B2Bbuilder官网SQL注入漏洞（可拖库） | wooyun-2013-031909| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-031909

漏洞标题：B2Bbuilder官网SQL注入漏洞（可拖库）

漏洞作者： xfkxfk

提交时间：2013-07-23 10:30

修复时间：2013-09-06 10:31

公开时间：2013-09-06 10:31

漏洞类型：SQL注射漏洞

危害等级：中

自评Rank：15

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2013-07-23：积极联系厂商并且等待厂商认领中，细节不对外公开
2013-09-06：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

B2Bbuilder官网SQL注入漏洞（可拖库）
还有报路径啊

详细说明：

存在注入的url：

http://www.b2b-builder.com/announcement.php?id=30

报绝对路径漏洞：

官网主站的数据库：

数据库demomallcn的数据表：

Database: demomallcn
[97 tables]
+-----------------------------------+
| b2bbuilder_activity               |
| b2bbuilder_activity_product_list  |
| b2bbuilder_admin                  |
| b2bbuilder_admin_group            |
| b2bbuilder_admin_operation_log    |
| b2bbuilder_advs                   |
| b2bbuilder_advs_con               |
| b2bbuilder_album                  |
| b2bbuilder_announcement           |
| b2bbuilder_auditing               |
| b2bbuilder_brand                  |
| b2bbuilder_brand_cat              |
| b2bbuilder_comment                |
| b2bbuilder_contags                |
| b2bbuilder_cron                   |
| b2bbuilder_custom_cat             |
| b2bbuilder_custom_service         |
| b2bbuilder_defind_1               |
| b2bbuilder_defind_2               |
| b2bbuilder_defind_3               |
| b2bbuilder_defind_4               |
| b2bbuilder_delivery_address       |
| b2bbuilder_district               |
| b2bbuilder_fast_mail              |
| b2bbuilder_feed                   |
| b2bbuilder_filter_keyword         |
| b2bbuilder_logistics_temp         |
| b2bbuilder_logistics_temp_con     |
| b2bbuilder_mail_mod               |
| b2bbuilder_mail_record            |
| b2bbuilder_member                 |
| b2bbuilder_message                |
| b2bbuilder_nav_menu               |
| b2bbuilder_news                   |
| b2bbuilder_news_data              |
| b2bbuilder_newscat                |
| b2bbuilder_page_rec               |
| b2bbuilder_page_view              |
| b2bbuilder_payment_banks          |
| b2bbuilder_payment_card           |
| b2bbuilder_payment_cashflow       |
| b2bbuilder_payment_cashpickup     |
| b2bbuilder_payment_type           |
| b2bbuilder_payment_user           |
| b2bbuilder_points                 |
| b2bbuilder_product_cart           |
| b2bbuilder_product_cat            |
| b2bbuilder_product_comment        |
| b2bbuilder_product_delivery       |
| b2bbuilder_product_detail         |
| b2bbuilder_product_invoice        |
| b2bbuilder_product_order          |
| b2bbuilder_product_order_pro      |
| b2bbuilder_product_report         |
| b2bbuilder_product_report_subject |
| b2bbuilder_product_setmeal        |
| b2bbuilder_products               |
| b2bbuilder_property               |
| b2bbuilder_property_value         |
| b2bbuilder_reg_vercode            |
| b2bbuilder_reserve_username       |
| b2bbuilder_return                 |
| b2bbuilder_return_goods           |
| b2bbuilder_search_word            |
| b2bbuilder_shipping_address       |
| b2bbuilder_shop                   |
| b2bbuilder_shop_cat               |
| b2bbuilder_shop_domin             |
| b2bbuilder_shop_earnest           |
| b2bbuilder_shop_grade             |
| b2bbuilder_shop_link              |
| b2bbuilder_shop_navigation        |
| b2bbuilder_shop_setting           |
| b2bbuilder_shop_template          |
| b2bbuilder_site_spread            |
| b2bbuilder_sns                    |
| b2bbuilder_sns_friend             |
| b2bbuilder_sns_shareproduct       |
| b2bbuilder_sns_shareproduct_info  |
| b2bbuilder_sns_shareshop          |
| b2bbuilder_stop_ip                |
| b2bbuilder_sub_domain             |
| b2bbuilder_subscribe              |
| b2bbuilder_tags                   |
| b2bbuilder_talk                   |
| b2bbuilder_tg                     |
| b2bbuilder_tg_cat                 |
| b2bbuilder_tg_order               |
| b2bbuilder_user_comment           |
| b2bbuilder_user_connected         |
| b2bbuilder_user_group             |
| b2bbuilder_user_read_rec          |
| b2bbuilder_vote                   |
| b2bbuilder_web_con                |
| b2bbuilder_web_con_group          |
| b2bbuilder_web_config             |
| b2bbuilder_web_link               |
+-----------------------------------+

数据表b2bbuilder_admin 的部分内容：

漏洞证明：

见详细说明

修复方案：

过滤

版权声明：转载请注明来源 xfkxfk@乌云

漏洞回应

厂商回应：

未能联系到厂商或者厂商积极拒绝

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-031909

漏洞标题：B2Bbuilder官网SQL注入漏洞（可拖库）

相关厂商：B2Bbuilder

漏洞作者： xfkxfk

提交时间：2013-07-23 10:30

修复时间：2013-09-06 10:31

公开时间：2013-09-06 10:31

漏洞类型：SQL注射漏洞

危害等级：中

自评Rank：15

漏洞状态：未联系到厂商或者厂商积极忽略

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2013-031909"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 xfkxfk@乌云

漏洞回应

厂商回应：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：