漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-082174
漏洞标题:蒙牛集团高危SQL注射
相关厂商:mengniu.com.cn
漏洞作者: 黑暗游侠
提交时间:2014-11-06 10:36
修复时间:2014-12-21 10:40
公开时间:2014-12-21 10:40
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-11-06: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-12-21: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
蒙牛集团高危SQL注射
详细说明:
蒙牛集团高危SQL注射
漏洞证明:
Database: newyear2013
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| `2012mengniu_gohome_hotline` | 293214 |
| `2012mengniu_gohome` | 89008 |
| `2012mengniu_nogohome_letter` | 57566 |
| `2012mengniu_jiaozi` | 19521 |
| `2014sdn_question` | 10701 |
| `2012mengniu_gohome_keyword` | 8092 |
| `2014sdn_answer` | 2254 |
| `2012mengniu_gohome_showhappy` | 1492 |
| `2012mengniu_city` | 572 |
| `2012mengniu_regdinner` | 54 |
| `2012mengniu_gohome_gettoprovince` | 34 |
| `2012mengniu_gohome_leavecity` | 34 |
| `2012mengniu_nogohome_gettocity` | 34 |
| `2012mengniu_peoplenum` | 5 |
| admin_user | 1 |
+---------------------------------------+---------+
Database: test
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| harvard_district | 3511 |
| harvard_area | 3131 |
| harvard_users | 651 |
| harvard_city | 345 |
| harvard_coin_history | 64 |
| harvard_province | 34 |
| harvard_winner | 23 |
| harvard_game_history | 19 |
| harvard_baby_audio | 13 |
| harvard_support_history | 12 |
| harvard_talk_history | 9 |
| harvard_baby_pic | 8 |
| harvard_baby_txt | 8 |
| harvard_baby_video | 7 |
| harvard_game | 4 |
| harvard_exchange_history | 3 |
| harvard_weeks | 3 |
| harvard_ex_history | 2 |
| harvard_access_token | 1 |
| harvard_share_history | 1 |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| COLUMNS | 432 |
| COLLATION_CHARACTER_SET_APPLICABILITY | 126 |
| COLLATIONS | 126 |
| STATISTICS | 64 |
| TABLES | 52 |
| CHARACTER_SETS | 36 |
| KEY_COLUMN_USAGE | 36 |
| TABLE_CONSTRAINTS | 36 |
| SCHEMA_PRIVILEGES | 16 |
| SCHEMATA | 3 |
| USER_PRIVILEGES | 1 |
+---------------------------------------+---------+
修复方案:
过滤
版权声明:转载请注明来源 黑暗游侠@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:4 (WooYun评价)