当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-034783

漏洞标题:山东省青少年发展基金会sql注射已进后台(捐款信息随便看)

相关厂商:山东省青少年发展基金会

漏洞作者: 雅柏菲卡

提交时间:2013-08-20 09:06

修复时间:2013-10-04 09:07

公开时间:2013-10-04 09:07

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-08-20: 细节已通知厂商并且等待厂商处理中
2013-08-24: 厂商已经确认,细节仅向厂商公开
2013-09-03: 细节向核心白帽子及相关领域专家公开
2013-09-13: 细节向普通白帽子公开
2013-09-23: 细节向实习白帽子公开
2013-10-04: 细节向公众公开

简要描述:

....

详细说明:

...

漏洞证明:

Target: 		http://hope.sdydf.gov.cn/class.php?class=1
Host IP: 119.188.8.88
Web Server: Apache/2.2.8 (Win32) PHP/5.2.6
Powered-by: PHP/5.2.6
DB Server: MySQL
Resp. Time(avg): 1587 ms
Current User: root@localhost
Current DB: studentfund
Sql Version: 5.0.51b-community-nt-log
System User: root@localhost
Compile OS: Win32
Installation dir: C:\AppServ\MySQL
Host Name: jn-test
DB User & Pass: root:*A4B84F8B97A6448BFF3EA73212B2C5479C408057:localhost
root::production.mysql.com
root::127.0.0.1
::localhost
::production.mysql.com
Data Bases: information_schema
EA
a0317015124
bbs1
changyicunguan
club80
cooccc
coocccbbs
dajiayuan
danganwang
deqin
dianguanchu
disilin
dizhigongyuan
drupal
ecshop2
fc
fxc
gaosanshi
haopiqidy
hengyishijue
hengyishijue2
huadecheng
huijia
hunsha
jiafawang
jinanxinle
jngykj
kuayueyingshi
kuntechuanmei
likangmusu
meigui
mysql
phpmyadmin
ppvod
qlfc
quanfuxiang
richhonest
richhonest2011
richhonest2_russ
richhonesten
ruice
schoolfund
sdhwry
sdqlfc
shanshida
studentfund
supsite
test
test2012
tianebaohuayi
tianebaohuayimart
ucenter
wanguolipin
wennuodianzi
wolagua
wsrsyzx
yangyawang
yinshituina
youaiwang
youaiwang2
yunbian
zhangqiutuanwei
zhenjiang
C:\boot.ini 信息为
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003 Standard x64 Edition" /fastdetect /NoExecute=OptOut
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows Server 2003 Standard x86 Edition" /fastdetect

0.232.jpg

232.jpg

修复方案:

...................

版权声明:转载请注明来源 雅柏菲卡@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2013-08-24 22:35

厂商回复:

最新状态:

暂无