当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0148028

漏洞标题:Midifan主站SQL注入漏洞11万用户数据泄露

相关厂商:midifan.com

漏洞作者: Yenkn

提交时间:2015-10-20 14:58

修复时间:2015-10-26 14:54

公开时间:2015-10-26 14:54

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-20: 细节已通知厂商并且等待厂商处理中
2015-10-20: 厂商已经确认,细节仅向厂商公开
2015-10-26: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

Midifan主站SQL注入漏洞

详细说明:

整个站点存在很严重的注入漏洞,没有任何过滤,直接可以脱数据,但是因为不是root权限,所以没有进行下一步渗透。

QQ截图20151020133540.png


QQ截图20151020133404.png


可以直接爆目录

QQ截图20151020133721.png

漏洞证明:

+-----------------------------------+
| admin_allow |
| admin_login |
| admin_session |
| bbs_attachment |
| bbs_forum |
| bbs_medal |
| bbs_moderator |
| bbs_operationlog |
| bbs_poll |
| bbs_poll_option |
| bbs_poll_user |
| bbs_post |
| bbs_post_field |
| bbs_post_reply |
| bbs_rate |
| bbs_report |
| bbs_rule |
| bbs_thread |
| bbs_thread_digest |
| bbs_thread_displayorder |
| bbs_threadaudit |
| bbs_threadindex |
| bbs_threadtype |
| c_list |
| download_att |
| download_mgz |
| gkp_Module_Comment |
| gkp_Module_Hardwares |
| gkp_Module_News |
| gkp_Module_Secondhands |
| gkp_Module_Softwares |
| gkp_Module_TechArticles |
| gkp_etao |
| gkp_etao_shop |
| k_list |
| magazine |
| midifan_ios |
| module_ad |
| module_articleproduct |
| module_author |
| module_categories |
| module_comment |
| module_hardwarepictures |
| module_hardwares |
| module_hardwaretypes |
| module_index_hot |
| module_multilevelcategories |
| module_multilevelcategories_types |
| module_news |
| module_newsproduct |
| module_newstype |
| module_producttype |
| module_question |
| module_questionanswer |
| module_questioncategory |
| module_questionuser |
| module_resourcerelates |
| module_resources |
| module_secondhands |
| module_softwarepictures |
| module_softwares |
| module_softwarestype |
| module_special |
| module_studio |
| module_techarticles |
| my_album |
| my_blog |
| my_blogcategory |
| my_blogreply |
| my_domain |
| my_favorite |
| my_feed |
| my_feed_own |
| my_feed_uid |
| my_friend |
| my_friendrequest |
| my_guestbook |
| my_hello |
| my_imagereply |
| my_mood |
| my_pm |
| my_userfavor |
| my_visitor |
| p_list |
| pk_ding_history |
| saturday_meeting |
| www_address |
| www_announcement |
| www_friendlink |
| www_group |
| www_guestbook |
| www_guestbook_reply |
| www_html |
| www_image |
| www_keyword |
| www_news |
| www_newsclass |
| www_newsimage |
| www_online |
| www_session |
| www_setting |
| www_stats |
| www_stats_mod_history |
| www_user |
| www_user_627 |
| www_user_event |
| www_userfield |
| www_userfield2 |
| www_userfield_627 |
| www_usermedal |
| www_userpriv |
+-----------------------------------+
uid,city,bday,regip,email,bday_y,bday_d,gender,bday_m,country,privacy,province,username,homecity,password,realname,attachsum,userfield2,homecountry,homeprovince
1,0,0,0,<blank>,0,0,0,0,0,0,0,admin,0,5f8be9a2a8462f9d0c67fbc192d09aa7,<blank>,0,1,0,0
112380,0,0,0,hongfu.rao@gmail.com,0,0,0,0,0,0,0,rhf,0,6b86cd032e0f9c53906d0bfff04746d4,zzh,0,0,0,0
112381,0,0,0,@126.com,0,0,0,0,0,0,0,ppppp,0,a7c471cfd3c42dc6d6a8552ac2c0a22c,ppppp,0,0,0,0
112382,0,0,0,@163.com,0,0,0,0,0,0,0,bloom,0,9ab83df76233f157a4ee623ca704355c,bloom,0,0,0,0
112383,0,0,0,@cyttao0617.sina,0,0,0,0,0,0,0,,0,b694a0631f857d404e0d3a7eae74594b,,0,0,0,0
112384,0,0,0,@hotmail.com,0,0,0,0,0,0,0,fly_dream,0,c32d98d9a21c636ddddfedcb12e2d754,fly_dream,0,0,0,0
112385,0,0,0,@www.dk,0,0,0,0,0,0,0,dk,0,6b988428eec2ae2aff776956bfa703b1,dk,0,0,0,0
112386,0,0,0,_dong@163.com,0,0,0,0,0,0,0,_dong,0,f37787215852726d2f0ede9b5c6bb0f7,_dong,0,0,0,0
112387,0,0,0,_panfeng_@163.com,0,0,0,0,0,0,0,midipf,0,2989a70b9268247cb5dec2586907095f,midipf,0,0,0,0
112388,0,0,0,0,0,0,0,0,0,0,0,LIUYING,0,e10adc3949ba59abbe56e057f20f883e,liuying,0,0,0,0

修复方案:

过滤

版权声明:转载请注明来源 Yenkn@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-10-20 22:43

厂商回复:

感谢发现漏洞,正在积极修复

最新状态:

2015-10-26:已经修复