当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0134999

漏洞标题:粉丝网某处sql注入,泄漏大量敏感数据

相关厂商:粉丝网

漏洞作者: sqlfeng

提交时间:2015-08-18 14:12

修复时间:2015-08-18 18:10

公开时间:2015-08-18 18:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-18: 细节已通知厂商并且等待厂商处理中
2015-08-18: 厂商已经确认,细节仅向厂商公开
2015-08-18: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

汪峰:告诉我你的梦想,飞得更高,告诉你来的意义,怒放的生命,告诉我你最爱的季节,春天里,告诉我你选择的导师,周杰伦!

详细说明:

http://about.ifensi.com/news_info.php?id=136040
没过滤参数

漏洞证明:

web application technology: PHP 5.2.10, Nginx
back-end DBMS: MySQL 5


available databases [31]:
[*] ad_db
[*] ajaxlogs
[*] answers
[*] bbs
[*] chinagrandrally
[*] chinagrandrally_en
[*] cmsdb
[*] drvip
[*] gallery2
[*] gossip
[*] groups
[*] hlmcmsdb
[*] hlmdb
[*] information_schema
[*] leaveword
[*] lifetype
[*] longdb
[*] mysql
[*] openads
[*] openadsdb
[*] openid
[*] page
[*] phpads
[*] piclib
[*] resource
[*] sendemail
[*] special
[*] test
[*] vote
[*] xf_user
[*] zhenzai


Database: cmsdb
[122 tables]
+--------------------------+
| activity_comment |
| aoyuntp |
| application |
| article |
| article_view |
| article_view_count |
| article_view_db |
| article_view_logs |
| articles_rollback |
| attention |
| bjse_bugreport |
| cache |
| catalog |
| channel_info |
| collection |
| common_part |
| constellations |
| consult_calendar_article |
| consult_calendar_catelog |
| consult_nominate_url |
| dict_C2E |
| dict_E2C |
| digg |
| dingyue_cy |
| dingyue_fad |
| duty |
| expression |
| fcdp |
| flash_game_favrites |
| flash_game_info |
| flash_game_summary |
| focus_images |
| focus_img_catalog |
| foodbase |
| foodcata |
| ftv_playstatus |
| ftv_relate_group |
| ftv_star |
| game_playstatus |
| game_point_list |
| game_point_list_new |
| hlm_vote |
| hot_tags |
| huantoupic |
| jifenqqgame |
| job |
| jobext |
| jobinfor |
| life_show_catalog |
| life_show_channel |
| life_show_content |
| life_show_question |
| life_show_rating |
| life_show_view |
| log_hits |
| media_source |
| music_cddafen |
| music_review |
| music_vote |
| newarticle |
| newarticle_ext |
| newarticle_extends |
| newcatalog |
| newmusic_dynamic |
| oper_user |
| oper_user_bak |
| park_companyinfo |
| park_guestmessage |
| photo |
| picarticle_cata |
| picarticle_ext |
| pro_engpeople |
| productinfo |
| qq3guo |
| resscore |
| review |
| rss_catalog |
| rss_content |
| rss_source |
| scroll_text |
| siteurl |
| song |
| special_vote_options |
| sportsbase |
| sportscata |
| starrecommend |
| tags_data |
| tags_keyword |
| tags_keyword_check |
| tb_email_address |
| temp_index_count |
| template |
| template_common |
| templates_rollback |
| tv_comment |
| tv_digg |
| upstarname |
| upstartpl |
| user_purview |
| user_purview_users |
| view |
| view_log |
| vote |
| vote_exceptive |
| vote_logs |
| vote_options |
| vote_text |
| voteitem |
| voteresult |
| votes |
| votetext |
| votetitle |
| worldcup_baby_info |
| worldcup_game |
| worldcup_point |
| worldcup_teaminfo |
| xmllist |
| zhuaqu |
| zt_music |
| zt_record |
| zt_vote |
| zt_votelog |
+--------------------------+


我就不深入看了~
泄漏的东西挺多的,好多分站的库,

修复方案:

听说新厂商很不错!
~~~~~~~

版权声明:转载请注明来源 sqlfeng@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-08-18 17:00

厂商回复:

感谢提供漏洞,属于老版本业务,将停用服务

最新状态:

2015-08-18:已停用域名解析和相关web服务