESSaGE
aWS_WEIXIN_PUBLISH_RULE
aWS_WEIXIN_REPLY_RULE
aWS_WEIXIN_VaLID
aWS_WORK_EXPERIENCE
ST_aDMIN
ST_aPPS
ST_aTTaCHMENT
ST_BRaNCH
ST_CaTELOG
修复方案:
修复注入
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝